Gilles Peskine
Gilles Peskine
Fixes #6200 Not applicable to 2.28.
We had three purposes in creating `constant_time.c`: to reduce duplication and unify the “generic” functions (partly done), to have a home for public functions (currently and in the foreseeable future,...
Arithmetic on the singleton set {0} isn't useful, so there's no point in supporting zero-length numbers in bignum_core. This is different from bignum which manipulates variable-length numbers and a zero-length...
All non-static functions in `constant_time.c` should have unit tests checking that they are functionally correct. Use `TEST_CF_SECRET` and `TEST_CF_PUBLIC` adequately so that the `all.sh` components `test_*_constant_flow` check that the runs...
Write unit tests for `mbedtls_ct_rsaes_pkcs1_v15_unpadding`. Functionally, the tests should at least ensure full line and branch coverage. The existing tests in `test_suite_pkcs1v15` can be a starting point. Use `TEST_CF_SECRET` and...
The documentation of `mbedtls_time_t` just says “The time_t datatype” and doesn't say what assumptions Mbed TLS makes on this type. It should state the assumptions. At least: * `mbedtls_time_t` is...
Introduce new functions `psa_generate_key_ext()` and `psa_key_derivation_output_key_ext()` that allow custom generation/derivation methods. For RSA keys (only generation since we don't support derivation of RSA keys), provide a way to choose the...
Remove domain parameters from the PSA API, since we have an [alternative way of choosing a custom public exponent for RSA keys](https://github.com/Mbed-TLS/mbedtls/pull/8815) and we don't intend to use them for...
Resolves https://github.com/Mbed-TLS/mbedtls/issues/8708. Resolves https://github.com/Mbed-TLS/mbedtls/issues/8713. Also fixes https://github.com/Mbed-TLS/mbedtls/issues/7290. Out of scope: testing with non-volatile keys (https://github.com/Mbed-TLS/mbedtls/issues/8778). ## PR checklist - [x] **changelog** provided - [x] **backport** of bug fixes: https://github.com/Mbed-TLS/mbedtls/pull/8811 -...
`test-ref-configs.pl` tests multiple configurations in succession. If there's a failure, it gives up. This is annoying, especially on the CI, because if a configuration fails, you don't get any feedback...