ssl_write_supported_groups_ext(): add support for ffdh keys

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2023-05-18 14:10:02 +02:00
parent 383f471bf4
commit 060012c5fd

View File

@ -274,8 +274,40 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl,
*group_list));
}
#endif /* MBEDTLS_ECP_LIGHT */
/* Add DHE groups here */
if ((mbedtls_ssl_conf_is_tls13_enabled(ssl->conf) &&
mbedtls_ssl_tls13_named_group_is_dhe(*group_list))) {
const char *ffdh_group = NULL;
switch (*group_list) {
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:
ffdh_group = "ffdhe2048";
break;
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:
ffdh_group = "ffdhe3072";
break;
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:
ffdh_group = "ffdhe4096";
break;
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:
ffdh_group = "ffdhe6144";
break;
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:
ffdh_group = "ffdhe8192";
break;
default:
break;
}
if (ffdh_group == NULL) {
continue;
}
MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
MBEDTLS_PUT_UINT16_BE(*group_list, p, 0);
p += 2;
MBEDTLS_SSL_DEBUG_MSG(3, ("NamedGroup: %s ( %x )",
ffdh_group, *group_list));
}
/* Length of named_group_list */