Skip to content

[mbedtls] Remove support for secp192[k|r]1 curves (part 2) #10522

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Dec 3, 2025
Merged

[mbedtls] Remove support for secp192[k|r]1 curves (part 2) #10522

merged 4 commits into from
Dec 3, 2025
+27 −15

Conversation

@valeriosetti
Copy link
Contributor

@valeriosetti valeriosetti commented Nov 28, 2025
edited by davidhorstmann-arm
Loading

Description

This is a prerequisite for Mbed-TLS/TF-PSA-Crypto#570
It depends on Mbed-TLS/mbedtls-framework#242

PR checklist

@valeriosetti
tests: x509parse: transition tests based on secp192 curves to secp256
5ae6c62 
After some analysis search it was determined that previous test data seem
not to belong to the "framework/data_files" certificate files. Therefore
new test data has been generated from scratch.

The improvement compared to the previous situation is that comments has
been added on top of each test in order to explain how to recreate new test
data.

Signed-off-by: Valerio Setti <[email protected]>
@valeriosetti valeriosetti added needs-ci Needs to pass CI tests needs-reviewer This PR needs someone to pick it up for review size-xs Estimated task size: extra small (a few hours at most) needs-review Every commit must be reviewed by at least two team members, priority-high High priority - will be reviewed soon labels Nov 28, 2025
@valeriosetti valeriosetti mentioned this pull request Nov 28, 2025
Open
4 tasks
@valeriosetti valeriosetti changed the title [mbedtls] Remove support for secp192[k|r]1 curves [mbedtls] Remove support for secp192[k|r]1 curves (part 2) Nov 28, 2025
@valeriosetti valeriosetti added the needs-preceding-pr Requires another PR to be merged first label Nov 28, 2025
@valeriosetti valeriosetti mentioned this pull request Nov 28, 2025
Merged
3 tasks
@valeriosetti valeriosetti force-pushed the issue568-mbedtls-part2 branch from 388bdd5 to 3e5d471 Compare December 1, 2025 08:52
@valeriosetti
Copy link
Contributor Author

valeriosetti commented Dec 1, 2025

I had to add a new commit updating tf-psa-crypto to make CI happy (check_names component). Changes being introduced there are not related to this PR.

@valeriosetti valeriosetti removed the needs-ci Needs to pass CI tests label Dec 2, 2025
@valeriosetti valeriosetti force-pushed the issue568-mbedtls-part2 branch 2 times, most recently from 0ea3ce4 to be178b5 Compare December 2, 2025 16:19
@valeriosetti valeriosetti removed the needs-preceding-pr Requires another PR to be merged first label Dec 2, 2025
@valeriosetti valeriosetti force-pushed the issue568-mbedtls-part2 branch from be178b5 to 97b03b1 Compare December 3, 2025 08:46
@valeriosetti
tests: x509parse: replace certificates using secp192 with those using…
725e3f1 
… secp256

This replacement is either:
- "server5-rsa-signed.crt": if a generic secp256r1 EC key is enough, i.e.
	any EC key is fine as it's not secp192 since this support is being
	removed from TF-PSA-Crypto.
- "server11-rsa-signed.crt": if an EC key which does not belong to "suite-b"
	is required. For this case "secp256r1" wouldn't be good, so we use
	a "secp256k1" key.

Signed-off-by: Valerio Setti <[email protected]>
@valeriosetti
framework: update reference
35d90d1 
Signed-off-by: Valerio Setti <[email protected]>
@valeriosetti
tf-psa-crypto: update reference
d36ed4a 
Signed-off-by: Valerio Setti <[email protected]>
@valeriosetti valeriosetti force-pushed the issue568-mbedtls-part2 branch from 97b03b1 to d36ed4a Compare December 3, 2025 12:03
mpg
mpg approved these changes Dec 3, 2025
View reviewed changes
Copy link
Contributor

@mpg mpg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@valeriosetti valeriosetti removed the needs-reviewer This PR needs someone to pick it up for review label Dec 3, 2025
davidhorstmann-arm
davidhorstmann-arm approved these changes Dec 3, 2025
View reviewed changes
Copy link
Contributor

@davidhorstmann-arm davidhorstmann-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

A special thanks for documenting how you generated everything so well!

@github-project-automation github-project-automation bot moved this from In Development to Has Approval in Roadmap pull requests (new board) Dec 3, 2025
@davidhorstmann-arm davidhorstmann-arm added approved Design and code approved - may be waiting for CI or backports and removed needs-review Every commit must be reviewed by at least two team members, labels Dec 3, 2025
@davidhorstmann-arm davidhorstmann-arm added this pull request to the merge queue Dec 3, 2025
@davidhorstmann-arm davidhorstmann-arm removed this pull request from the merge queue due to a manual request Dec 3, 2025
@davidhorstmann-arm davidhorstmann-arm added this pull request to the merge queue Dec 3, 2025
@davidhorstmann-arm
Copy link
Contributor

davidhorstmann-arm commented Dec 3, 2025

Note for posterity that this PR does not depend on Mbed-TLS/TF-PSA-Crypto#570 (instead this PR depends on that one). The update to tf-psa-crypto in this PR is to the head of development, not the head of Mbed-TLS/TF-PSA-Crypto#570.

As a result it's fine to merge.

Merged via the queue into Mbed-TLS:development with commit 8f66d59 Dec 3, 2025
3 of 4 checks passed
@github-project-automation github-project-automation bot moved this from Has Approval to Done in Roadmap pull requests (new board) Dec 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mpg mpg mpg approved these changes

@davidhorstmann-arm davidhorstmann-arm davidhorstmann-arm approved these changes

Assignees

No one assigned

Labels

approved Design and code approved - may be waiting for CI or backports priority-high High priority - will be reviewed soon size-xs Estimated task size: extra small (a few hours at most)

Projects

Roadmap pull requests (new board)
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@valeriosetti @davidhorstmann-arm @mpg