diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 9cba94e9b3..5305425e7b 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3364,10 +3364,6 @@ int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len, /** * \brief Set the X.509 security profile used for verification * - * \note The restrictions are enforced for all certificates in the - * chain. However, signatures in the handshake are not covered - * by this setting but by \b mbedtls_ssl_conf_sig_hashes(). - * * \param conf SSL configuration * \param profile Profile to use */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 72dc9418f2..f045f8d5a3 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2310,11 +2310,7 @@ static inline int mbedtls_ssl_named_group_is_supported(uint16_t named_group) /* * Return supported signature algorithms. * - * In future, invocations can be changed to ssl->conf->sig_algs when - * mbedtls_ssl_conf_sig_hashes() is deleted. - * * ssl->handshake->sig_algs is either a translation of sig_hashes to IANA TLS - * signature algorithm identifiers when mbedtls_ssl_conf_sig_hashes() has been * used, or a pointer to ssl->conf->sig_algs when mbedtls_ssl_conf_sig_algs() has * been more recently invoked. * diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 1840570488..0878480ea7 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -137,7 +137,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) } #endif //There may be other options to add : - // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes + // mbedtls_ssl_conf_cert_profile if (mbedtls_ssl_setup(&ssl, &conf) != 0) { goto exit; diff --git a/tf-psa-crypto b/tf-psa-crypto index fc1dca6195..5df033ee3c 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit fc1dca61954ee58701a47ba24cc27004e05440b2 +Subproject commit 5df033ee3cb9e0c05262bc57b821ca20b9483b54