diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index f009a3169b..6742925f2a 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -71,7 +71,6 @@ int main(void) #define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE #define DFL_TRUNC_HMAC -1 #define DFL_RECSPLIT -1 -#define DFL_DHMLEN -1 #define DFL_RECONNECT 0 #define DFL_RECO_SERVER_NAME NULL #define DFL_RECO_DELAY 0 @@ -234,13 +233,6 @@ int main(void) #define USAGE_MAX_FRAG_LEN "" #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_DHM_C) -#define USAGE_DHMLEN \ - " dhmlen=%%d default: (library default: 1024 bits)\n" -#else -#define USAGE_DHMLEN -#endif - #if defined(MBEDTLS_SSL_ALPN) #define USAGE_ALPN \ " alpn=%%s default: \"\" (disabled)\n" \ @@ -433,7 +425,6 @@ int main(void) USAGE_GROUPS \ USAGE_SIG_ALGS \ USAGE_EARLY_DATA \ - USAGE_DHMLEN \ USAGE_KEY_OPAQUE_ALGS \ "\n" @@ -508,7 +499,6 @@ struct options { unsigned char mfl_code; /* code for maximum fragment length */ int trunc_hmac; /* negotiate truncated hmac or not */ int recsplit; /* enable record splitting? */ - int dhmlen; /* minimum DHM params len in bits */ int reconnect; /* attempt to resume session */ const char *reco_server_name; /* hostname of the server (re-connect) */ int reco_delay; /* delay in seconds before resuming session */ @@ -956,7 +946,6 @@ int main(int argc, char *argv[]) opt.mfl_code = DFL_MFL_CODE; opt.trunc_hmac = DFL_TRUNC_HMAC; opt.recsplit = DFL_RECSPLIT; - opt.dhmlen = DFL_DHMLEN; opt.reconnect = DFL_RECONNECT; opt.reco_server_name = DFL_RECO_SERVER_NAME; opt.reco_delay = DFL_RECO_DELAY; @@ -1388,11 +1377,6 @@ usage: if (opt.recsplit < 0 || opt.recsplit > 1) { goto usage; } - } else if (strcmp(p, "dhmlen") == 0) { - opt.dhmlen = atoi(q); - if (opt.dhmlen < 0) { - goto usage; - } } else if (strcmp(p, "query_config") == 0) { opt.query_config_mode = 1; query_config_ret = query_config(q); @@ -1898,12 +1882,6 @@ usage: } #endif -#if defined(MBEDTLS_DHM_C) - if (opt.dhmlen != DFL_DHMLEN) { - mbedtls_ssl_conf_dhm_min_bitlen(&conf, opt.dhmlen); - } -#endif - #if defined(MBEDTLS_SSL_ALPN) if (opt.alpn_string != NULL) { if ((ret = mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list)) != 0) { diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index d9e57018ae..dc7ca8f51c 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -58,7 +58,6 @@ int main(void) #endif #include "mbedtls/pk.h" -#include "mbedtls/dhm.h" /* Size of memory to be allocated for the heap, when using the library's memory * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ @@ -127,7 +126,6 @@ int main(void) #define DFL_EARLY_DATA -1 #define DFL_MAX_EARLY_DATA_SIZE ((uint32_t) -1) #define DFL_SIG_ALGS NULL -#define DFL_DHM_FILE NULL #define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM #define DFL_COOKIES 1 #define DFL_ANTI_REPLAY -1 @@ -192,9 +190,7 @@ int main(void) " note: if neither crt_file/key_file nor crt_file2/key_file2 are used,\n" \ " preloaded certificate(s) and key(s) are used if available\n" \ " key_pwd2=%%s Password for key specified by key_file2 argument\n" \ - " default: none\n" \ - " dhm_file=%%s File containing Diffie-Hellman parameters\n" \ - " default: preloaded parameters\n" + " default: none\n" #else #define USAGE_IO \ "\n" \ @@ -675,7 +671,6 @@ struct options { const char *groups; /* list of supported groups */ const char *sig_algs; /* supported TLS 1.3 signature algorithms */ const char *alpn_string; /* ALPN supported protocols */ - const char *dhm_file; /* the file with the DH parameters */ int extended_ms; /* allow negotiation of extended MS? */ int etm; /* allow negotiation of encrypt-then-MAC? */ int transport; /* TLS or DTLS? */ @@ -1590,9 +1585,6 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) ssl_async_key_context_t ssl_async_keys; #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) - mbedtls_dhm_context dhm; -#endif #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_context cache; #endif @@ -1681,9 +1673,6 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) memset(&ssl_async_keys, 0, sizeof(ssl_async_keys)); #endif -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) - mbedtls_dhm_init(&dhm); -#endif #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_init(&cache); #endif @@ -1793,7 +1782,6 @@ int main(int argc, char *argv[]) opt.max_early_data_size = DFL_MAX_EARLY_DATA_SIZE; #endif opt.sig_algs = DFL_SIG_ALGS; - opt.dhm_file = DFL_DHM_FILE; opt.transport = DFL_TRANSPORT; opt.cookies = DFL_COOKIES; opt.anti_replay = DFL_ANTI_REPLAY; @@ -1943,8 +1931,6 @@ usage: opt.key_file2 = q; } else if (strcmp(p, "key_pwd2") == 0) { opt.key_pwd2 = q; - } else if (strcmp(p, "dhm_file") == 0) { - opt.dhm_file = q; } #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) else if (strcmp(p, "async_operations") == 0) { @@ -2787,21 +2773,6 @@ usage: key_cert_init2 ? mbedtls_pk_get_name(&pkey2) : "none"); #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) - if (opt.dhm_file != NULL) { - mbedtls_printf(" . Loading DHM parameters..."); - fflush(stdout); - - if ((ret = mbedtls_dhm_parse_dhmfile(&dhm, opt.dhm_file)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_dhm_parse_dhmfile returned -0x%04X\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - } -#endif - #if defined(SNI_OPTION) if (opt.sni != NULL) { mbedtls_printf(" . Setting up SNI information..."); @@ -3269,22 +3240,6 @@ usage: } #endif -#if defined(MBEDTLS_DHM_C) - /* - * Use different group than default DHM group - */ -#if defined(MBEDTLS_FS_IO) - if (opt.dhm_file != NULL) { - ret = mbedtls_ssl_conf_dh_param_ctx(&conf, &dhm); - } -#endif - if (ret != 0) { - mbedtls_printf(" failed\n mbedtls_ssl_conf_dh_param returned -0x%04X\n\n", - (unsigned int) -ret); - goto exit; - } -#endif - if (opt.min_version != DFL_MIN_VERSION) { mbedtls_ssl_conf_min_tls_version(&conf, opt.min_version); } @@ -4284,10 +4239,6 @@ exit: #endif #endif -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) - mbedtls_dhm_free(&dhm); -#endif - #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) for (i = 0; (size_t) i < ssl_async_keys.slots_used; i++) { if (ssl_async_keys.slots[i].pk_owned) {