mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 00:15:37 +01:00
Changelog: Add entry for prime validation fix
This commit is contained in:
parent
a0b67c2f3e
commit
e0e7ddf99e
18
ChangeLog
18
ChangeLog
@ -2,6 +2,24 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
|||||||
|
|
||||||
= mbed TLS x.x.x branch released xxxx-xx-xx
|
= mbed TLS x.x.x branch released xxxx-xx-xx
|
||||||
|
|
||||||
|
Security
|
||||||
|
* Fix mbedtls_mpi_is_prime() to use more rounds of probabilistic testing. The
|
||||||
|
previous settings for the number of rounds made it practical for an
|
||||||
|
adversary to construct non-primes that would be erroneously accepted as
|
||||||
|
primes with high probability. This does not have an impact on the
|
||||||
|
security of TLS, but can matter in other contexts with potentially
|
||||||
|
adversarially-chosen numbers that should be prime and can be validated.
|
||||||
|
For example, the number of rounds was enough to securely generate RSA key
|
||||||
|
pairs or Diffie-Hellman parameters, but was insufficient to validate
|
||||||
|
Diffie-Hellman parameters properly.
|
||||||
|
See "Prime and Prejudice" by by Martin R. Albrecht and Jake Massimo and
|
||||||
|
Kenneth G. Paterson and Juraj Somorovsky.
|
||||||
|
|
||||||
|
New deprecations
|
||||||
|
* Deprecate the function mbedtls_mpi_is_prime() in favor of
|
||||||
|
mbedtls_mpi_is_prime_ext() which allows specifying the number of
|
||||||
|
Miller-Rabin rounds.
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Add MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR flag to mbedtls_mpi_gen_prime() and
|
* Add MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR flag to mbedtls_mpi_gen_prime() and
|
||||||
use it to reduce error probability in RSA key generation to levels mandated
|
use it to reduce error probability in RSA key generation to levels mandated
|
||||||
|
Loading…
Reference in New Issue
Block a user