diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md index 8b3275c09c..06f389df76 100644 --- a/docs/3.0-migration-guide.md +++ b/docs/3.0-migration-guide.md @@ -137,36 +137,6 @@ of the 2.x releases — no longer included in 3.0) might help you do that. Please also refer to the section [High-level crypto](#high-level-crypto) for changes that could sit in either category. -### The RNG parameter is now mandatory for all functions that accept one - -This change affects all users who called a function accepting a `f_rng` -parameter with `NULL` as the value of this argument; this is no longer -supported. - -The changed functions are: the X.509 CRT and CSR writing functions; the PK and -RSA sign and decrypt functions; `mbedtls_rsa_private()`; the functions in DHM -and ECDH that compute the shared secret; the scalar multiplication functions in -ECP. - -You now need to pass a properly seeded, cryptographically secure RNG to all -functions that accept a `f_rng` parameter. It is of course still possible to -pass `NULL` as the context pointer `p_rng` if your RNG function doesn't need a -context. - -Alternative implementations of a module (enabled with the `MBEDTLS_module_ALT` -configuration options) may have their own internal and are free to ignore the -`f_rng` argument but must allow users to pass one anyway. - -### Some functions gained an RNG parameter - -This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`, -`mbedtls_pk_check_pair()`, `mbedtls_pk_parse_key()`, and -`mbedtls_pk_parse_keyfile()`. - -You now need to pass a properly seeded, cryptographically secure RNG when -calling these functions. It is used for blinding, a countermeasure against -side-channel attacks. - ### Deprecated functions were removed from bignum The function `mbedtls_mpi_is_prime()` was removed. Please use @@ -476,6 +446,36 @@ This normally doesn't affect your code, unless you use pointers to reference those functions. In this case, you'll need to update the type of your pointers in order to match the new signature. +### The RNG parameter is now mandatory for all functions that accept one + +This change affects all users who called a function accepting a `f_rng` +parameter with `NULL` as the value of this argument; this is no longer +supported. + +The changed functions are: the X.509 CRT and CSR writing functions; the PK and +RSA sign and decrypt functions; `mbedtls_rsa_private()`; the functions in DHM +and ECDH that compute the shared secret; the scalar multiplication functions in +ECP. + +You now need to pass a properly seeded, cryptographically secure RNG to all +functions that accept a `f_rng` parameter. It is of course still possible to +pass `NULL` as the context pointer `p_rng` if your RNG function doesn't need a +context. + +Alternative implementations of a module (enabled with the `MBEDTLS_module_ALT` +configuration options) may have their own internal and are free to ignore the +`f_rng` argument but must allow users to pass one anyway. + +### Some functions gained an RNG parameter + +This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`, +`mbedtls_pk_check_pair()`, `mbedtls_pk_parse_key()`, and +`mbedtls_pk_parse_keyfile()`. + +You now need to pass a properly seeded, cryptographically secure RNG when +calling these functions. It is used for blinding, a countermeasure against +side-channel attacks. + ## PSA