Merge pull request #4611 from gilles-peskine-arm/random-range-uniformity-3.0

Fix non-uniform random generation in a range
2025-08-08 17:42:09 +03:00 · 2021-06-04 10:43:15 +02:00
parent f9f9cc217c afb2bd2f22
commit 0c1a42a147
19 changed files with 1039 additions and 261 deletions
--- a/ChangeLog.d/mpi_random.txt
+++ b/ChangeLog.d/mpi_random.txt
@@ -0,0 +1,3 @@
+Features
+   * The new function mbedtls_mpi_random() generates a random value in a
+     given range uniformly.
--- a/ChangeLog.d/random-range.txt
+++ b/ChangeLog.d/random-range.txt
@@ -0,0 +1,4 @@
+Security
+* Fix a bias in the generation of finite-field Diffie-Hellman-Merkle (DHM)
+  private keys and of blinding values for DHM and elliptic curves (ECP)
+  computations. Reported by FlorianF89 in #4245.