Merge remote-tracking branch 'public/pr/1920' into development
This commit is contained in:
commit
07de4c0035
2 changed files with 17 additions and 2 deletions
|
@ -61,6 +61,11 @@ Changes
|
||||||
INTERNAL NOTE: need to bump soversion of libmbedtls:
|
INTERNAL NOTE: need to bump soversion of libmbedtls:
|
||||||
- added new member 'mtu' to public 'mbedtls_ssl_conf' structure
|
- added new member 'mtu' to public 'mbedtls_ssl_conf' structure
|
||||||
|
|
||||||
|
Changes
|
||||||
|
* Add warnings to the documentation of the HKDF module to reduce the risk
|
||||||
|
of misusing the mbedtls_hkdf_extract() and mbedtls_hkdf_expand()
|
||||||
|
functions. Fixes #1775. Reported by Brian J. Murray.
|
||||||
|
|
||||||
= mbed TLS 2.12.0 branch released 2018-07-25
|
= mbed TLS 2.12.0 branch released 2018-07-25
|
||||||
|
|
||||||
Security
|
Security
|
||||||
|
|
|
@ -73,6 +73,11 @@ int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
|
||||||
* \brief Take the input keying material \p ikm and extract from it a
|
* \brief Take the input keying material \p ikm and extract from it a
|
||||||
* fixed-length pseudorandom key \p prk.
|
* fixed-length pseudorandom key \p prk.
|
||||||
*
|
*
|
||||||
|
* \warning This function should only be used if the security of it has been
|
||||||
|
* studied and established in that particular context (eg. TLS 1.3
|
||||||
|
* key schedule). For standard HKDF security guarantees use
|
||||||
|
* \c mbedtls_hkdf instead.
|
||||||
|
*
|
||||||
* \param md A hash function; md.size denotes the length of the
|
* \param md A hash function; md.size denotes the length of the
|
||||||
* hash function output in bytes.
|
* hash function output in bytes.
|
||||||
* \param salt An optional salt value (a non-secret random value);
|
* \param salt An optional salt value (a non-secret random value);
|
||||||
|
@ -97,10 +102,15 @@ int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
|
||||||
* \brief Expand the supplied \p prk into several additional pseudorandom
|
* \brief Expand the supplied \p prk into several additional pseudorandom
|
||||||
* keys, which is the output of the HKDF.
|
* keys, which is the output of the HKDF.
|
||||||
*
|
*
|
||||||
|
* \warning This function should only be used if the security of it has been
|
||||||
|
* studied and established in that particular context (eg. TLS 1.3
|
||||||
|
* key schedule). For standard HKDF security guarantees use
|
||||||
|
* \c mbedtls_hkdf instead.
|
||||||
|
*
|
||||||
* \param md A hash function; md.size denotes the length of the hash
|
* \param md A hash function; md.size denotes the length of the hash
|
||||||
* function output in bytes.
|
* function output in bytes.
|
||||||
* \param prk A pseudorandom key of at least md.size bytes. \p prk is usually,
|
* \param prk A pseudorandom key of at least md.size bytes. \p prk is
|
||||||
* the output from the HKDF extract step.
|
* usually the output from the HKDF extract step.
|
||||||
* \param prk_len The length in bytes of \p prk.
|
* \param prk_len The length in bytes of \p prk.
|
||||||
* \param info An optional context and application specific information
|
* \param info An optional context and application specific information
|
||||||
* string. This can be a zero-length string.
|
* string. This can be a zero-length string.
|
||||||
|
|
Loading…
Reference in a new issue