Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tls13-prototype non PSA for client #400

Open
wants to merge 1 commit into
base: tls13-prototype
Choose a base branch
from
Open

tls13-prototype non PSA for client #400

wants to merge 1 commit into from

Conversation

lhuang04
Copy link
Collaborator

@lhuang04 lhuang04 commented Sep 7, 2022

Notes:
Add non-PSA crypto support for the client when it uses TLS 1.3.
* Update include/mbedtls/check_config.h to allow
MBEDTLS_SSL_PROTO_TLS1_3 without MBEDTLS_PSA_CRYPTO_C
* Add non-PSA crypto support in TLS 1.3 implementation.
* Require MBEDTLS_USE_PSA_CRYPTO for the TLS 1.3: Client authentication, rsa_pss_rsae tests. It is because the padding is set to PSA_ALG_RSA_PSS in mbedtls_pk_sign_ext which is only for MBEDTLS_USE_PSA_CRYPTO.

Status

READY/IN DEVELOPMENT/HOLD

Requires Backporting

When there is a bug fix, it should be backported to all maintained and supported branches.
Changes do not have to be backported if:

  • This PR is a new feature\enhancement
  • This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch

Yes | NO
Which branch?

Migrations

If there is any API change, what's the incentive and logic for it.

YES | NO

Additional comments

Any additional information that could be of interest

Todos

  • Tests 
    tests/ssl-opt.sh -p -s -f "TLS 1.3: "
  • Documentation
  • Changelog updated
  • Backported

Steps to test or reproduce

Outline the steps to test or reproduce the PR here.

@lhuang04 lhuang04 changed the title Tls13 prototype non psa for client tls13-prototype non PSA for client Sep 7, 2022
@lhuang04
Add non-PSA support for TLS 1.3 client
d27a567 
Summary:
Add non-PSA crypto support for the client when it uses TLS 1.3.
* Update include/mbedtls/check_config.h to allow
MBEDTLS_SSL_PROTO_TLS1_3 without MBEDTLS_PSA_CRYPTO_C
* Add non-PSA crypto support in TLS 1.3 implementation.
* Require MBEDTLS_USE_PSA_CRYPTO for the TLS 1.3: Client authentication, rsa_pss_rsae tests. It is because the padding is set to [PSA_ALG_RSA_PSS](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/pk.c#L557) in `mbedtls_pk_sign_ext` which is only for MBEDTLS_USE_PSA_CRYPTO.

Test Plan:
```
tests/ssl-opt.sh -p -s -f "TLS 1.3: "
```

Reviewers:

Subscribers:

Tasks:

Tags:
@lhuang04 lhuang04 force-pushed the tls13-prototype_non_psa branch from 8dc03f8 to d27a567 Compare October 6, 2022 17:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@lhuang04