This change affects all users who called a function accepting a
f_rng parameter with
NULL as the value of this argument; this is no longer supported.
The changed functions are: the X.509 CRT and CSR writing functions; the PK and RSA sign and decrypt functions;
mbedtls_rsa_private(); the functions in DHM and ECDH that compute the shared secret; the scalar multiplication functions in ECP.
You now need to pass a properly seeded, cryptographically secure RNG to all functions that accept a
f_rng parameter. It is of course still possible to pass
NULL as the context pointer
p_rng if your RNG function doesn't need a context.
Alternative implementations of a module (enabled with the
MBEDTLS_module_ALT configuration options) may have their own internal and are free to ignore the
f_rng argument but must allow users to pass one anyway.
This affects users of the following functions:
You now need to pass a properly seeded, cryptographically secure RNG when calling these functions. It is used for blinding, a counter-measure against side-channel attacks.
This doesn't affect users of the default configuration; it only affects people who were explicitly setting this option.
This was a trade-off between code size and counter-measures; it is no longer relevant as the counter-measure is now always on at no cost in code size.