Update dependencies documentation

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

ChangeLog.d/ecp-internal-rng.txt

@@ -1,6 +1,7 @@
 Changes
    * The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on
-     `MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel
+     `MBEDTLS_CTR_DRBG_C`, `MBEDTLS_HMAC_DRBG_C`, `MBEDTLS_SHA512_C`,
+     `MBEDTLS_SHA256_C` or `MBEDTLS_SHA1_C` for some side-channel
      coutermeasures. If side channels are not a concern, this dependency can
      be avoided by enabling the new option `MBEDTLS_ECP_NO_INTERNAL_RNG`.
 

include/mbedtls/config.h

@@ -788,11 +788,12 @@
  * against some side-channel attacks.
  *
  * This protection introduces a dependency of the ECP module on one of the
- * DRBG modules. For very constrained implementations that don't require this
- * protection (for example, because you're only doing signature verification,
- * so not manipulating any secret, or because local/physical side-channel
- * attacks are outside your threat model), it might be desirable to get rid of
- * that dependency.
+ * DRBG or SHA modules (HMAC-DRBG, CTR-DRBG, SHA-512, SHA-256 or SHA-1).
+ * For very constrained applications that don't require this protection
+ * (for example, because you're only doing signature verification, so not
+ * manipulating any secret, or because local/physical side-channel attacks are
+ * outside your threat model), it might be desirable to get rid of that
+ * dependency.
  *
  * \warning Enabling this option makes some uses of ECP vulnerable to some
  * side-channel attacks. Only enable it if you know that's not a problem for