Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MD: X.509 hashing #5157

Closed
6 tasks done
mpg opened this issue Nov 12, 2021 · 0 comments · Fixed by #5510
Closed
6 tasks done

MD: X.509 hashing #5157

mpg opened this issue Nov 12, 2021 · 0 comments · Fixed by #5510
Assignees
@silabs-PeterK
Labels
enhancement size-s Estimated task size: small (~2d)

Comments

@mpg
Copy link
Contributor

mpg commented Nov 12, 2021
edited by silabs-PeterK
Loading

Currently X.509 uses PSA for hashing only in some places. This task is to use it (conditionally on MBEDTLS_USE_PSA_CRYPTO) everywhere.

Provide a PSA version, using psa_hash_compute(), of all remaining calls to mbedtls_md() or mbedtls_sha1_ret(), namely:

  • mbedtls_md() in x509_crt_verifycrl() in x509_crt.c
  • mbedtls_md() in mbedtls_x509write_crt_der() in x509write_crt.c
  • mbedtls_sha1_ret() in mbedtls_x509write_crt_set_subject_key_identifier()inx509write_crt.c`
  • mbedtls_sha1_ret() in mbedtls_x509write_crt_set_authority_key_identifier()inx509write_crt.c`

Note: a helper function mbedtls_psa_translate_md() is available from mbedtls/psa_util.h.

While at it, in the following functions that already have PSA version, it currently uses the multi-part API (with psa_hash_operation_t) but can be simplified to use the single-part API psa_hash_compute():

  • x509_crt_check_signature()
  • mbedtls_x509write_csr_der_internal()
@mpg mpg added the size-s Estimated task size: small (~2d) label Nov 12, 2021
@mpg mpg mentioned this issue Nov 12, 2021
Closed
2 tasks
@mpg mpg mentioned this issue Nov 22, 2021
Closed
@mpg mpg changed the title Use PSA for hashing everywhere in X.509 MD: X.509 hashing Dec 7, 2021
@silabs-PeterK silabs-PeterK self-assigned this Feb 3, 2022
@silabs-PeterK silabs-PeterK mentioned this issue Feb 7, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@silabs-PeterK silabs-PeterK

Labels
enhancement size-s Estimated task size: small (~2d)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: MD: X.509 hashing SiliconLabs/mbedtls
2 participants
@mpg @silabs-PeterK