diff --git a/ChangeLog.d/ecp-internal-rng.txt b/ChangeLog.d/ecp-internal-rng.txt index c0419acad..f6b3c0f7f 100644 --- a/ChangeLog.d/ecp-internal-rng.txt +++ b/ChangeLog.d/ecp-internal-rng.txt @@ -1,6 +1,7 @@ Changes * The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on - `MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel + `MBEDTLS_CTR_DRBG_C`, `MBEDTLS_HMAC_DRBG_C`, `MBEDTLS_SHA512_C`, + `MBEDTLS_SHA256_C` or `MBEDTLS_SHA1_C` for some side-channel coutermeasures. If side channels are not a concern, this dependency can be avoided by enabling the new option `MBEDTLS_ECP_NO_INTERNAL_RNG`. diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 9442eb44b..90c90f931 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -788,11 +788,12 @@ * against some side-channel attacks. * * This protection introduces a dependency of the ECP module on one of the - * DRBG modules. For very constrained implementations that don't require this - * protection (for example, because you're only doing signature verification, - * so not manipulating any secret, or because local/physical side-channel - * attacks are outside your threat model), it might be desirable to get rid of - * that dependency. + * DRBG or SHA modules (HMAC-DRBG, CTR-DRBG, SHA-512, SHA-256 or SHA-1). + * For very constrained applications that don't require this protection + * (for example, because you're only doing signature verification, so not + * manipulating any secret, or because local/physical side-channel attacks are + * outside your threat model), it might be desirable to get rid of that + * dependency. * * \warning Enabling this option makes some uses of ECP vulnerable to some * side-channel attacks. Only enable it if you know that's not a problem for