lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-07 06:42:56 +03:00
Code Activity

Remove deprecated function mbedtls_ssl_conf_curves()

Browse Source 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard
2025-01-14 11:45:44 +01:00
parent 67ba14c0ba
commit 93d4591255
5 changed files with 1 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
include/mbedtls/ssl.h
View File

@@ -3813,54 +3813,6 @@ void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf,
unsigned int bitlen); unsigned int bitlen);
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_ECP_C)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/**
* \brief Set the allowed curves in order of preference.
*
* On server: this only affects selection of the ECDHE curve;
* the curves used for ECDH and ECDSA are determined by the
* list of available certificates instead.
*
* On client: this affects the list of curves offered for any
* use. The server can override our preference order.
*
* Both sides: limits the set of curves accepted for use in
* ECDHE and in the peer's end-entity certificate.
*
* \deprecated Superseded by mbedtls_ssl_conf_groups().
*
* \note This has no influence on which curves are allowed inside the
* certificate chains, see \c mbedtls_ssl_conf_cert_profile()
* for that. For the end-entity certificate however, the key
* will be accepted only if it is allowed both by this list
* and by the cert profile.
*
* \note This list should be ordered by decreasing preference
* (preferred curve first).
*
* \note The default list is the same set of curves that
* #mbedtls_x509_crt_profile_default allows, plus
* ECDHE-only curves selected according to the same criteria.
* The order favors curves with the lowest resource usage.
*
* \note New minor versions of Mbed TLS may extend this list,
* for example if new curves are added to the library.
* New minor versions of Mbed TLS will not remove items
* from this list unless serious security concerns require it.
* New minor versions of Mbed TLS may change the order in
* keeping with the general principle of favoring the lowest
* resource usage.
*
* \param conf SSL configuration
* \param curves Ordered list of allowed curves,
* terminated by MBEDTLS_ECP_DP_NONE.
*/
void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf,
const mbedtls_ecp_group_id *curves);
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_ECP_C */
/** /**
* \brief Set the allowed groups in order of preference. * \brief Set the allowed groups in order of preference.
* *
@@ -3872,13 +3824,6 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf,
* Both sides: limits the set of groups accepted for use in * Both sides: limits the set of groups accepted for use in
* key sharing. * key sharing.
* *
* \note This function replaces the deprecated mbedtls_ssl_conf_curves(),
* which only allows ECP curves to be configured.
*
* \note The most recent invocation of either mbedtls_ssl_conf_curves()
* or mbedtls_ssl_conf_groups() nullifies all previous invocations
* of both.
*
* \note This list should be ordered by decreasing preference * \note This list should be ordered by decreasing preference
* (preferred group first). * (preferred group first).
* *

21
library/ssl_tls.c
View File

@@ -2735,25 +2735,6 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf,
} }
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECP_C)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/*
* Set the allowed elliptic curves
*
* mbedtls_ssl_setup() takes the provided list
* and translates it to a list of IANA TLS group identifiers,
* stored in ssl->handshake->group_list.
*
*/
void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf,
const mbedtls_ecp_group_id *curve_list)
{
conf->curve_list = curve_list;
conf->group_list = NULL;
}
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_ECP_C */
/* /*
* Set the allowed groups * Set the allowed groups
*/ */
@@ -5594,7 +5575,7 @@ void mbedtls_ssl_config_init(mbedtls_ssl_config *conf)
/* The selection should be the same as mbedtls_x509_crt_profile_default in /* The selection should be the same as mbedtls_x509_crt_profile_default in
* x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters: * x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters:
* curves with a lower resource usage come first. * curves with a lower resource usage come first.
* See the documentation of mbedtls_ssl_conf_curves() for what we promise * See the documentation of mbedtls_ssl_conf_groups() for what we promise
* about this list. * about this list.
*/ */
static const uint16_t ssl_preset_default_groups[] = { static const uint16_t ssl_preset_default_groups[] = {

16
tests/scripts/analyze_outcomes.py
View File

@@ -429,10 +429,6 @@ class DriverVSReference_ecp_light_only(outcome_analysis.DriverVSReference):
re.compile(r'ECP point multiplication .*'), re.compile(r'ECP point multiplication .*'),
re.compile(r'ECP test vectors .*'), re.compile(r'ECP test vectors .*'),
], ],
'test_suite_ssl': [
# This deprecated function is only present when ECP_C is On.
'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
],
} }
class DriverVSReference_no_ecp_at_all(outcome_analysis.DriverVSReference): class DriverVSReference_no_ecp_at_all(outcome_analysis.DriverVSReference):
@@ -469,10 +465,6 @@ class DriverVSReference_no_ecp_at_all(outcome_analysis.DriverVSReference):
re.compile(r'Parse EC Key .*compressed\)'), re.compile(r'Parse EC Key .*compressed\)'),
re.compile(r'Parse Public EC Key .*compressed\)'), re.compile(r'Parse Public EC Key .*compressed\)'),
], ],
# See ecp_light_only
'test_suite_ssl': [
'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
],
} }
class DriverVSReference_ecc_no_bignum(outcome_analysis.DriverVSReference): class DriverVSReference_ecc_no_bignum(outcome_analysis.DriverVSReference):
@@ -516,10 +508,6 @@ class DriverVSReference_ecc_no_bignum(outcome_analysis.DriverVSReference):
'test_suite_debug': [ 'test_suite_debug': [
re.compile(r'Debug print mbedtls_mpi.*'), re.compile(r'Debug print mbedtls_mpi.*'),
], ],
# See ecp_light_only
'test_suite_ssl': [
'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
],
} }
class DriverVSReference_ecc_ffdh_no_bignum(outcome_analysis.DriverVSReference): class DriverVSReference_ecc_ffdh_no_bignum(outcome_analysis.DriverVSReference):
@@ -571,10 +559,6 @@ class DriverVSReference_ecc_ffdh_no_bignum(outcome_analysis.DriverVSReference):
'test_suite_debug': [ 'test_suite_debug': [
re.compile(r'Debug print mbedtls_mpi.*'), re.compile(r'Debug print mbedtls_mpi.*'),
], ],
# See ecp_light_only
'test_suite_ssl': [
'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
],
} }
class DriverVSReference_ffdh_alg(outcome_analysis.DriverVSReference): class DriverVSReference_ffdh_alg(outcome_analysis.DriverVSReference):

3
tests/suites/test_suite_ssl.data
View File

@@ -3086,9 +3086,6 @@ TLS 1.3: SRV: Session serialization, load buffer size
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_SRV_C depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_SRV_C
ssl_serialize_session_load_buf_size:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 ssl_serialize_session_load_buf_size:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3
Test configuration of groups for DHE through mbedtls_ssl_conf_curves()
conf_curve:
Test configuration of groups for DHE through mbedtls_ssl_conf_groups() Test configuration of groups for DHE through mbedtls_ssl_conf_groups()
conf_group: conf_group:

50
tests/suites/test_suite_ssl.function
View File

@@ -3009,56 +3009,6 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_C:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ECC_SECP_R1_224:PSA_WANT_ECC_SECP_R1_256 */
void conf_curve()
{
mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP192R1,
MBEDTLS_ECP_DP_SECP224R1,
MBEDTLS_ECP_DP_SECP256R1,
MBEDTLS_ECP_DP_NONE };
uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1,
MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1,
MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
mbedtls_ssl_config conf;
mbedtls_ssl_config_init(&conf);
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2);
mbedtls_ssl_conf_min_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2);
#else
mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_3);
mbedtls_ssl_conf_min_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_3);
#endif
mbedtls_ssl_conf_curves(&conf, curve_list);
mbedtls_ssl_context ssl;
mbedtls_ssl_init(&ssl);
MD_OR_USE_PSA_INIT();
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
TEST_ASSERT(ssl.handshake != NULL && ssl.handshake->group_list != NULL);
TEST_ASSERT(ssl.conf != NULL && ssl.conf->group_list == NULL);
TEST_EQUAL(ssl.handshake->
group_list[ARRAY_LENGTH(iana_tls_group_list) - 1],
MBEDTLS_SSL_IANA_TLS_GROUP_NONE);
for (size_t i = 0; i < ARRAY_LENGTH(iana_tls_group_list); i++) {
TEST_EQUAL(iana_tls_group_list[i], ssl.handshake->group_list[i]);
}
exit:
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
MD_OR_USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_DEPRECATED_REMOVED */ /* BEGIN_CASE depends_on:MBEDTLS_DEPRECATED_REMOVED */
void conf_group() void conf_group()
{ {