From 01c7356944a03756b5c686b1545830fdb4b2a685 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 27 Oct 2023 17:03:20 +0800 Subject: [PATCH 1/5] Add deprecated flag in document for sig_hashes Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 03a8b1f14..ed54926dc 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3751,6 +3751,8 @@ void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, * used for certificate signature are controlled by the * verification profile, see \c mbedtls_ssl_conf_cert_profile(). * + * \deprecated Superseded by mbedtls_ssl_conf_sig_algs(). + * * \note This list should be ordered by decreasing preference * (preferred hash first). * From 83536c23f334ec30c28ab56f99f194fca5a32e9f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 30 Oct 2023 16:17:34 +0800 Subject: [PATCH 2/5] Add translation ruler into document Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index ed54926dc..8a35c2b89 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3751,7 +3751,8 @@ void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, * used for certificate signature are controlled by the * verification profile, see \c mbedtls_ssl_conf_cert_profile(). * - * \deprecated Superseded by mbedtls_ssl_conf_sig_algs(). + * \deprecated Superseded by `mbedtls_ssl_conf_sig_algs()`. See + * `mbedtls_ssl_conf_sig_algs()` also. * * \note This list should be ordered by decreasing preference * (preferred hash first). @@ -3783,7 +3784,9 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, * \param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms, * terminated by \c MBEDTLS_TLS1_3_SIG_NONE. The list must remain * available throughout the lifetime of the conf object. Supported - * values are available as \c MBEDTLS_TLS1_3_SIG_XXXX + * values are available as \c MBEDTLS_TLS1_3_SIG_XXXX . Using + * this for TLS 1.2, items in this parameter should be + * `(HashAlgorithm << 8) | SignatureAlgorithm`. */ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, const uint16_t *sig_algs); From 2c46ca3474e585ab6f0dacb6ef1245123b1d2cde Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 30 Oct 2023 17:32:20 +0800 Subject: [PATCH 3/5] fix various issues Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 8a35c2b89..5ebb00f7d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3751,8 +3751,7 @@ void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, * used for certificate signature are controlled by the * verification profile, see \c mbedtls_ssl_conf_cert_profile(). * - * \deprecated Superseded by `mbedtls_ssl_conf_sig_algs()`. See - * `mbedtls_ssl_conf_sig_algs()` also. + * \deprecated Superseded by mbedtls_ssl_conf_sig_algs(). * * \note This list should be ordered by decreasing preference * (preferred hash first). @@ -3778,7 +3777,7 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, #endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */ /** - * \brief Configure allowed signature algorithms for use in TLS 1.3 + * \brief Configure allowed signature algorithms * * \param conf The SSL configuration to use. * \param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms, @@ -3786,7 +3785,7 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, * available throughout the lifetime of the conf object. Supported * values are available as \c MBEDTLS_TLS1_3_SIG_XXXX . Using * this for TLS 1.2, items in this parameter should be - * `(HashAlgorithm << 8) | SignatureAlgorithm`. + * "(HashAlgorithm << 8) | SignatureAlgorithm". */ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, const uint16_t *sig_algs); From 53c4a0da071d7351a807206a41e700bc2d1aae9d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 9 Nov 2023 10:38:17 +0800 Subject: [PATCH 4/5] Improve documents Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 5ebb00f7d..67ca19232 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3781,11 +3781,12 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, * * \param conf The SSL configuration to use. * \param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms, - * terminated by \c MBEDTLS_TLS1_3_SIG_NONE. The list must remain - * available throughout the lifetime of the conf object. Supported - * values are available as \c MBEDTLS_TLS1_3_SIG_XXXX . Using - * this for TLS 1.2, items in this parameter should be - * "(HashAlgorithm << 8) | SignatureAlgorithm". + * terminated by #MBEDTLS_TLS1_3_SIG_NONE. The list must remain + * available throughout the lifetime of the conf object. + * - For TLS 1.3, values of \c MBEDTLS_TLS1_3_SIG_XXXX should be + * used. + * - For TLS 1.2, values should be given as + * "(HashAlgorithm << 8) | SignatureAlgorithm". */ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, const uint16_t *sig_algs); From 1b23bce4a27c55fac791256feeb126d00d67b31d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 13 Nov 2023 13:45:14 +0800 Subject: [PATCH 5/5] improve brief description of conf_sig_algs Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 67ca19232..6cb703523 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3777,7 +3777,7 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, #endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */ /** - * \brief Configure allowed signature algorithms + * \brief Configure allowed signature algorithms for use in TLS * * \param conf The SSL configuration to use. * \param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms,