Incorporate comments on merge commit

* Correct order of sections in ChangeLog
* Restore unintentionally removed whitespace and
  formatting improvements.
* Consistently rename MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED
  to MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION in rsa.h
  documentation.
This commit is contained in:
Hanno Becker 2017-12-22 17:08:03 +00:00
parent f40cdf9971
commit a47023e4d5
3 changed files with 30 additions and 30 deletions

View file

@ -15,6 +15,23 @@ Security
Features Features
* Allow comments in test data files. * Allow comments in test data files.
API Changes
* Extend RSA interface by multiple functions allowing structure-
independent setup and export of RSA contexts. Most notably,
mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting
up RSA contexts from partial key material and having them completed to the
needs of the implementation automatically. This allows to setup private RSA
contexts from keys consisting of N,D,E only, even if P,Q are needed for the
purpose or CRT and/or blinding.
* The configuration option MBEDTLS_RSA_ALT can be used to define alternative
implementations of the RSA interface declared in rsa.h.
New deprecations
* Deprecate usage of RSA primitives with non-matching key-type
(e.g., signing with a public key).
* Direct manipulation of structure fields of RSA contexts is deprecated.
Users are advised to use the extended RSA API instead.
Bugfix Bugfix
* Fix ssl_parse_record_header() to silently discard invalid DTLS records * Fix ssl_parse_record_header() to silently discard invalid DTLS records
as recommended in RFC 6347 Section 4.1.2.7. as recommended in RFC 6347 Section 4.1.2.7.
@ -57,23 +74,6 @@ Bugfix
* Fix crash when calling mbedtls_ssl_cache_free() twice. Found by * Fix crash when calling mbedtls_ssl_cache_free() twice. Found by
MilenkoMitrovic, #1104 MilenkoMitrovic, #1104
New deprecations
* Direct manipulation of structure fields of RSA contexts is deprecated.
Users are advised to use the extended RSA API instead.
* Deprecate usage of RSA primitives with non-matching key-type
(e.g., signing with a public key).
API Changes
* Extend RSA interface by multiple functions allowing structure-
independent setup and export of RSA contexts. Most notably,
mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting
up RSA contexts from partial key material and having them completed to the
needs of the implementation automatically. This allows to setup private RSA
contexts from keys consisting of N,D,E only, even if P,Q are needed for the
purpose or CRT and/or blinding.
* The configuration option MBEDTLS_RSA_ALT can be used to define alternative
implementations of the RSA interface declared in rsa.h.
Changes Changes
* Extend cert_write example program by options to set the CRT version * Extend cert_write example program by options to set the CRT version
and the message digest. Further, allow enabling/disabling of authority and the message digest. Further, allow enabling/disabling of authority
@ -95,7 +95,6 @@ Security
* Reliably wipe sensitive data after use in the AES example applications * Reliably wipe sensitive data after use in the AES example applications
programs/aes/aescrypt2 and programs/aes/crypt_and_hash. programs/aes/aescrypt2 and programs/aes/crypt_and_hash.
Found by Laurent Simon. Found by Laurent Simon.
>>>>>>> development
Features Features
* Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown()

View file

@ -274,11 +274,11 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx );
* exporting the requested parameters * exporting the requested parameters
* cannot be done because of a lack of functionality * cannot be done because of a lack of functionality
* or because of security policies, the error code * or because of security policies, the error code
* \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned. * \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION is returned.
* In this case, the RSA context stays intact and can * In this case, the RSA context stays intact and can
* be continued to be used. * be continued to be used.
* *
* \note Reasons for returning \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED * \note Reasons for returning \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION
* would be the following: Firstly, it might be that an * would be the following: Firstly, it might be that an
* alternative RSA implementation is in use which stores * alternative RSA implementation is in use which stores
* the key externally, and which either cannot or should not * the key externally, and which either cannot or should not
@ -319,11 +319,11 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
* exporting the requested parameters * exporting the requested parameters
* cannot be done because of a lack of functionality * cannot be done because of a lack of functionality
* or because of security policies, the error code * or because of security policies, the error code
* \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned. * \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION is returned.
* In this case, the RSA context stays intact and can * In this case, the RSA context stays intact and can
* be continued to be used. * be continued to be used.
* *
* \note Reasons for returning \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED * \note Reasons for returning \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION
* would be the following: Firstly, it might be that an * would be the following: Firstly, it might be that an
* alternative RSA implementation is in use which stores * alternative RSA implementation is in use which stores
* the key externally, and which either cannot or should not * the key externally, and which either cannot or should not
@ -525,7 +525,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
* mode being set to MBEDTLS_RSA_PRIVATE and may instead * mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
* *
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
* *
* \note The output buffer must be as large as the size * \note The output buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used). * of ctx->N (eg. 128 bytes if RSA-1024 is used).
@ -557,7 +557,7 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
* mode being set to MBEDTLS_RSA_PRIVATE and may instead * mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
* *
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
* *
* \note The output buffer must be as large as the size * \note The output buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used). * of ctx->N (eg. 128 bytes if RSA-1024 is used).
@ -592,7 +592,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
* mode being set to MBEDTLS_RSA_PRIVATE and may instead * mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
* *
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
* *
* \note The output buffer must be as large as the size * \note The output buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used). * of ctx->N (eg. 128 bytes if RSA-1024 is used).
@ -629,7 +629,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
* mode being set to MBEDTLS_RSA_PUBLIC and may instead * mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
* *
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
* *
* \note The output buffer length \c output_max_len should be * \note The output buffer length \c output_max_len should be
* as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes * as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes
@ -670,7 +670,7 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
* mode being set to MBEDTLS_RSA_PUBLIC and may instead * mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
* *
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
* *
* \note The output buffer length \c output_max_len should be * \note The output buffer length \c output_max_len should be
* as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes * as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes
@ -713,7 +713,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
* mode being set to MBEDTLS_RSA_PUBLIC and may instead * mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
* *
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
* *
* \note The output buffer length \c output_max_len should be * \note The output buffer length \c output_max_len should be
* as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes * as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes

View file

@ -729,8 +729,9 @@ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result)
mbedtls_entropy_init( &entropy ); mbedtls_entropy_init( &entropy );
mbedtls_rsa_init ( &ctx, 0, 0 ); mbedtls_rsa_init ( &ctx, 0, 0 );
TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
(const unsigned char *) pers, strlen( pers ) ) == 0 ); &entropy, (const unsigned char *) pers,
strlen( pers ) ) == 0 );
TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result ); TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result );
if( result == 0 ) if( result == 0 )