This change affects all users who called a function accepting a f_rng parameter with NULL as the value of this argument; this is no longer supported.
The changed functions are: the X.509 CRT and CSR writing functions; the PK sign and decrypt function; the RSA encrypt, decrypt, sign and private functions; the functions in DHM and ECDH that compute the share secret; the scalar multiplication functions in ECP.
You now need to pass a properly seeded, cryptographically secure RNG to all functions that accept a f_rng parameter. It is of course still possible to pass NULL as the context pointer p_rng if your RNG function doesn't need a context.
This affects users of the following functions: mbedtls_ecp_check_pub_priv(), mbedtls_pk_check_pair(), mbedtls_pk_parse_key(), and mbedtls_pk_parse_keyfile().
You now need to pass a properly seeded, cryptographically secure RNG when calling these functions. It is used for blinding, a counter-measure against side-channel attacks.
MBEDTLS_ECP_NO_INTERNAL_RNG was removedThis doesn't affect users of the default configuration; it only affects people who were explicitly setting this option.
This was a trade-off between code size and counter-measures; it is no longer relevant as the counter-measure is now always on at no cost in code size.