Merge remote-tracking branch 'public/pr/1920' into development-restricted

This commit is contained in:
Simon Butcher 2018-08-28 15:39:38 +01:00
commit 8a552cf9d6
2 changed files with 17 additions and 2 deletions

View File

@ -70,6 +70,11 @@ Changes
INTERNAL NOTE: need to bump soversion of libmbedtls: INTERNAL NOTE: need to bump soversion of libmbedtls:
- added new member 'mtu' to public 'mbedtls_ssl_conf' structure - added new member 'mtu' to public 'mbedtls_ssl_conf' structure
Changes
* Add warnings to the documentation of the HKDF module to reduce the risk
of misusing the mbedtls_hkdf_extract() and mbedtls_hkdf_expand()
functions. Fixes #1775. Reported by Brian J. Murray.
= mbed TLS 2.12.0 branch released 2018-07-25 = mbed TLS 2.12.0 branch released 2018-07-25
Security Security

View File

@ -73,6 +73,11 @@ int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
* \brief Take the input keying material \p ikm and extract from it a * \brief Take the input keying material \p ikm and extract from it a
* fixed-length pseudorandom key \p prk. * fixed-length pseudorandom key \p prk.
* *
* \warning This function should only be used if the security of it has been
* studied and established in that particular context (eg. TLS 1.3
* key schedule). For standard HKDF security guarantees use
* \c mbedtls_hkdf instead.
*
* \param md A hash function; md.size denotes the length of the * \param md A hash function; md.size denotes the length of the
* hash function output in bytes. * hash function output in bytes.
* \param salt An optional salt value (a non-secret random value); * \param salt An optional salt value (a non-secret random value);
@ -97,10 +102,15 @@ int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
* \brief Expand the supplied \p prk into several additional pseudorandom * \brief Expand the supplied \p prk into several additional pseudorandom
* keys, which is the output of the HKDF. * keys, which is the output of the HKDF.
* *
* \warning This function should only be used if the security of it has been
* studied and established in that particular context (eg. TLS 1.3
* key schedule). For standard HKDF security guarantees use
* \c mbedtls_hkdf instead.
*
* \param md A hash function; md.size denotes the length of the hash * \param md A hash function; md.size denotes the length of the hash
* function output in bytes. * function output in bytes.
* \param prk A pseudorandom key of at least md.size bytes. \p prk is usually, * \param prk A pseudorandom key of at least md.size bytes. \p prk is
* the output from the HKDF extract step. * usually the output from the HKDF extract step.
* \param prk_len The length in bytes of \p prk. * \param prk_len The length in bytes of \p prk.
* \param info An optional context and application specific information * \param info An optional context and application specific information
* string. This can be a zero-length string. * string. This can be a zero-length string.