Remove legacy API usage from `ssl_server2.c` #9978

davidhorstmann-arm · 2025-02-13T14:10:35Z

Part of implementing #9904

Remove uses of the legacy crypto API from ssl_server2.c. Changes needed are:

Remove the option to set custom DHM parameters with the dhm_file option. This removal is needed because the mbedtls_dhm functions are going away.
Rewrite the ssl_async_resume() function to remove the ASYNC_OP_DECRYPT operation and thereby remove the use of mbedtls_pk_sign(). This is going away anyway in Remove the RSA-decryption key exchange #9682 so there is no problem with removing it.

This task is done when ssl_server2.c no longer calls any legacy function.

Estimate: 6 Ideal Engineering Hours

The text was updated successfully, but these errors were encountered:

gilles-peskine-arm · 2025-02-13T14:18:36Z

Regarding ssl_async_resume: we're removing RSA-decryption authentication. As part of that, the mbedtls_ssl_async_decrypt_t callback is going away. So ssl_async_resume will no longer need to handle decryption.

davidhorstmann-arm added the size-m Estimated task size: medium (~1w) label Feb 13, 2025

davidhorstmann-arm added this to Mbed TLS 4.0 planning Feb 13, 2025

davidhorstmann-arm moved this to Implementation needed in Mbed TLS 4.0 planning Feb 13, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Remove legacy API usage from `ssl_server2.c` #9978

Remove legacy API usage from `ssl_server2.c` #9978

davidhorstmann-arm commented Feb 13, 2025 •

edited

Loading

gilles-peskine-arm commented Feb 13, 2025

Remove legacy API usage from ssl_server2.c #9978

Remove legacy API usage from ssl_server2.c #9978

Comments

davidhorstmann-arm commented Feb 13, 2025 • edited Loading

gilles-peskine-arm commented Feb 13, 2025

Remove legacy API usage from `ssl_server2.c` #9978

Remove legacy API usage from `ssl_server2.c` #9978

davidhorstmann-arm commented Feb 13, 2025 •

edited

Loading