mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-05 14:25:33 +00:00
Incorporate comments on merge commit
* Correct order of sections in ChangeLog * Restore unintentionally removed whitespace and formatting improvements. * Consistently rename MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED to MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION in rsa.h documentation.
This commit is contained in:
parent
f40cdf9971
commit
a47023e4d5
35
ChangeLog
35
ChangeLog
|
@ -15,6 +15,23 @@ Security
|
||||||
Features
|
Features
|
||||||
* Allow comments in test data files.
|
* Allow comments in test data files.
|
||||||
|
|
||||||
|
API Changes
|
||||||
|
* Extend RSA interface by multiple functions allowing structure-
|
||||||
|
independent setup and export of RSA contexts. Most notably,
|
||||||
|
mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting
|
||||||
|
up RSA contexts from partial key material and having them completed to the
|
||||||
|
needs of the implementation automatically. This allows to setup private RSA
|
||||||
|
contexts from keys consisting of N,D,E only, even if P,Q are needed for the
|
||||||
|
purpose or CRT and/or blinding.
|
||||||
|
* The configuration option MBEDTLS_RSA_ALT can be used to define alternative
|
||||||
|
implementations of the RSA interface declared in rsa.h.
|
||||||
|
|
||||||
|
New deprecations
|
||||||
|
* Deprecate usage of RSA primitives with non-matching key-type
|
||||||
|
(e.g., signing with a public key).
|
||||||
|
* Direct manipulation of structure fields of RSA contexts is deprecated.
|
||||||
|
Users are advised to use the extended RSA API instead.
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fix ssl_parse_record_header() to silently discard invalid DTLS records
|
* Fix ssl_parse_record_header() to silently discard invalid DTLS records
|
||||||
as recommended in RFC 6347 Section 4.1.2.7.
|
as recommended in RFC 6347 Section 4.1.2.7.
|
||||||
|
@ -57,23 +74,6 @@ Bugfix
|
||||||
* Fix crash when calling mbedtls_ssl_cache_free() twice. Found by
|
* Fix crash when calling mbedtls_ssl_cache_free() twice. Found by
|
||||||
MilenkoMitrovic, #1104
|
MilenkoMitrovic, #1104
|
||||||
|
|
||||||
New deprecations
|
|
||||||
* Direct manipulation of structure fields of RSA contexts is deprecated.
|
|
||||||
Users are advised to use the extended RSA API instead.
|
|
||||||
* Deprecate usage of RSA primitives with non-matching key-type
|
|
||||||
(e.g., signing with a public key).
|
|
||||||
|
|
||||||
API Changes
|
|
||||||
* Extend RSA interface by multiple functions allowing structure-
|
|
||||||
independent setup and export of RSA contexts. Most notably,
|
|
||||||
mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting
|
|
||||||
up RSA contexts from partial key material and having them completed to the
|
|
||||||
needs of the implementation automatically. This allows to setup private RSA
|
|
||||||
contexts from keys consisting of N,D,E only, even if P,Q are needed for the
|
|
||||||
purpose or CRT and/or blinding.
|
|
||||||
* The configuration option MBEDTLS_RSA_ALT can be used to define alternative
|
|
||||||
implementations of the RSA interface declared in rsa.h.
|
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Extend cert_write example program by options to set the CRT version
|
* Extend cert_write example program by options to set the CRT version
|
||||||
and the message digest. Further, allow enabling/disabling of authority
|
and the message digest. Further, allow enabling/disabling of authority
|
||||||
|
@ -95,7 +95,6 @@ Security
|
||||||
* Reliably wipe sensitive data after use in the AES example applications
|
* Reliably wipe sensitive data after use in the AES example applications
|
||||||
programs/aes/aescrypt2 and programs/aes/crypt_and_hash.
|
programs/aes/aescrypt2 and programs/aes/crypt_and_hash.
|
||||||
Found by Laurent Simon.
|
Found by Laurent Simon.
|
||||||
>>>>>>> development
|
|
||||||
|
|
||||||
Features
|
Features
|
||||||
* Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown()
|
* Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown()
|
||||||
|
|
|
@ -274,11 +274,11 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx );
|
||||||
* exporting the requested parameters
|
* exporting the requested parameters
|
||||||
* cannot be done because of a lack of functionality
|
* cannot be done because of a lack of functionality
|
||||||
* or because of security policies, the error code
|
* or because of security policies, the error code
|
||||||
* \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned.
|
* \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION is returned.
|
||||||
* In this case, the RSA context stays intact and can
|
* In this case, the RSA context stays intact and can
|
||||||
* be continued to be used.
|
* be continued to be used.
|
||||||
*
|
*
|
||||||
* \note Reasons for returning \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED
|
* \note Reasons for returning \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION
|
||||||
* would be the following: Firstly, it might be that an
|
* would be the following: Firstly, it might be that an
|
||||||
* alternative RSA implementation is in use which stores
|
* alternative RSA implementation is in use which stores
|
||||||
* the key externally, and which either cannot or should not
|
* the key externally, and which either cannot or should not
|
||||||
|
@ -319,11 +319,11 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
|
||||||
* exporting the requested parameters
|
* exporting the requested parameters
|
||||||
* cannot be done because of a lack of functionality
|
* cannot be done because of a lack of functionality
|
||||||
* or because of security policies, the error code
|
* or because of security policies, the error code
|
||||||
* \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned.
|
* \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION is returned.
|
||||||
* In this case, the RSA context stays intact and can
|
* In this case, the RSA context stays intact and can
|
||||||
* be continued to be used.
|
* be continued to be used.
|
||||||
*
|
*
|
||||||
* \note Reasons for returning \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED
|
* \note Reasons for returning \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION
|
||||||
* would be the following: Firstly, it might be that an
|
* would be the following: Firstly, it might be that an
|
||||||
* alternative RSA implementation is in use which stores
|
* alternative RSA implementation is in use which stores
|
||||||
* the key externally, and which either cannot or should not
|
* the key externally, and which either cannot or should not
|
||||||
|
@ -525,7 +525,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
||||||
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
|
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
|
||||||
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
|
* \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
|
||||||
*
|
*
|
||||||
* \note The output buffer must be as large as the size
|
* \note The output buffer must be as large as the size
|
||||||
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
|
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
|
||||||
|
@ -557,7 +557,7 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
|
||||||
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
|
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
|
||||||
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
|
* \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
|
||||||
*
|
*
|
||||||
* \note The output buffer must be as large as the size
|
* \note The output buffer must be as large as the size
|
||||||
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
|
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
|
||||||
|
@ -592,7 +592,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
|
||||||
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
|
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
|
||||||
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
|
* \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
|
||||||
*
|
*
|
||||||
* \note The output buffer must be as large as the size
|
* \note The output buffer must be as large as the size
|
||||||
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
|
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
|
||||||
|
@ -629,7 +629,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
|
||||||
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
|
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
|
||||||
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
|
* \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
|
||||||
*
|
*
|
||||||
* \note The output buffer length \c output_max_len should be
|
* \note The output buffer length \c output_max_len should be
|
||||||
* as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes
|
* as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes
|
||||||
|
@ -670,7 +670,7 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
|
||||||
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
|
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
|
||||||
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
|
* \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
|
||||||
*
|
*
|
||||||
* \note The output buffer length \c output_max_len should be
|
* \note The output buffer length \c output_max_len should be
|
||||||
* as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes
|
* as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes
|
||||||
|
@ -713,7 +713,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
|
||||||
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
|
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
|
||||||
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
|
* \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
|
||||||
*
|
*
|
||||||
* \note The output buffer length \c output_max_len should be
|
* \note The output buffer length \c output_max_len should be
|
||||||
* as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes
|
* as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes
|
||||||
|
|
|
@ -729,8 +729,9 @@ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result)
|
||||||
mbedtls_entropy_init( &entropy );
|
mbedtls_entropy_init( &entropy );
|
||||||
mbedtls_rsa_init ( &ctx, 0, 0 );
|
mbedtls_rsa_init ( &ctx, 0, 0 );
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
|
TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
|
||||||
(const unsigned char *) pers, strlen( pers ) ) == 0 );
|
&entropy, (const unsigned char *) pers,
|
||||||
|
strlen( pers ) ) == 0 );
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result );
|
TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result );
|
||||||
if( result == 0 )
|
if( result == 0 )
|
||||||
|
|
Loading…
Reference in a new issue