yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-02 11:01:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Changelog: Add entry for prime validation fix

Browse source
This commit is contained in:
Janos Follath 2018-09-06 10:40:04 +01:00 committed by Darryl Green
parent 0b74161502
commit 8d3fb2e167
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
ChangeLog
View file

@ -14,6 +14,19 @@ Changes
test the handling of large packets and small packets on the client side test the handling of large packets and small packets on the client side
in the same way as on the server side. in the same way as on the server side.
Security
* Fix mbedtls_mpi_is_prime() to use more rounds of probabilistic testing. The
previous settings for the number of rounds made it practical for an
adversary to construct non-primes that would be erroneously accepted as
primes with high probability. This does not have an impact on the
security of TLS, but can matter in other contexts with potentially
adversarially-chosen numbers that should be prime and can be validated.
For example, the number of rounds was enough to securely generate RSA key
pairs or Diffie-Hellman parameters, but was insufficient to validate
Diffie-Hellman parameters properly.
See "Prime and Prejudice" by by Martin R. Albrecht and Jake Massimo and
Kenneth G. Paterson and Juraj Somorovsky.
= mbed TLS 2.7.6 branch released 2018-08-31 = mbed TLS 2.7.6 branch released 2018-08-31
Security Security