Manuel Pégourié-Gonnard

icon indicating a website link https://elzevir.fr/ icon indicating an email [email protected]

icon company ARM icon location Marseille, France icon location Passionate for free software, security, cryptography, and low-level coding. Enthusiastic, loves working in a team and sharing knowledge.

Results 57 issues of Manuel Pégourié-Gonnard

Driver-only hashes: TLS 1.2: `test_suite_ssl`

Currently, the common SSL modules have a declared dependency on `MBEDTLS_MD_C` (in `check_config.h`), and some parts (TLS 1.2, cookie) have declared dependencies on `MBEDTLS_SHA256_C || MBEDTLS_SHA384_C`. However, when `MBEDTLS_USE_PSA_CRYPTO` is...

enhancement
size-m

Driver-only hashes: X.509

Currently, the X.509 modules have a declared dependency on `MBEDTLS_MD_C` (in `check_config.h`). However, when `MBEDTLS_USE_PSA_CRYPTO` is enabled, no code in the X.509 library uses it, nor the low-level hash modules....

enhancement
size-m

Adjust hash dependencies in OID

The OID module holds data about various algorithms. It does not really depend on other modules, but still uses guards in order to avoid having useless data about algorithms that...

enhancement
size-s

Driver hashes rsa v21

4 comment

Implement #6098 **Gatekeeping notes:** no ChangeLog entry (part of a series, see #6146), no backport (new feature). This PR also constitutes an example of how to adapt crypto modules (not...

needs-work
needs-ci
priority-high

Adjust declared dependencies in test_suite_ecdsa

2 comment

Currently, dependencies in `test_suite_ecdsa` (both the data and the function file) are expressed in terms of `MBEDTLS_SHAxxx_C` macros. However, except for deterministic ECDSA, the ECDSA module doesn't compute hashes, and...

enhancement
size-s

Driver-only hashes: PKCS5

PKCS#5, aka [RFC 8018](https://datatracker.ietf.org/doc/html/rfc8018), is a standard for password-based encryption. It defines PBKDF2-HMAC and uses it to derived encryption keys from passwords. It can optionally be used by `pkparse.c` in...

enhancement
size-m

Driver-only hashes: PKCS12

PKCS12, aka [RFC 7292](https://datatracker.ietf.org/doc/html/rfc7292), is a standard for, among other things, representing private keys, possibly encrypted with a password. We implement part of this standard in `pkcs12.c` and optionally use...

enhancement
size-s

Driver only hashes: PEM

PEM is a format for encoding binary data into ASCII-only (using base64) and wrapping with some headers. It has the ability to encrypt content using a password, see [RFC 1421](https://datatracker.ietf.org/doc/html/rfc1421)....

enhancement
size-s

Extend typo check to test data/function files?

1 comment

We sometimes make typos in dependencies in test data/function files, resulting in a test that will be skipped in all builds. For example this happened [here](https://github.com/Mbed-TLS/mbedtls/blob/d5b1eb51db936cc760b9bc98777fcc2c7953b0ad/tests/suites/test_suite_x509parse.data#L298). This could probably be...

enhancement
size-s

Avoid use of MD in X.509 write test suite

Currently `test_suite_x.509` uses `mbedtls_md()` to compute a hash in `x509_crt_verifycsr()` - which depends on `MBEDTLS_USE_PSA_CRYPTO`. `psa_hash_compute()` should be used instead (unconditionally, considering the existing guards).

enhancement
size-s