Fix ECDSA documentation: blinding is no longer optional

Since Mbed TLS 3.0, blinding is no longer optional in ECDSA. `mbedtls_ecdsa_write_signature()` and `mbedtls_ecdsa_write_signature_restartable()` error out if `f_rng == NULL`. We forgot to update the function documentation. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-07-09 21:57:29 +08:00 · 2025-05-16 15:00:09 +02:00 · 2025-05-16 15:00:09 +02:00 · addf8fc03e
commit addf8fc03e
parent c0b357d8b4
1 changed files with 12 additions and 9 deletions
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@ -150,7 +150,8 @@ int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid);
 *                  buffer of length \p blen Bytes. It may be \c NULL if
 *                  \p blen is zero.
 * \param blen      The length of \p buf in Bytes.
- * \param f_rng     The RNG function. This must not be \c NULL.
+ * \param f_rng     The RNG function, used both to generate the ECDSA nonce
 *                  and for blinding. This must not be \c NULL.
 * \param p_rng     The RNG context to be passed to \p f_rng. This may be
 *                  \c NULL if \p f_rng doesn't need a context parameter.
 *
@ -247,7 +248,8 @@ int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r,
 *                      buffer of length \p blen Bytes. It may be \c NULL if
 *                      \p blen is zero.
 * \param blen          The length of \p buf in Bytes.
- * \param f_rng         The RNG function. This must not be \c NULL.
+ * \param f_rng         The RNG function used to generate the ECDSA nonce.
 *                      This must not be \c NULL.
 * \param p_rng         The RNG context to be passed to \p f_rng. This may be
 *                      \c NULL if \p f_rng doesn't need a context parameter.
 * \param f_rng_blind   The RNG function used for blinding. This must not be
@ -458,10 +460,10 @@ int mbedtls_ecdsa_verify_restartable(mbedtls_ecp_group *grp,
 * \param sig_size  The size of the \p sig buffer in bytes.
 * \param slen      The address at which to store the actual length of
 *                  the signature written. Must not be \c NULL.
- * \param f_rng     The RNG function. This must not be \c NULL if
+ * \param f_rng     The RNG function. This is used for blinding.
- *                  #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
+ *                  If #MBEDTLS_ECDSA_DETERMINISTIC is unset, this is also
- *                  it is used only for blinding and may be set to \c NULL, but
+ *                  used to generate the ECDSA nonce.
- *                  doing so is DEPRECATED.
+ *                  This must not be \c NULL.
 * \param p_rng     The RNG context to be passed to \p f_rng. This may be
 *                  \c NULL if \p f_rng is \c NULL or doesn't use a context.
 *
@ -501,9 +503,10 @@ int mbedtls_ecdsa_write_signature(mbedtls_ecdsa_context *ctx,
 * \param sig_size  The size of the \p sig buffer in bytes.
 * \param slen      The address at which to store the actual length of
 *                  the signature written. Must not be \c NULL.
- * \param f_rng     The RNG function. This must not be \c NULL if
+ * \param f_rng     The RNG function. This is used for blinding.
- *                  #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
+ *                  If #MBEDTLS_ECDSA_DETERMINISTIC is unset, this is also
- *                  it is unused and may be set to \c NULL.
+ *                  used to generate the ECDSA nonce.
 *                  This must not be \c NULL.
 * \param p_rng     The RNG context to be passed to \p f_rng. This may be
 *                  \c NULL if \p f_rng is \c NULL or doesn't use a context.
 * \param rs_ctx    The restart context to use. This may be \c NULL to disable