diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt new file mode 100644 index 0000000000..855265788e --- /dev/null +++ b/ChangeLog.d/remove-deprecated-items.txt @@ -0,0 +1,11 @@ +Removals + * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. Now only the + standard version (defined in RFC 9146) of DTLS connection ID is supported. + * Remove mbedtls_ssl_conf_min_version(), mbedtls_ssl_conf_max_version(), and + the associated constants MBEDTLS_SSL_MAJOR_VERSION_x and + MBEDTLS_SSL_MINOR_VERSION_y. Use mbedtls_ssl_conf_min_tls_version() and + mbedtls_ssl_conf_max_tls_version() with MBEDTLS_SSL_VERSION_TLS1_y instead. + Note that the new names of the new constants use the TLS protocol versions, + unlike the old constants whose names are based on internal encodings. + * Remove mbedtls_ssl_conf_sig_hashes(). Use mbedtls_ssl_conf_sig_algs() + instead. diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h index 2221e5b2e7..36641e18b6 100644 --- a/include/mbedtls/config_adjust_ssl.h +++ b/include/mbedtls/config_adjust_ssl.h @@ -51,7 +51,6 @@ #if !defined(MBEDTLS_SSL_PROTO_DTLS) #undef MBEDTLS_SSL_DTLS_ANTI_REPLAY #undef MBEDTLS_SSL_DTLS_CONNECTION_ID -#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT #undef MBEDTLS_SSL_DTLS_HELLO_VERIFY #undef MBEDTLS_SSL_DTLS_SRTP #undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index d18d0fadb8..827b96165f 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -533,28 +533,6 @@ */ #define MBEDTLS_SSL_DTLS_CONNECTION_ID -/** - * \def MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT - * - * Defines whether RFC 9146 (default) or the legacy version - * (version draft-ietf-tls-dtls-connection-id-05, - * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) - * is used. - * - * Set the value to 0 for the standard version, and - * 1 for the legacy draft version. - * - * \deprecated Support for the legacy version of the DTLS - * Connection ID feature is deprecated. Please - * switch to the standardized version defined - * in RFC 9146 enabled by utilizing - * MBEDTLS_SSL_DTLS_CONNECTION_ID without use - * of MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. - * - * Requires: MBEDTLS_SSL_DTLS_CONNECTION_ID - */ -#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0 - /** * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 55d832c354..628d5c7e71 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -280,15 +280,6 @@ * Various constants */ -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/* These are the high and low bytes of ProtocolVersion as defined by: - * - RFC 5246: ProtocolVersion version = { 3, 3 }; // TLS v1.2 - * - RFC 8446: see section 4.2.1 - */ -#define MBEDTLS_SSL_MAJOR_VERSION_3 3 -#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */ -#define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 */ -#endif /* MBEDTLS_DEPRECATED_REMOVED */ #define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */ #define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ @@ -466,14 +457,6 @@ /** \} name SECTION: Module settings */ -/* - * Default to standard CID mode - */ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) -#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0 -#endif - /* * Length of the verify data for secure renegotiation */ @@ -645,11 +628,7 @@ #define MBEDTLS_TLS_EXT_SIG_ALG_CERT 50 /* RFC 8446 TLS 1.3 */ #define MBEDTLS_TLS_EXT_KEY_SHARE 51 /* RFC 8446 TLS 1.3 */ -#if MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 #define MBEDTLS_TLS_EXT_CID 54 /* RFC 9146 DTLS 1.2 CID */ -#else -#define MBEDTLS_TLS_EXT_CID 254 /* Pre-RFC 9146 DTLS 1.2 CID */ -#endif #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */ @@ -887,7 +866,6 @@ typedef struct mbedtls_ssl_config mbedtls_ssl_config; /* Defined in library/ssl_misc.h */ typedef struct mbedtls_ssl_transform mbedtls_ssl_transform; typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params; -typedef struct mbedtls_ssl_sig_hash_set_t mbedtls_ssl_sig_hash_set_t; #if defined(MBEDTLS_X509_CRT_PARSE_C) typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert; #endif @@ -1502,10 +1480,6 @@ struct mbedtls_ssl_config { #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */ -#endif const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ @@ -3387,7 +3361,7 @@ int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len, * * \note The restrictions are enforced for all certificates in the * chain. However, signatures in the handshake are not covered - * by this setting but by \b mbedtls_ssl_conf_sig_hashes(). + * by this setting but by \b mbedtls_ssl_conf_sig_algs(). * * \param conf SSL configuration * \param profile Profile to use @@ -3729,41 +3703,6 @@ void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, const uint16_t *groups); #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2) -/** - * \brief Set the allowed hashes for signatures during the handshake. - * - * \note This only affects which hashes are offered and can be used - * for signatures during the handshake. Hashes for message - * authentication and the TLS PRF are controlled by the - * ciphersuite, see \c mbedtls_ssl_conf_ciphersuites(). Hashes - * used for certificate signature are controlled by the - * verification profile, see \c mbedtls_ssl_conf_cert_profile(). - * - * \deprecated Superseded by mbedtls_ssl_conf_sig_algs(). - * - * \note This list should be ordered by decreasing preference - * (preferred hash first). - * - * \note By default, all supported hashes whose length is at least - * 256 bits are allowed. This is the same set as the default - * for certificate verification - * (#mbedtls_x509_crt_profile_default). - * The preference order is currently unspecified and may - * change in future versions. - * - * \note New minor versions of Mbed TLS may extend this list, - * for example if new curves are added to the library. - * New minor versions of Mbed TLS will not remove items - * from this list unless serious security concerns require it. - * - * \param conf SSL configuration - * \param hashes Ordered list of allowed signature hashes, - * terminated by \c MBEDTLS_MD_NONE. - */ -void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, - const int *hashes); -#endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */ /** * \brief Configure allowed signature algorithms for use in TLS @@ -4110,28 +4049,6 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result(const mbedtls_ssl_context *ssl mbedtls_dtls_srtp_info *dtls_srtp_info); #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/** - * \brief Set the maximum supported version sent from the client side - * and/or accepted at the server side. - * - * See also the documentation of mbedtls_ssl_conf_min_version(). - * - * \note This ignores ciphersuites from higher versions. - * - * \note This function is deprecated and has been replaced by - * \c mbedtls_ssl_conf_max_tls_version(). - * - * \param conf SSL configuration - * \param major Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3) - * \param minor Minor version number - * (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2, - * #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3) - */ -void MBEDTLS_DEPRECATED mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major, - int minor); -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - /** * \brief Set the maximum supported version sent from the client side * and/or accepted at the server side. @@ -4150,45 +4067,6 @@ static inline void mbedtls_ssl_conf_max_tls_version(mbedtls_ssl_config *conf, conf->MBEDTLS_PRIVATE(max_tls_version) = tls_version; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/** - * \brief Set the minimum accepted SSL/TLS protocol version - * - * \note By default, all supported versions are accepted. - * Future versions of the library may disable older - * protocol versions by default if they become deprecated. - * - * \note The following versions are supported (if enabled at - * compile time): - * - (D)TLS 1.2: \p major = #MBEDTLS_SSL_MAJOR_VERSION_3, - * \p minor = #MBEDTLS_SSL_MINOR_VERSION_3 - * - TLS 1.3: \p major = #MBEDTLS_SSL_MAJOR_VERSION_3, - * \p minor = #MBEDTLS_SSL_MINOR_VERSION_4 - * - * Note that the numbers in the constant names are the - * TLS internal protocol numbers, and the minor versions - * differ by one from the human-readable versions! - * - * \note Input outside of the SSL_MAX_XXXXX_VERSION and - * SSL_MIN_XXXXX_VERSION range is ignored. - * - * \note After the handshake, you can call - * mbedtls_ssl_get_version_number() to see what version was - * negotiated. - * - * \note This function is deprecated and has been replaced by - * \c mbedtls_ssl_conf_min_tls_version(). - * - * \param conf SSL configuration - * \param major Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3) - * \param minor Minor version number - * (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2, - * #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3) - */ -void MBEDTLS_DEPRECATED mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major, - int minor); -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - /** * \brief Set the minimum supported version sent from the client side * and/or accepted at the server side. diff --git a/library/mbedtls_check_config.h b/library/mbedtls_check_config.h index cf5e981da0..82fef7481d 100644 --- a/library/mbedtls_check_config.h +++ b/library/mbedtls_check_config.h @@ -237,19 +237,6 @@ #error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)" #endif -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) && \ - !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -#error "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) && MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT != 0 -#if defined(MBEDTLS_DEPRECATED_REMOVED) -#error "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is deprecated and will be removed in a future version of Mbed TLS" -#elif defined(MBEDTLS_DEPRECATED_WARNING) -#warning "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is deprecated and will be removed in a future version of Mbed TLS" -#endif -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT && MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT != 0 */ - #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ !defined(MBEDTLS_SSL_PROTO_TLS1_2) #error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites" diff --git a/library/ssl_misc.h b/library/ssl_misc.h index b635fd9d0c..981ac0ecf1 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -712,11 +712,6 @@ struct mbedtls_ssl_handshake_params { unsigned char retransmit_state; /*!< Retransmission state */ #endif -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - unsigned char group_list_heap_allocated; - unsigned char sig_algs_heap_allocated; -#endif - #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) uint8_t ecrs_enabled; /*!< Handshake supports EC restart? */ enum { /* this complements ssl->state with info on intra-state operations */ @@ -2305,15 +2300,6 @@ static inline int mbedtls_ssl_named_group_is_supported(uint16_t named_group) /* * Return supported signature algorithms. - * - * In future, invocations can be changed to ssl->conf->sig_algs when - * mbedtls_ssl_conf_sig_hashes() is deleted. - * - * ssl->handshake->sig_algs is either a translation of sig_hashes to IANA TLS - * signature algorithm identifiers when mbedtls_ssl_conf_sig_hashes() has been - * used, or a pointer to ssl->conf->sig_algs when mbedtls_ssl_conf_sig_algs() has - * been more recently invoked. - * */ static inline const void *mbedtls_ssl_get_sig_algs( const mbedtls_ssl_context *ssl) @@ -2322,7 +2308,6 @@ static inline const void *mbedtls_ssl_get_sig_algs( #if !defined(MBEDTLS_DEPRECATED_REMOVED) if (ssl->handshake != NULL && - ssl->handshake->sig_algs_heap_allocated == 1 && ssl->handshake->sig_algs != NULL) { return ssl->handshake->sig_algs; } diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 5774bfc865..731cbc8ece 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -663,8 +663,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data, unsigned char *cur = add_data; size_t ad_len_field = rec->data_len; -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) const unsigned char seq_num_placeholder[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; #endif @@ -680,8 +679,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data, ((void) tls_version); ((void) taglen); -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if (rec->cid_len != 0) { // seq_num_placeholder memcpy(cur, seq_num_placeholder, sizeof(seq_num_placeholder)); @@ -711,24 +709,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data, memcpy(cur, rec->ver, sizeof(rec->ver)); cur += sizeof(rec->ver); -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 1 - - if (rec->cid_len != 0) { - // CID - memcpy(cur, rec->cid, rec->cid_len); - cur += rec->cid_len; - - // cid_length - *cur = rec->cid_len; - cur++; - - // length of inner plaintext - MBEDTLS_PUT_UINT16_BE(ad_len_field, cur, 0); - cur += 2; - } else -#elif defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if (rec->cid_len != 0) { // epoch + sequence number diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a997e41f32..8cf23f2d3b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1066,73 +1066,6 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) mbedtls_ssl_set_timer(ssl, 0); } #endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - /* Heap allocate and translate sig_hashes from internal hash identifiers to - signature algorithms IANA identifiers. */ - if (mbedtls_ssl_conf_is_tls12_only(ssl->conf) && - ssl->conf->sig_hashes != NULL) { - const int *md; - const int *sig_hashes = ssl->conf->sig_hashes; - size_t sig_algs_len = 0; - uint16_t *p; - - MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN - <= (SIZE_MAX - (2 * sizeof(uint16_t))), - "MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN too big"); - - for (md = sig_hashes; *md != MBEDTLS_MD_NONE; md++) { - if (mbedtls_ssl_hash_from_md_alg(*md) == MBEDTLS_SSL_HASH_NONE) { - continue; - } -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - sig_algs_len += sizeof(uint16_t); -#endif - -#if defined(MBEDTLS_RSA_C) - sig_algs_len += sizeof(uint16_t); -#endif - if (sig_algs_len > MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN) { - return MBEDTLS_ERR_SSL_BAD_CONFIG; - } - } - - if (sig_algs_len < MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN) { - return MBEDTLS_ERR_SSL_BAD_CONFIG; - } - - ssl->handshake->sig_algs = mbedtls_calloc(1, sig_algs_len + - sizeof(uint16_t)); - if (ssl->handshake->sig_algs == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - p = (uint16_t *) ssl->handshake->sig_algs; - for (md = sig_hashes; *md != MBEDTLS_MD_NONE; md++) { - unsigned char hash = mbedtls_ssl_hash_from_md_alg(*md); - if (hash == MBEDTLS_SSL_HASH_NONE) { - continue; - } -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - *p = ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA); - p++; -#endif -#if defined(MBEDTLS_RSA_C) - *p = ((hash << 8) | MBEDTLS_SSL_SIG_RSA); - p++; -#endif - } - *p = MBEDTLS_TLS_SIG_NONE; - ssl->handshake->sig_algs_heap_allocated = 1; - } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - { - ssl->handshake->sig_algs_heap_allocated = 0; - } -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ return 0; } @@ -2420,24 +2353,11 @@ psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type } #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2) -/* - * Set allowed/preferred hashes for handshake signatures - */ -void mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, - const int *hashes) -{ - conf->sig_hashes = hashes; -} -#endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */ /* Configure allowed signature algorithms for handshake */ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, const uint16_t *sig_algs) { -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - conf->sig_hashes = NULL; -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ conf->sig_algs = sig_algs; } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ @@ -2633,18 +2553,6 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result(const mbedtls_ssl_context *ssl } #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major, int minor) -{ - conf->max_tls_version = (mbedtls_ssl_protocol_version) ((major << 8) | minor); -} - -void mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major, int minor) -{ - conf->min_tls_version = (mbedtls_ssl_protocol_version) ((major << 8) | minor); -} -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - #if defined(MBEDTLS_SSL_SRV_C) void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf, char cert_req_ca_list) @@ -4460,20 +4368,8 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) return; } -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - if (ssl->handshake->group_list_heap_allocated) { - mbedtls_free((void *) handshake->group_list); - } - handshake->group_list = NULL; -#endif /* MBEDTLS_DEPRECATED_REMOVED */ -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) - if (ssl->handshake->sig_algs_heap_allocated) { - mbedtls_free((void *) handshake->sig_algs); - } handshake->sig_algs = NULL; #endif /* MBEDTLS_DEPRECATED_REMOVED */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 1840570488..0878480ea7 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -137,7 +137,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) } #endif //There may be other options to add : - // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes + // mbedtls_ssl_conf_cert_profile if (mbedtls_ssl_setup(&ssl, &conf) != 0) { goto exit; diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h index 342bbed91e..8260ef5e12 100644 --- a/tests/configs/tls13-only.h +++ b/tests/configs/tls13-only.h @@ -25,4 +25,3 @@ #undef MBEDTLS_SSL_DTLS_SRTP #undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE #undef MBEDTLS_SSL_DTLS_CONNECTION_ID -#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index 450bdebab1..c8b2287d71 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -342,23 +342,6 @@ component_test_variable_ssl_in_out_buffer_len () { tests/compat.sh } -component_test_dtls_cid_legacy () { - msg "build: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled (ASan build)" - scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 1 - - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy)" - make test - - msg "test: ssl-opt.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled" - tests/ssl-opt.sh - - msg "test: compat.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled" - tests/compat.sh -} - component_test_ssl_alloc_buffer_and_mfl () { msg "build: default config with memory buffer allocator and MFL extension" scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C