mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-25 02:05:31 +00:00
Update dependencies documentation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
parent
601128eb58
commit
f1aca9fdba
|
@ -1,6 +1,7 @@
|
|||
Changes
|
||||
* The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on
|
||||
`MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel
|
||||
`MBEDTLS_CTR_DRBG_C`, `MBEDTLS_HMAC_DRBG_C`, `MBEDTLS_SHA512_C`,
|
||||
`MBEDTLS_SHA256_C` or `MBEDTLS_SHA1_C` for some side-channel
|
||||
coutermeasures. If side channels are not a concern, this dependency can
|
||||
be avoided by enabling the new option `MBEDTLS_ECP_NO_INTERNAL_RNG`.
|
||||
|
||||
|
|
|
@ -626,11 +626,12 @@
|
|||
* against some side-channel attacks.
|
||||
*
|
||||
* This protection introduces a dependency of the ECP module on one of the
|
||||
* DRBG modules. For very constrained implementations that don't require this
|
||||
* protection (for example, because you're only doing signature verification,
|
||||
* so not manipulating any secret, or because local/physical side-channel
|
||||
* attacks are outside your threat model), it might be desirable to get rid of
|
||||
* that dependency.
|
||||
* DRBG or SHA modules (HMAC-DRBG, CTR-DRBG, SHA-512, SHA-256 or SHA-1).
|
||||
* For very constrained applications that don't require this protection
|
||||
* (for example, because you're only doing signature verification, so not
|
||||
* manipulating any secret, or because local/physical side-channel attacks are
|
||||
* outside your threat model), it might be desirable to get rid of that
|
||||
* dependency.
|
||||
*
|
||||
* \warning Enabling this option makes some uses of ECP vulnerable to some
|
||||
* side-channel attacks. Only enable it if you know that's not a problem for
|
||||
|
|
Loading…
Reference in a new issue