Finish side-porting commits from mbedtls-restricted that missed the split #318
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gilles-peskine-arm
added
bug
gilles-peskine-arm
added
needs: review
gilles-peskine-arm
force-pushed
the
prr_573-remainder-crypto
branch
from
4954750 to
73a1f37
Compare
AndrzejKurek
approved these changes
Nov 13, 2019
dgreen-arm
approved these changes
Nov 13, 2019
gilles-peskine-arm
removed
the
needs: review
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbed-crypto
that referenced
this pull request
Nov 15, 2019
* ARMmbed#292: Make psa_close_key(0) and psa_destroy_key(0) succeed * ARMmbed#299: Allow xxx_drbg_set_entropy_len before xxx_drbg_seed * ARMmbed#259: Check `len` against buffers size upper bound in PSA tests * ARMmbed#288: Add ECDSA tests with hash and key of different lengths * ARMmbed#305: CTR_DRBG: grab a nonce from the entropy source if needed * ARMmbed#316: Stop transactions from being reentrant * ARMmbed#317: getting_started: Make it clear that keys are passed in * ARMmbed#314: Fix pk_write with EC key to use a constant size for the private value * ARMmbed#298: Test a build without any asymmetric cryptography * ARMmbed#284: Fix some possibly-undefined variable warnings * ARMmbed#315: Define MBEDTLS_PK_SIGNATURE_MAX_SIZE * ARMmbed#318: Finish side-porting commits from mbedtls-restricted that missed the split
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When we split Mbed Crypto from Mbed TLS, we missed the last few commits in the restricted branch of Mbed TLS which were quarantined security fixes. These commits are present in the git history of Mbed TLS, but their effect was cancelled by the removal of crypto files, and the commits never appeared in Mbed Crypto.
We're fixing this through 3 pull requests:
pk.h, cherry-picked here forrsa.h.config-suite-b.h(throughtest-ref-configs.pl), provide the desired coverage, namely having some test fail if the maximum signature size is not calculated correctly, especially in a configuration where RSA is disabled and the smallest MPI is just large enough for ECC.(
#rNNNare private links.)This pull request deliberately omits the addition of a run of
programs/pkey/pk_signtoall.sh. While this would be desirable, it wasn't in scope of #r573, and was only added there as a non-regression test which is now performed through unit tests. A better approach to smoke-test sample programs would be through demo scripts as in Mbed-TLS/mbedtls#2698.Goal of this PR: all the commits that had gone missing are now present in Mbed Crypto.
Internal ref: IOTCRYPT-969