Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make bignum non-public #8155

Open
7 of 9 tasks
daverodgman opened this issue Sep 1, 2023 · 1 comment
Open
7 of 9 tasks

Make bignum non-public #8155

daverodgman opened this issue Sep 1, 2023 · 1 comment
Labels
api-break This issue/PR breaks the API and must wait for a new major version component-crypto Crypto primitives and low-level interfaces enhancement size-m Estimated task size: medium (~1w)

Comments

@daverodgman
Copy link
Contributor

daverodgman commented Sep 1, 2023
edited by gilles-peskine-arm
Loading

Remove bignum.h from the public interface.

This probably requires defining a simple replacement interface for importing/exporting bignums to replace APIs that currently expose mbedtls_mpi. Structs with private fields of type mbedtls_mpi will need to reference an internal bignum header to get this type.

  • remove bignum.h from the public include folder
  • define simple public interface for importing/exporting bignums. Probably just an array of bytes with a guarantee about byte order.
  • asn1.h, asn1write.h: mbedtls_asn1_get_mpi, mbedtls_asn1_write_mpi - move to replacement interface → Make ASN.1 integer writing independent of MPI type #9372 and Make ASN.1 integer parsing independent of MPI type #9373
  • dhm.h: this will be internal
  • ecp.h: this will be internal
  • pk.h: investigate MBEDTLS_PK_DEBUG_MPI
  • rsa.h: will be internal
  • ssl.h: some private mbedtls_mpi struct fields, only for DHM in TLS 1.2 which is being removed
  • x509_crt.h:remove mbedtls_x509write_crt_set_serial() (functionality covered by mbedtls_x509write_crt_set_serial_raw)

Other consequences:
@daverodgman daverodgman mentioned this issue Sep 12, 2023
Closed
@daverodgman daverodgman added enhancement component-crypto Crypto primitives and low-level interfaces api-break This issue/PR breaks the API and must wait for a new major version size-m Estimated task size: medium (~1w) labels Oct 11, 2023
@mpg
Copy link
Contributor

mpg commented Oct 23, 2023

  • ecp.h: this should probably be internal?

Note: we can't make ecp.h internal without a regression unless we've done #7292, #7293 and #7294 first. (To clarify, since those are investigation tasks: I'm not talking about just doing the investigations, but about actually executing the tasks that will result from those investigations.)

@gilles-peskine-arm gilles-peskine-arm mentioned this issue Apr 29, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api-break This issue/PR breaks the API and must wait for a new major version component-crypto Crypto primitives and low-level interfaces enhancement size-m Estimated task size: medium (~1w)
Projects
Backlog for Mbed TLS
Status: Mbed TLS 4.0 MUST
Mbed TLS 4.0 planning
Status: Planning needed
Mbed TLS Backlog
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mpg @daverodgman