ssl_server2 had a check that we never try to use a minor version lower
than 2 with DTLS, but that check is no longer needed, as there's no way
that would happen now that MBEDTLS_SSL_MINOR_VERSION_1 is no longer
public.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit removes the API
```
mbedtls_ssl_conf_ciphersuites_for_version()
```
which allows to configure lists of acceptable ciphersuites
for each supported version of SSL/TLS: SSL3, TLS 1.{0,1,2}.
With Mbed TLS 3.0, support for SSL3, TLS 1.0 and TLS 1.1
is dropped. Moreover, upcoming TLS 1.3 support has a different
notion of cipher suite and will require a different API.
This means that it's only for TLS 1.2 that we require
a ciphersuite configuration API, and
```
mbedtls_ssl_conf_ciphersuites()
```
can be used for that. The version-specific ciphersuite
configuration API `mbedtls_ssl_conf_ciphersuites_for_version()`,
in turn, is no longer needed.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Note that this error has a negligible probability with a "crypto-sized"
bound, but macroscopic probability with a small bound.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Since mbedtls_mpi_random() is not specific to ECC code, move it from
the ECP module to the bignum module.
This increases the code size in builds without short Weierstrass
curves (including builds without ECC at all) that do not optimize out
unused functions.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Commit adds the conditional definition of
MBEDTLS_ECDH_LEGACY_CONTEXT to ecdh.h.
MBEDTLS_ECDH_LEGACY_CONTEXT is only defined
if MBEDTLS_ECP_RESTARTABLE is definied.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit removes the definition of
MBEDTLS_ECDH_LEGACY_CONTEXT from config.h.
Additionally removes the unset calls to
MBEDTLS_ECDH_LEGACY_CONTEXT in all.sh.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Split operation start and the declaration of data lengths
to better align with the PSA Cryptography multipart AEAD
APIs.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
MBEDTLS_ECP_FIXED_POINT_OPTIM aims to speed up ecc multiplication performance.
We compute the comb table in runtime now. It is a costly operation.
This patch add a pre-computed table to initialize well-known curves. It speed up ECDSA signature verify process in runtime by using more ROM size.
Signed-off-by: kXuan <kxuanobj@gmail.com>
- the \internal note said that calling cipher_init() first would be made
mandatory later, but the documention of the ctx parameter already said
the context had to be initialized...
- the documentation was using the word initialize for two different
meanings (calling setup() vs calling init()), making the documentation
of the ctx parameter quite confusing (you must initialize before you can
initialize...)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Improve some length parameter descriptions, aligning
them with the descriptions for the one-shot
functions.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>