psa-limitations.md - OpenGrok cross reference for /openthread-latest/third_party/mbedtls/repo/docs/architecture/psa-migration/psa-limitations.md

Lines Matching full:with
44 Currently, the PSA Crypto API can only perform FFDH with a limited set of
76 4. Implement RFC 7919, support DHE-RSA and DHE-PSK only in conjunction with it
85 As of early 2023, the plan is to go with option 2 in Mbed TLS 4.0, which has
179 OpenSSL picks saltlen = keylen - hashlen - 2 (tested with openssl 1.1.1f).
181 by default (tested with GnuTLS 3.6.13). FIPS 186-4 requires 0 <= saltlen <=
210 Files with "bad" in the name are expected to be invalid and rejected in tests.
214 server9-bad-mgfhash.crt (announcing mgf1(sha224), signed with another mgf)
216          Mask Algorithm: mgf1 with sha224
218 server9-bad-saltlen.crt (announcing saltlen = 0xDE, signed with another len)
220          Mask Algorithm: mgf1 with sha256
224          Mask Algorithm: mgf1 with sha1 (default)
228          Mask Algorithm: mgf1 with sha1 (default)
232          Mask Algorithm: mgf1 with sha224
236          Mask Algorithm: mgf1 with sha256
240          Mask Algorithm: mgf1 with sha384
244          Mask Algorithm: mgf1 with sha512
246 server9-with-ca.crt
248          Mask Algorithm: mgf1 with sha1 (default)
252          Mask Algorithm: mgf1 with sha1 (default)
255 These certificates are signed with a 2048-bit key. It appears that they are
263          Mask Algorithm: mgf1 with sha1 (default)
267          Mask Algorithm: mgf1 with sha1 (default)
271          Mask Algorithm: mgf1 with sha224
275          Mask Algorithm: mgf1 with sha256
279          Mask Algorithm: mgf1 with sha384
283          Mask Algorithm: mgf1 with sha512
286 These CRLs are signed with a 2048-bit key. It appears that they are
293          Mask Algorithm: mgf1 with sha1 (default)
297          Mask Algorithm: mgf1 with sha224
301          Mask Algorithm: mgf1 with sha256
305          Mask Algorithm: mgf1 with sha384
309          Mask Algorithm: mgf1 with sha512
312 These CSRs are signed with a 2048-bit key. It appears that they are
317 There's no question about what to do with TLS (any version); the only question
320 1. Doing all verifications with `PSA_ALG_RSA_PSS_ANY_SALT` - while this
322 2. Doing verifications with `PSA_ALG_RSA_PSS` when we're lucky and the encoded
324 Same issue as with the previous point, except more contained.
325 3. Reject all certificates with saltlen != hashlen. This includes all
326    certificates generated with OpenSSL using the default parameters, so it's