Skip to content

Remove all non ext apis #10439

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: development
Choose a base branch
from
Open

Remove all non ext apis #10439

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
97f6ade
Remove dependencies on mbedtls_pk_sign
Oct 2, 2025
851dd24
Remove dependencies on mbedtls_pk_verify
Oct 2, 2025
3b6389a
Remove mbedtls_ssl_write_handshake_msg as it now replaced by mbedtls_…
Oct 2, 2025
45daab5
Fix code style issues
Oct 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions library/pkcs7.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -704,9 +704,9 @@ static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7,
* failed to validate'.
*/
for (signer = &pkcs7->signed_data.signers; signer; signer = signer->next) {
ret = mbedtls_pk_verify(&pk_cxt, md_alg, hash,
mbedtls_md_get_size(md_info),
signer->sig.p, signer->sig.len);
ret = mbedtls_pk_verify_restartable(&pk_cxt, md_alg, hash,
mbedtls_md_get_size(md_info),
signer->sig.p, signer->sig.len, NULL);

if (ret == 0) {
break;
Expand Down
2 changes: 1 addition & 1 deletion library/ssl_client.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -943,7 +943,7 @@ int mbedtls_ssl_write_client_hello(mbedtls_ssl_context *ssl)
*/
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO);

if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
return ret;
}
Expand Down
5 changes: 0 additions & 5 deletions library/ssl_misc.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1441,11 +1441,6 @@ MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_write_handshake_msg_ext(mbedtls_ssl_context *ssl,
int update_checksum,
int force_flush);
static inline int mbedtls_ssl_write_handshake_msg(mbedtls_ssl_context *ssl)
{
return mbedtls_ssl_write_handshake_msg_ext(ssl, 1 /* update checksum */, 1 /* force flush */);
}

/*
* Write handshake message tail
*/
Expand Down
2 changes: 1 addition & 1 deletion library/ssl_msg.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5028,7 +5028,7 @@ int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl)

mbedtls_ssl_handshake_increment_state(ssl);

if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
return ret;
}
Expand Down
6 changes: 3 additions & 3 deletions library/ssl_tls.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4247,7 +4247,7 @@ static int ssl_write_hello_request(mbedtls_ssl_context *ssl)
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST;

if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
return ret;
}
Expand Down Expand Up @@ -6729,7 +6729,7 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)

mbedtls_ssl_handshake_increment_state(ssl);

if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
return ret;
}
Expand Down Expand Up @@ -7459,7 +7459,7 @@ int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl)
}
#endif

if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
return ret;
}
Expand Down
4 changes: 2 additions & 2 deletions library/ssl_tls12_client.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2565,7 +2565,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl)

mbedtls_ssl_handshake_increment_state(ssl);

if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
return ret;
}
Expand Down Expand Up @@ -2725,7 +2725,7 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl)

mbedtls_ssl_handshake_increment_state(ssl);

if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
return ret;
}
Expand Down
28 changes: 14 additions & 14 deletions library/ssl_tls12_server.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2017,7 +2017,7 @@ static int ssl_write_hello_verify_request(mbedtls_ssl_context *ssl)

mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT);

if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
return ret;
}
Expand Down Expand Up @@ -2315,7 +2315,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl)
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO;

ret = mbedtls_ssl_write_handshake_msg(ssl);
ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1);

MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello"));

Expand Down Expand Up @@ -2505,7 +2505,7 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl)
ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST;
MBEDTLS_PUT_UINT16_BE(total_dn_size, ssl->out_msg, 4 + ct_len + sa_len);

ret = mbedtls_ssl_write_handshake_msg(ssl);
ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1);

MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate request"));

Expand Down Expand Up @@ -2880,11 +2880,11 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl,
* after the call to ssl_prepare_server_key_exchange.
* ssl_write_server_key_exchange also takes care of incrementing
* ssl->out_msglen. */
if ((ret = mbedtls_pk_sign(mbedtls_ssl_own_key(ssl),
md_alg, hash, hashlen,
ssl->out_msg + ssl->out_msglen + 2,
out_buf_len - ssl->out_msglen - 2,
signature_len)) != 0) {
if ((ret = mbedtls_pk_sign_restartable(mbedtls_ssl_own_key(ssl),
md_alg, hash, hashlen,
ssl->out_msg + ssl->out_msglen + 2,
out_buf_len - ssl->out_msglen - 2,
signature_len, NULL)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret);
return ret;
}
Expand Down Expand Up @@ -2971,7 +2971,7 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl)

mbedtls_ssl_handshake_increment_state(ssl);

if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
return ret;
}
Expand Down Expand Up @@ -2999,7 +2999,7 @@ static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl)
}
#endif

if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
return ret;
}
Expand Down Expand Up @@ -3456,9 +3456,9 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl)
}
}

if ((ret = mbedtls_pk_verify(peer_pk,
md_alg, hash_start, hashlen,
ssl->in_msg + i, sig_len)) != 0) {
if ((ret = mbedtls_pk_verify_restartable(peer_pk,
md_alg, hash_start, hashlen,
ssl->in_msg + i, sig_len, NULL)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret);
return ret;
}
Expand Down Expand Up @@ -3521,7 +3521,7 @@ static int ssl_write_new_session_ticket(mbedtls_ssl_context *ssl)
*/
ssl->handshake->new_session_ticket = 0;

if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
return ret;
}
Expand Down
5 changes: 3 additions & 2 deletions library/x509write_crt.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -571,8 +571,9 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
}


if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg,
hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) {
if ((ret = mbedtls_pk_sign_restartable(ctx->issuer_key, ctx->md_alg,
hash, hash_length, sig, sizeof(sig), &sig_len,
NULL)) != 0) {
return ret;
}

Expand Down
4 changes: 2 additions & 2 deletions library/x509write_csr.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -217,8 +217,8 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
&hash_len) != PSA_SUCCESS) {
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
}
if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0,
sig, sig_size, &sig_len)) != 0) {
if ((ret = mbedtls_pk_sign_restartable(ctx->key, ctx->md_alg, hash, 0,
sig, sig_size, &sig_len, NULL)) != 0) {
return ret;
}

Expand Down
8 changes: 4 additions & 4 deletions programs/ssl/ssl_server2.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1243,10 +1243,10 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl,

switch (ctx->operation_type) {
case ASYNC_OP_SIGN:
ret = mbedtls_pk_sign(key_slot->pk,
ctx->md_alg,
ctx->input, ctx->input_len,
output, output_size, output_len);
ret = mbedtls_pk_sign_restartable(key_slot->pk,
ctx->md_alg,
ctx->input, ctx->input_len,
output, output_size, output_len, NULL);
break;
default:
mbedtls_printf(
Expand Down