Incorporate comments on merge commit
* Correct order of sections in ChangeLog * Restore unintentionally removed whitespace and formatting improvements. * Consistently rename MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED to MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION in rsa.h documentation.
This commit is contained in:
parent
f40cdf9971
commit
a47023e4d5
3 changed files with 30 additions and 30 deletions
35
ChangeLog
35
ChangeLog
|
@ -15,6 +15,23 @@ Security
|
|||
Features
|
||||
* Allow comments in test data files.
|
||||
|
||||
API Changes
|
||||
* Extend RSA interface by multiple functions allowing structure-
|
||||
independent setup and export of RSA contexts. Most notably,
|
||||
mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting
|
||||
up RSA contexts from partial key material and having them completed to the
|
||||
needs of the implementation automatically. This allows to setup private RSA
|
||||
contexts from keys consisting of N,D,E only, even if P,Q are needed for the
|
||||
purpose or CRT and/or blinding.
|
||||
* The configuration option MBEDTLS_RSA_ALT can be used to define alternative
|
||||
implementations of the RSA interface declared in rsa.h.
|
||||
|
||||
New deprecations
|
||||
* Deprecate usage of RSA primitives with non-matching key-type
|
||||
(e.g., signing with a public key).
|
||||
* Direct manipulation of structure fields of RSA contexts is deprecated.
|
||||
Users are advised to use the extended RSA API instead.
|
||||
|
||||
Bugfix
|
||||
* Fix ssl_parse_record_header() to silently discard invalid DTLS records
|
||||
as recommended in RFC 6347 Section 4.1.2.7.
|
||||
|
@ -57,23 +74,6 @@ Bugfix
|
|||
* Fix crash when calling mbedtls_ssl_cache_free() twice. Found by
|
||||
MilenkoMitrovic, #1104
|
||||
|
||||
New deprecations
|
||||
* Direct manipulation of structure fields of RSA contexts is deprecated.
|
||||
Users are advised to use the extended RSA API instead.
|
||||
* Deprecate usage of RSA primitives with non-matching key-type
|
||||
(e.g., signing with a public key).
|
||||
|
||||
API Changes
|
||||
* Extend RSA interface by multiple functions allowing structure-
|
||||
independent setup and export of RSA contexts. Most notably,
|
||||
mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting
|
||||
up RSA contexts from partial key material and having them completed to the
|
||||
needs of the implementation automatically. This allows to setup private RSA
|
||||
contexts from keys consisting of N,D,E only, even if P,Q are needed for the
|
||||
purpose or CRT and/or blinding.
|
||||
* The configuration option MBEDTLS_RSA_ALT can be used to define alternative
|
||||
implementations of the RSA interface declared in rsa.h.
|
||||
|
||||
Changes
|
||||
* Extend cert_write example program by options to set the CRT version
|
||||
and the message digest. Further, allow enabling/disabling of authority
|
||||
|
@ -95,7 +95,6 @@ Security
|
|||
* Reliably wipe sensitive data after use in the AES example applications
|
||||
programs/aes/aescrypt2 and programs/aes/crypt_and_hash.
|
||||
Found by Laurent Simon.
|
||||
>>>>>>> development
|
||||
|
||||
Features
|
||||
* Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown()
|
||||
|
|
|
@ -274,11 +274,11 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx );
|
|||
* exporting the requested parameters
|
||||
* cannot be done because of a lack of functionality
|
||||
* or because of security policies, the error code
|
||||
* \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned.
|
||||
* \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION is returned.
|
||||
* In this case, the RSA context stays intact and can
|
||||
* be continued to be used.
|
||||
*
|
||||
* \note Reasons for returning \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED
|
||||
* \note Reasons for returning \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION
|
||||
* would be the following: Firstly, it might be that an
|
||||
* alternative RSA implementation is in use which stores
|
||||
* the key externally, and which either cannot or should not
|
||||
|
@ -319,11 +319,11 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
|
|||
* exporting the requested parameters
|
||||
* cannot be done because of a lack of functionality
|
||||
* or because of security policies, the error code
|
||||
* \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned.
|
||||
* \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION is returned.
|
||||
* In this case, the RSA context stays intact and can
|
||||
* be continued to be used.
|
||||
*
|
||||
* \note Reasons for returning \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED
|
||||
* \note Reasons for returning \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION
|
||||
* would be the following: Firstly, it might be that an
|
||||
* alternative RSA implementation is in use which stores
|
||||
* the key externally, and which either cannot or should not
|
||||
|
@ -525,7 +525,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
|
||||
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||
*
|
||||
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
|
||||
* \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
|
||||
*
|
||||
* \note The output buffer must be as large as the size
|
||||
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
|
||||
|
@ -557,7 +557,7 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
|
|||
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
|
||||
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||
*
|
||||
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
|
||||
* \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
|
||||
*
|
||||
* \note The output buffer must be as large as the size
|
||||
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
|
||||
|
@ -592,7 +592,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
|
|||
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
|
||||
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||
*
|
||||
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
|
||||
* \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
|
||||
*
|
||||
* \note The output buffer must be as large as the size
|
||||
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
|
||||
|
@ -629,7 +629,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
|
|||
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
|
||||
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||
*
|
||||
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
|
||||
* \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
|
||||
*
|
||||
* \note The output buffer length \c output_max_len should be
|
||||
* as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes
|
||||
|
@ -670,7 +670,7 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
|
|||
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
|
||||
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||
*
|
||||
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
|
||||
* \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
|
||||
*
|
||||
* \note The output buffer length \c output_max_len should be
|
||||
* as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes
|
||||
|
@ -713,7 +713,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
|
|||
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
|
||||
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||
*
|
||||
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
|
||||
* \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
|
||||
*
|
||||
* \note The output buffer length \c output_max_len should be
|
||||
* as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes
|
||||
|
|
|
@ -729,8 +729,9 @@ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result)
|
|||
mbedtls_entropy_init( &entropy );
|
||||
mbedtls_rsa_init ( &ctx, 0, 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
|
||||
(const unsigned char *) pers, strlen( pers ) ) == 0 );
|
||||
TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
|
||||
&entropy, (const unsigned char *) pers,
|
||||
strlen( pers ) ) == 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result );
|
||||
if( result == 0 )
|
||||
|
|
Loading…
Reference in a new issue