mbedtls/docs/3.0-migration-guide.d/mandatory-rng-param.md
Manuel Pégourié-Gonnard 8707259318 Improve ChangeLog and migration guide entries
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:41:00 +02:00

1.8 KiB

The RNG parameter is now mandatory for all functions that accept one

This change affects all users who called a function accepting a f_rng parameter with NULL as the value of this argument; this is no longer supported.

The changed functions are: the X.509 CRT and CSR writing functions; the PK and RSA sign and decrypt functions; mbedtls_rsa_private(); the functions in DHM and ECDH that compute the shared secret; the scalar multiplication functions in ECP.

You now need to pass a properly seeded, cryptographically secure RNG to all functions that accept a f_rng parameter. It is of course still possible to pass NULL as the context pointer p_rng if your RNG function doesn't need a context.

Alternative implementations of a module (enabled with the MBEDTLS_module_ALT configuration options) may have their own internal and are free to ignore the f_rng argument but must allow users to pass one anyway.

Some functions gained an RNG parameter

This affects users of the following functions: mbedtls_ecp_check_pub_priv(), mbedtls_pk_check_pair(), mbedtls_pk_parse_key(), and mbedtls_pk_parse_keyfile().

You now need to pass a properly seeded, cryptographically secure RNG when calling these functions. It is used for blinding, a counter-measure against side-channel attacks.

The configuration option MBEDTLS_ECP_NO_INTERNAL_RNG was removed

This doesn't affect users of the default configuration; it only affects people who were explicitly setting this option.

This was a trade-off between code size and counter-measures; it is no longer relevant as the counter-measure is now always on at no cost in code size.