Remove domain parameters #8840
Merged
Remove domain parameters #8840
+120
−498
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gilles-peskine-arm
added
enhancement
needs-ci
This was referenced Feb 15, 2024
gilles-peskine-arm
force-pushed
the
domain_parameters-remove
branch
2 times, most recently
from
24b0bab to
f5e21e1
Compare
mpg
reviewed
Feb 23, 2024
library/psa_crypto_rsa.h
Outdated
| @@ -109,6 +109,15 @@ psa_status_t mbedtls_psa_rsa_export_public_key( | |||
| * entry point. | |||
| * | |||
| * \param[in] attributes The attributes for the RSA key to generate. | |||
| * \param[in] method Customization parameters for the key | |||
There was a problem hiding this comment.
I think later commits in #8815 renamed "method" to "production parameters" so this probably needs updating as well for consistency.
Remove the ability to select a custom public exponent via domain parameters in RSA key generation. The only way to select a custom public exponent is now to pass custom production parameters to psa_generate_key_ext(). A subsequent commit will remove domain parameters altogether from the API, thus this commit does not bother to update the documentation. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Only leave deprecated, minimal non-linkable functions. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
force-pushed
the
domain_parameters-remove
branch
from
f5e21e1 to
9b97d64
Compare
gilles-peskine-arm
changed the base branch from
development
to
gh-readonly-queue/development/pr-8838-0f63028809e775eb068b3575a1fd36f1ed917ff0
gilles-peskine-arm
changed the base branch from
gh-readonly-queue/development/pr-8838-0f63028809e775eb068b3575a1fd36f1ed917ff0
to
development
gilles-peskine-arm
added
needs-review
tom-daubney-arm
removed
the
needs-reviewer
library/psa_crypto.c
Outdated
| @@ -7576,11 +7426,8 @@ psa_status_t psa_generate_key_internal( | |||
| * that mbedtls_psa_rsa_generate_key() gets e via a new | |||
| * parameter instead. */ | |||
| psa_key_attributes_t override_attributes = *attributes; | |||
There was a problem hiding this comment.
Do we still need to copy this structure? Can't we just pass attributes to mbedtls_psa_rsa_generate_key()?
There was a problem hiding this comment.
Oh, duh, yes. And also the comment above is obsolete, that was the whole point of this change.
valeriosetti
previously approved these changes
Feb 26, 2024
mpg
reviewed
Feb 26, 2024
library/psa_crypto.c
Outdated
| unlock_status = psa_unregister_read_under_mutex(slot); | ||
|
|
||
| return (status == PSA_SUCCESS) ? unlock_status : status; | ||
| return psa_unregister_read(slot); |
There was a problem hiding this comment.
The code this replaces was calling psa_unregister_read_under_mutex(). Is the change intentional or was it missed during rebase?
There was a problem hiding this comment.
Rebase mistake. Not caught by testing yet (thanks Ryan), would have caused headaches once the Tsan testing is in place. Thanks for catching it!
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
force-pushed
the
domain_parameters-remove
branch
from
47ccb55 to
e22f6a9
Compare
tom-daubney-arm
requested review from
valeriosetti
and removed request for
tom-daubney-arm
valeriosetti
approved these changes
Feb 27, 2024
mpg
approved these changes
Feb 27, 2024
mpg
added
approved
Merged
via the queue into
Mbed-TLS:development
with commit Feb 27, 2024
ca21b24
4 of 6 checks passed
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Remove domain parameters from the PSA API, since we have an alternative way of choosing a custom public exponent for RSA keys and we don't intend to use them for anything else. Resolve #6495.
Continues #8815, will be rebased once that is merged.
Follow-up: #6496 (started in #7743, but removing domain parameters changing the deal).
PR checklist