Incorporate comments on merge commit
* Correct order of sections in ChangeLog
* Restore unintentionally removed whitespace and
formatting improvements.
* Consistently rename MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED
to MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION in rsa.h
documentation.
diff --git a/ChangeLog b/ChangeLog
index 4a60b2a..cf2c882 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,23 @@
Features
* Allow comments in test data files.
+API Changes
+ * Extend RSA interface by multiple functions allowing structure-
+ independent setup and export of RSA contexts. Most notably,
+ mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting
+ up RSA contexts from partial key material and having them completed to the
+ needs of the implementation automatically. This allows to setup private RSA
+ contexts from keys consisting of N,D,E only, even if P,Q are needed for the
+ purpose or CRT and/or blinding.
+ * The configuration option MBEDTLS_RSA_ALT can be used to define alternative
+ implementations of the RSA interface declared in rsa.h.
+
+New deprecations
+ * Deprecate usage of RSA primitives with non-matching key-type
+ (e.g., signing with a public key).
+ * Direct manipulation of structure fields of RSA contexts is deprecated.
+ Users are advised to use the extended RSA API instead.
+
Bugfix
* Fix ssl_parse_record_header() to silently discard invalid DTLS records
as recommended in RFC 6347 Section 4.1.2.7.
@@ -57,23 +74,6 @@
* Fix crash when calling mbedtls_ssl_cache_free() twice. Found by
MilenkoMitrovic, #1104
-New deprecations
- * Direct manipulation of structure fields of RSA contexts is deprecated.
- Users are advised to use the extended RSA API instead.
- * Deprecate usage of RSA primitives with non-matching key-type
- (e.g., signing with a public key).
-
-API Changes
- * Extend RSA interface by multiple functions allowing structure-
- independent setup and export of RSA contexts. Most notably,
- mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting
- up RSA contexts from partial key material and having them completed to the
- needs of the implementation automatically. This allows to setup private RSA
- contexts from keys consisting of N,D,E only, even if P,Q are needed for the
- purpose or CRT and/or blinding.
- * The configuration option MBEDTLS_RSA_ALT can be used to define alternative
- implementations of the RSA interface declared in rsa.h.
-
Changes
* Extend cert_write example program by options to set the CRT version
and the message digest. Further, allow enabling/disabling of authority
@@ -95,7 +95,6 @@
* Reliably wipe sensitive data after use in the AES example applications
programs/aes/aescrypt2 and programs/aes/crypt_and_hash.
Found by Laurent Simon.
->>>>>>> development
Features
* Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown()
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index e412643..d7503ac 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -274,11 +274,11 @@
* exporting the requested parameters
* cannot be done because of a lack of functionality
* or because of security policies, the error code
- * \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned.
+ * \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION is returned.
* In this case, the RSA context stays intact and can
* be continued to be used.
*
- * \note Reasons for returning \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED
+ * \note Reasons for returning \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION
* would be the following: Firstly, it might be that an
* alternative RSA implementation is in use which stores
* the key externally, and which either cannot or should not
@@ -319,11 +319,11 @@
* exporting the requested parameters
* cannot be done because of a lack of functionality
* or because of security policies, the error code
- * \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned.
+ * \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION is returned.
* In this case, the RSA context stays intact and can
* be continued to be used.
*
- * \note Reasons for returning \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED
+ * \note Reasons for returning \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION
* would be the following: Firstly, it might be that an
* alternative RSA implementation is in use which stores
* the key externally, and which either cannot or should not
@@ -525,7 +525,7 @@
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
- * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
@@ -557,7 +557,7 @@
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
- * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
@@ -592,7 +592,7 @@
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
- * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
@@ -629,7 +629,7 @@
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
- * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer length \c output_max_len should be
* as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes
@@ -670,7 +670,7 @@
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
- * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer length \c output_max_len should be
* as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes
@@ -713,7 +713,7 @@
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
- * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer length \c output_max_len should be
* as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index f501222..639bcb8 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -729,8 +729,9 @@
mbedtls_entropy_init( &entropy );
mbedtls_rsa_init ( &ctx, 0, 0 );
- TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers, strlen( pers ) ) == 0 );
+ TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen( pers ) ) == 0 );
TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result );
if( result == 0 )
