Manuel Pégourié-Gonnard
Manuel Pégourié-Gonnard
See also https://github.com/Mbed-TLS/mbedtls/pull/8725
This is a bug fix (according to the ChangeLog entry), so it should be backported unless there's a reason not to (and I'm not seeing any). To be more precise,...
> So I don't think we should backport anything here. Fine with me, I agree with your points. (And thanks for the reference to the similar PKCS5/12 issues, I had...
@gilles-peskine-arm Can you sanity-check that this makes sense and I didn't miss anything obvious? Also, should this go in the "legacyPSA bridge" EPIC, as it's about improving an existing bridge,...
Note: it's probably obvious, but while fixing this we should improve the documentation of `sign`, `verify`, `decrypt`, `encrypt` in order to explicitly document this.
Yes, I think all 4 functions (sign, verify, decrypt, encrypt) need new tests and corresponding adjustments - I guess Gilles only added tests for 1 of them as a proof...
One thing about "backports", especially in the presence of more than one LTS branch: I'm not sure it's the right concept. The checkboxes only make sense as they are on...
One question we should also consider, is how well the various schemes work when we introduce a new LTS branch (or remove an old LTS branch), considering there is typically...
Just one question for my own education (no impact on this PR): why is the cert verification code not common between 1.3 and 1.2?
I think Andrew has summarized things quite clearly here: https://github.com/ARM-software/psa-api/issues/198 It seems to me that PSA Crypto implementation are free to compute the public key either during keygen or when...