mbedtls/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md
Thomas Daubney 6f966112c7 Corrections to ChangeLog and Migration guide
Corrections to address wording of ChangeLog
and Migration guide.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-25 15:00:19 +01:00

1.3 KiB

Remove the mode parameter from RSA functions

This affects all users who use the RSA encryption, decryption, sign and verify APIs.

The RSA module no longer supports private-key operations with the public key or vice versa. As a consequence, RSA operation functions no longer have a mode parameter. If you were calling RSA operations with the normal mode (public key for verification or encryption, private key for signature or decryption), remove the MBEDTLS_MODE_PUBLIC or MBEDTLS_MODE_PRIVATE argument. If you were calling RSA operations with the wrong mode, which rarely makes sense from a security perspective, this is no longer supported.

Remove the RNG parameter from RSA verify functions

RSA verification functions also no longer take random generator arguments (this was only needed when using a private key). This affects all applications using the RSA verify functions.

RNG is now mandatory in all RSA private key operations

The random generator is now mandatory for blinding in all RSA private-key operations (mbedtls_rsa_private, mbedtls_rsa_xxx_sign, mbedtls_rsa_xxx_decrypt) as well as for encryption (mbedtls_rsa_xxx_encrypt). This means that passing a null f_rng is no longer supported.