yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Updated change description as suggested by @gilles-peskine-arm.

Browse source 
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
This commit is contained in:
stroebeljc 2021-01-05 11:28:30 -06:00
parent e67ba98581
commit 03ee3834a0
1 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
ChangeLog.d/issue3819.txt
View file

@ -1,5 +1,10 @@
Security
* Fix a security reduction error that causes all bits of the nonce
to be zero in mbedtls_ctr_drbg_reseed_internal. This prevents
the security strength from reaching the level required by NIST.
* Fix a security reduction in CTR_DRBG when the initial seeding obtained a
nonce from entropy. Applications were affected if they called
mbedtls_ctr_drbg_set_nonce_len(), if they called
mbedtls_ctr_drbg_set_entropy_len() with a size that was 3/2 times the key
length, or when the entropy module uses SHA-256 and CTR_DRBG uses AES-256.
In such cases, a random nonce was necessary to achieve the advertised
security strength, but the code incorrectly used a constant instead of
entropy from the nonce.
Found by John Stroebel in #3819 and fixed in #3973.