-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove RSA-PSK key exchange #9613
Open
gilles-peskine-arm
wants to merge
28
commits into
Mbed-TLS:development
Choose a base branch
from
gilles-peskine-arm:remove-rsa-psk-key-exchange
base: development
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Remove RSA-PSK key exchange #9613
gilles-peskine-arm
wants to merge
28
commits into
Mbed-TLS:development
from
gilles-peskine-arm:remove-rsa-psk-key-exchange
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fix `mypy scripts/xxx.py`, `mypy tests/scripts/xxx.py`, `pylint scripts/xxx.py`, `pylint tests/scripts/xxx.py` failing to find `mbedtls_framework`. Signed-off-by: Gilles Peskine <[email protected]>
Start replacing the stringly typed KNOWN_TASKS by classes for each category of tasks, with a structure that matches the behavior. This commit introduces some transition code. No intended behavior change. Signed-off-by: Gilles Peskine <[email protected]>
Work on replacing the stringly typed KNOWN_TASKS by classes for each category of tasks, with a structure that matches the behavior. This commit migrates test coverage analysis. No intended behavior change. Signed-off-by: Gilles Peskine <[email protected]>
Work on the stringly typed KNOWN_TASKS by classes for each category of tasks, with a structure that matches the behavior. This commit migrates the code for driver-vs-reference analysis. To facilitate review, this commit preserves the layout of the data that parametrizes each task. The next commit will migrate the data. No intended behavior change. Signed-off-by: Gilles Peskine <[email protected]>
Work on the stringly typed KNOWN_TASKS by classes for each category of tasks, with a structure that matches the behavior. This commit migrates the data for driver-vs-reference analysis and gets rid of the transitional code that was using the old form of the data. No intended behavior change. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
No intended behavior change. Signed-off-by: Gilles Peskine <[email protected]>
No intended behavior change. Signed-off-by: Gilles Peskine <[email protected]>
No intended behavior change. Signed-off-by: Gilles Peskine <[email protected]>
No intended behavior change. Signed-off-by: Gilles Peskine <[email protected]>
No intended behavior change. Signed-off-by: Gilles Peskine <[email protected]>
This clears more than half of the test cases that are not executed. This also captures a few negative test cases that are executed. Subsequent commits will refine the filtering. Signed-off-by: Gilles Peskine <[email protected]>
… tests Some negative tests involving unsupported mechanisms are executed, because they're testing what happens if the mechanism is unsupported. Refine the ignore list for `test_suite_psa_crypto_generate_key.generated` and `test_suite_psa_crypto_op_fail.generated` accordingly. Signed-off-by: Gilles Peskine <[email protected]>
…aised Ignore certain test cases which either should not be generated or should be executed. For each ignore list entry, link to a GitHub issue whose definition of done includes removing the entry. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Our PSA crypto implementation does not and will not support SECP224K1. Signed-off-by: Gilles Peskine <[email protected]>
For each ignore list entry, link to a GitHub issue for its resolution, except for ssl-opt Valgrind tests which we never intend to run on the CI. Signed-off-by: Gilles Peskine <[email protected]>
For each ignore list entry, link to a GitHub issue for its resolution. Signed-off-by: Gilles Peskine <[email protected]>
For each ignore list entry, link to a GitHub issue for its resolution, except for a few configurations which there is a good reason to leave uncovered. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Remove the configuration option MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED and all code guarded by it. This remove support for the RSA-PSK key exchange in TLS 1.2. The test cases removed by this commit are specific to RSA-PSK, not incidentally using RSA-PSK when testing other features, so there is no loss of test coverage. Signed-off-by: Gilles Peskine <[email protected]>
The test cases removed by this commit are specific to RSA-PSK, not incidentally using RSA-PSK when testing other features, so there is no loss of test coverage. Signed-off-by: Gilles Peskine <[email protected]>
Remove mentions of MBEDTLS_KEY_EXCHANGE_RSA_PSK that were not guarded by the configuration option MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED. This finishes the removal of library code that supports the RSA-PSK key exchange in TLS 1.2. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Removing the now-duplicate internal macro is left for future work. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
gilles-peskine-arm
added
priority-high
High priority - will be reviewed soon
size-xs
Estimated task size: extra small (a few hours at most)
needs-preceding-pr
Requires another PR to be merged first
labels
Sep 20, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
component-tls
needs-preceding-pr
Requires another PR to be merged first
priority-high
High priority - will be reviewed soon
size-xs
Estimated task size: extra small (a few hours at most)
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Remove support for the RSA-PSK key exchange. Resolves #9681.
Status: Forks from #9593 for better CI feedback. Ready once rebased on top of the merge.
PR checklist