Manuel Pégourié-Gonnard

icon indicating a website link https://elzevir.fr/ icon indicating an email [email protected]

icon company ARM icon location Marseille, France icon location Passionate for free software, security, cryptography, and low-level coding. Enthusiastic, loves working in a team and sharing knowledge.

Results 243 comments of Manuel Pégourié-Gonnard

Add script to move files to the framework

Ah OK, I had misunderstood what the script does. > There are tools that can rewrite a git branch to only retain commits that modify specific files, and construct a...

Add script to move files to the framework

@gilles-peskine-arm Unless you disagree, I'd like to merge this script mostly as it stands now: I think your main comment has been addressed, and in practice we (at least Elena,...

Remove support for the RSA-decryption key exchange in TLS 1.2

For reference, I'd like to avoid [a possible misunderstanding](https://github.com/gramineproject/gramine/pull/1918#issuecomment-2196387016): this issue is specifically about the RSA and RSA-PSK key exchange, and should not be interpreted as an indication that we...

Remove support for the RSA-decryption key exchange in TLS 1.2

No worries! Reading the issue description again, I could see how it could give the wrong impression, so I wanted to clarify that to avoid causing trouble to other people...

Remove support for the RSA-decryption key exchange in TLS 1.2

Note: we have tests in `ssl-opt.sh` that use plain RSA key exchange to test other things, for example, handling of the keyUsage extension in certificates. To my knowledge, RSA was...

Remove support for the RSA-decryption key exchange in TLS 1.2

As mentioned above, there is a [TLS working group draft](https://datatracker.ietf.org/doc/html/draft-ietf-tls-deprecate-obsolete-kex-05) that, when it becomes an RFC, will formally deprecate both of the ciphersuites that are currently mandatory in OPCUA: >...

psa_util.c included in builds without PSA, which can break the build

> In this configuration, no code from `psa_util.c` should be included. IIRC (couldn't find much written discussion, there's some on https://github.com/Mbed-TLS/mbedtls/issues/7765#issuecomment-1847033548), it was intentional to include the the ECDSA raw2der/der2raw...

psa_util.c included in builds without PSA, which can break the build

Or we could just fix the code so that it works in all configs where the functions are currently defined. [Edited to add: implicit context: the original [mailing-list thread(https://lists.trustedfirmware.org/archives/list/[email protected]/thread/WGMVCPKOYERXFJWHKBK3Z47ERKTQMKLJ/) says...

psa_util.c included in builds without PSA, which can break the build

Ah, good point, we're not as tied by our compatibility promises as I thought we were: if the functions have never been working in configuration X, then indeed it's OK...

psa_util.c included in builds without PSA, which can break the build

Makes sense. So I'm happy going back to your original plan: remove those functions from non-PSA configs, where they never worked in the first place.