cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Improve ChangeLog and migration guide entries

Browse Source 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2021-06-16 11:02:38 +02:00
parent 1503a9adab
commit 8707259318
2 changed files with 16 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ChangeLog.d/mandatory-rng-param.txt
View File

@ -1,12 +1,14 @@
API changes API changes
* For all functions that take an RNG parameter, this parameter is now * For all functions that take a random number generator (RNG) as a
mandatory (that is, NULL is not an acceptable value). Functions which parameter, this parameter is now mandatory (that is, NULL is not an
previously accepted NULL and now reject it are: the X.509 CRT and CSR acceptable value). Functions which previously accepted NULL and now
writing functions; the PK sign and decrypt function; the RSA encrypt, reject it are: the X.509 CRT and CSR writing functions; the PK and RSA
decrypt, sign and private functions; the function in DHM and ECDH that sign and decrypt function; mbedtls_rsa_private(); the functions
compute the share secret; the scalar multiplication functions in ECP. in DHM and ECDH that compute the shared secret; the scalar multiplication
functions in ECP.
* The following functions now require an RNG parameter: * The following functions now require an RNG parameter:
mbedtls_ecp_check_pub_priv(), mbedtls_pk_check_pair(), mbedtls_ecp_check_pub_priv(), mbedtls_pk_check_pair(),
mbedtls_pk_parse_key(), mbedtls_pk_parse_keyfile(). mbedtls_pk_parse_key(), mbedtls_pk_parse_keyfile().
Removals
* The configuration option MBEDTLS_ECP_NO_INTERNAL_RNG has been removed as * The configuration option MBEDTLS_ECP_NO_INTERNAL_RNG has been removed as
it no longer had any effect. it no longer had any effect.

12
docs/3.0-migration-guide.d/mandatory-rng-param.md
View File

@ -5,16 +5,20 @@ This change affects all users who called a function accepting a `f_rng`
parameter with `NULL` as the value of this argument; this is no longer parameter with `NULL` as the value of this argument; this is no longer
supported. supported.
The changed functions are: the X.509 CRT and CSR writing functions; the PK The changed functions are: the X.509 CRT and CSR writing functions; the PK and
sign and decrypt function; the RSA encrypt, decrypt, sign and private RSA sign and decrypt functions; `mbedtls_rsa_private()`; the functions in DHM
functions; the functions in DHM and ECDH that compute the share secret; the and ECDH that compute the shared secret; the scalar multiplication functions in
scalar multiplication functions in ECP. ECP.
You now need to pass a properly seeded, cryptographically secure RNG to all You now need to pass a properly seeded, cryptographically secure RNG to all
functions that accept a `f_rng` parameter. It is of course still possible to functions that accept a `f_rng` parameter. It is of course still possible to
pass `NULL` as the context pointer `p_rng` if your RNG function doesn't need a pass `NULL` as the context pointer `p_rng` if your RNG function doesn't need a
context. context.
Alternative implementations of a module (enabled with the `MBEDTLS_module_ALT`
configuration options) may have their own internal and are free to ignore the
`f_rng` argument but must allow users to pass one anyway.
Some functions gained an RNG parameter Some functions gained an RNG parameter
-------------------------------------- --------------------------------------