mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-31 19:21:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Code cleanup

Browse Source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2023-06-12 11:21:18 +02:00
parent 1051f856dc
commit 75a5a9c205
15 changed files with 65 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/mbedtls/dhm.h
View File

@ -66,7 +66,6 @@
#include "mbedtls/build_info.h" #include "mbedtls/build_info.h"
#include "mbedtls/bignum.h" #include "mbedtls/bignum.h"
#include <string.h>
/* /*
* DHM Error codes * DHM Error codes

2
include/mbedtls/psa_util.h
View File

@ -38,8 +38,6 @@
#include "mbedtls/pk.h" #include "mbedtls/pk.h"
#include "mbedtls/oid.h" #include "mbedtls/oid.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "mbedtls/ssl.h"
#include <string.h> #include <string.h>
/* Translations for symmetric crypto. */ /* Translations for symmetric crypto. */

6
include/mbedtls/ssl_ciphersuites.h
View File

@ -364,12 +364,6 @@ typedef enum {
#define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED #define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
#endif #endif
/* Key exchanges ephemeral */
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \
defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED
#endif
typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
#define MBEDTLS_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */ #define MBEDTLS_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */

33
library/ssl_client.c
View File

@ -277,37 +277,14 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl,
#if defined(PSA_WANT_ALG_FFDH) #if defined(PSA_WANT_ALG_FFDH)
if ((mbedtls_ssl_conf_is_tls13_enabled(ssl->conf) && if ((mbedtls_ssl_conf_is_tls13_enabled(ssl->conf) &&
mbedtls_ssl_tls13_named_group_is_dhe(*group_list))) { mbedtls_ssl_tls13_named_group_is_dhe(*group_list))) {
const char *ffdh_group = NULL; #if defined(MBEDTLS_DEBUG_C)
const char *ffdh_group = mbedtls_ssl_named_group_to_str(*group_list);
switch (*group_list) { MBEDTLS_SSL_DEBUG_MSG(3, ("NamedGroup: %s ( %x )",
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048: ffdh_group, *group_list));
ffdh_group = "ffdhe2048"; #endif
break;
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:
ffdh_group = "ffdhe3072";
break;
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:
ffdh_group = "ffdhe4096";
break;
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:
ffdh_group = "ffdhe6144";
break;
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:
ffdh_group = "ffdhe8192";
break;
default:
break;
}
if (ffdh_group == NULL) {
continue;
}
MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
MBEDTLS_PUT_UINT16_BE(*group_list, p, 0); MBEDTLS_PUT_UINT16_BE(*group_list, p, 0);
p += 2; p += 2;
MBEDTLS_SSL_DEBUG_MSG(3, ("NamedGroup: %s ( %x )",
ffdh_group, *group_list));
} }
#endif /* PSA_WANT_ALG_FFDH */ #endif /* PSA_WANT_ALG_FFDH */
} }

4
library/ssl_tls12_client.c
View File

@ -1714,7 +1714,7 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl,
uint16_t tls_id; uint16_t tls_id;
uint8_t ecpoint_len; uint8_t ecpoint_len;
mbedtls_ssl_handshake_params *handshake = ssl->handshake; mbedtls_ssl_handshake_params *handshake = ssl->handshake;
psa_key_type_t key_type = 0; psa_key_type_t key_type = PSA_KEY_TYPE_NONE;
size_t ec_bits = 0; size_t ec_bits = 0;
/* /*
@ -2014,7 +2014,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
uint16_t tls_id = 0; uint16_t tls_id = 0;
psa_key_type_t key_type = 0; psa_key_type_t key_type = PSA_KEY_TYPE_NONE;
mbedtls_ecp_group_id grp_id = mbedtls_pk_get_group_id(peer_pk); mbedtls_ecp_group_id grp_id = mbedtls_pk_get_group_id(peer_pk);
if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) { if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) {

4
library/ssl_tls12_server.c
View File

@ -2594,7 +2594,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
uint16_t tls_id = 0; uint16_t tls_id = 0;
psa_key_type_t key_type = 0; psa_key_type_t key_type = PSA_KEY_TYPE_NONE;
size_t key_len; size_t key_len;
mbedtls_pk_context *pk; mbedtls_pk_context *pk;
mbedtls_ecp_group_id grp_id; mbedtls_ecp_group_id grp_id;
@ -2961,7 +2961,7 @@ curve_matching_done:
const size_t header_size = 4; // curve_type(1), namedcurve(2), const size_t header_size = 4; // curve_type(1), namedcurve(2),
// data length(1) // data length(1)
const size_t data_length_size = 1; const size_t data_length_size = 1;
psa_key_type_t key_type = 0; psa_key_type_t key_type = PSA_KEY_TYPE_NONE;
size_t ec_bits = 0; size_t ec_bits = 0;
MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation.")); MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation."));

38
library/ssl_tls13_client.c
View File

@ -248,11 +248,6 @@ static int ssl_tls13_get_default_group_id(mbedtls_ssl_context *ssl,
((void) group_id); ((void) group_id);
#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ #endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
/*
* Add DHE named groups here.
* Pick first available DHE group compatible with TLS 1.3
*/
return ret; return ret;
} }
@ -386,7 +381,7 @@ static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end) const unsigned char *end)
{ {
#if defined(PSA_WANT_ALG_ECDH) #if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
const unsigned char *p = buf; const unsigned char *p = buf;
int selected_group; int selected_group;
int found = 0; int found = 0;
@ -413,6 +408,7 @@ static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl,
* then the client MUST abort the handshake with an "illegal_parameter" alert. * then the client MUST abort the handshake with an "illegal_parameter" alert.
*/ */
for (; *group_list != 0; group_list++) { for (; *group_list != 0; group_list++) {
#if defined(PSA_WANT_ALG_ECDH)
if (mbedtls_ssl_tls13_named_group_is_ecdhe(*group_list)) { if (mbedtls_ssl_tls13_named_group_is_ecdhe(*group_list)) {
if ((mbedtls_ssl_get_psa_curve_info_from_tls_id( if ((mbedtls_ssl_get_psa_curve_info_from_tls_id(
*group_list, NULL, NULL) == PSA_ERROR_NOT_SUPPORTED) || *group_list, NULL, NULL) == PSA_ERROR_NOT_SUPPORTED) ||
@ -421,10 +417,13 @@ static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl,
break; break;
} }
} }
#endif /* PSA_WANT_ALG_ECDH */
#if defined(PSA_WANT_ALG_FFDH)
if (mbedtls_ssl_tls13_named_group_is_dhe(*group_list)) { if (mbedtls_ssl_tls13_named_group_is_dhe(*group_list)) {
found = 1; found = 1;
break; break;
} }
#endif /* PSA_WANT_ALG_FFDH */
} }
/* Client MUST verify that the selected_group field does not /* Client MUST verify that the selected_group field does not
@ -446,12 +445,12 @@ static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl,
ssl->handshake->offered_group_id = selected_group; ssl->handshake->offered_group_id = selected_group;
return 0; return 0;
#else #else /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
(void) ssl; (void) ssl;
(void) buf; (void) buf;
(void) end; (void) end;
return MBEDTLS_ERR_SSL_BAD_CONFIG; return MBEDTLS_ERR_SSL_BAD_CONFIG;
#endif #endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
} }
/* /*
@ -497,25 +496,10 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl,
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) #if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) || if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) ||
mbedtls_ssl_tls13_named_group_is_dhe(group)) { mbedtls_ssl_tls13_named_group_is_dhe(group)) {
#if defined(PSA_WANT_ALG_ECDH) #if defined(MBEDTLS_DEBUG_C)
if (mbedtls_ssl_tls13_named_group_is_ecdhe(group)) { MBEDTLS_SSL_DEBUG_MSG(2,
if (mbedtls_ssl_get_psa_curve_info_from_tls_id(group, NULL, NULL) ("DHE group name: %s", mbedtls_ssl_named_group_to_str(group)));
== PSA_ERROR_NOT_SUPPORTED) { #endif
MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid TLS curve group id"));
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
MBEDTLS_SSL_DEBUG_MSG(
2,
("ECDH curve: %s", mbedtls_ssl_get_curve_name_from_tls_id(group)));
}
#endif /* PSA_WANT_ALG_ECDH */
#if defined(PSA_WANT_ALG_FFDH)
if (mbedtls_ssl_tls13_named_group_is_dhe(group)) {
MBEDTLS_SSL_DEBUG_MSG(2,
("DHE group name: %s", mbedtls_ssl_ffdh_name_from_group(group)));
}
#endif /* PSA_WANT_ALG_FFDH */
ret = mbedtls_ssl_tls13_read_public_ecdhe_share(ssl, p, end - p); ret = mbedtls_ssl_tls13_read_public_ecdhe_share(ssl, p, end - p);
if (ret != 0) { if (ret != 0) {
return ret; return ret;

13
library/ssl_tls13_generic.c
View File

@ -1514,9 +1514,9 @@ int mbedtls_ssl_tls13_read_public_ecdhe_share(mbedtls_ssl_context *ssl,
} }
static psa_status_t mbedtls_ssl_get_psa_ffdh_info_from_tls_id( static psa_status_t mbedtls_ssl_get_psa_ffdh_info_from_tls_id(
uint16_t tls_ecc_grp_reg_id, size_t *bits, psa_key_type_t *key_type) uint16_t tls_id, size_t *bits, psa_key_type_t *key_type)
{ {
switch (tls_ecc_grp_reg_id) { switch (tls_id) {
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048: case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:
*bits = 2048; *bits = 2048;
*key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); *key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919);
@ -1555,8 +1555,8 @@ int mbedtls_ssl_tls13_generate_and_write_dh_key_exchange(
size_t own_pubkey_len; size_t own_pubkey_len;
mbedtls_ssl_handshake_params *handshake = ssl->handshake; mbedtls_ssl_handshake_params *handshake = ssl->handshake;
size_t bits = 0; size_t bits = 0;
psa_key_type_t key_type = 0; psa_key_type_t key_type = PSA_KEY_TYPE_NONE;
psa_algorithm_t alg = 0; psa_algorithm_t alg = PSA_ALG_NONE;
size_t buf_size = (size_t) (end - buf); size_t buf_size = (size_t) (end - buf);
MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH/FFDH computation.")); MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH/FFDH computation."));
@ -1569,12 +1569,13 @@ int mbedtls_ssl_tls13_generate_and_write_dh_key_exchange(
} }
#endif #endif
#if defined(PSA_WANT_ALG_FFDH) #if defined(PSA_WANT_ALG_FFDH)
if (mbedtls_ssl_get_psa_ffdh_info_from_tls_id(named_group, &bits, &key_type) == PSA_SUCCESS) { if (mbedtls_ssl_get_psa_ffdh_info_from_tls_id(named_group, &bits,
&key_type) == PSA_SUCCESS) {
alg = PSA_ALG_FFDH; alg = PSA_ALG_FFDH;
} }
#endif #endif
if (key_type == 0) { if (key_type == PSA_KEY_TYPE_NONE) {
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
} }

10
library/ssl_tls13_keys.c
View File

@ -1487,12 +1487,10 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl)
if (mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id) || if (mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id) ||
mbedtls_ssl_tls13_named_group_is_dhe(handshake->offered_group_id)) { mbedtls_ssl_tls13_named_group_is_dhe(handshake->offered_group_id)) {
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) #if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
psa_algorithm_t alg = 0; psa_algorithm_t alg =
if (mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id)) { mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id) ?
alg = PSA_ALG_ECDH; PSA_ALG_ECDH : PSA_ALG_FFDH;
} else {
alg = PSA_ALG_FFDH;
}
/* Compute ECDH shared secret. */ /* Compute ECDH shared secret. */
psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;

8
programs/ssl/ssl_client2.c
View File

@ -757,10 +757,7 @@ int main(int argc, char *argv[])
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
unsigned char alloc_buf[MEMORY_HEAP_SIZE]; unsigned char alloc_buf[MEMORY_HEAP_SIZE];
#endif #endif
#if defined(MBEDTLS_ECP_LIGHT)
uint16_t group_list[CURVE_LIST_SIZE]; uint16_t group_list[CURVE_LIST_SIZE];
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP) #if defined(MBEDTLS_SSL_DTLS_SRTP)
unsigned char mki[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH]; unsigned char mki[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
size_t mki_len = 0; size_t mki_len = 0;
@ -1494,16 +1491,11 @@ usage:
} }
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_ECP_LIGHT) || \
(defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
defined(PSA_WANT_ALG_FFDH))
if (opt.curves != NULL) { if (opt.curves != NULL) {
if (parse_curves(opt.curves, group_list, CURVE_LIST_SIZE) != 0) { if (parse_curves(opt.curves, group_list, CURVE_LIST_SIZE) != 0) {
goto exit; goto exit;
} }
} }
#endif /* MBEDTLS_ECP_LIGHT ||
(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH) */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if (opt.sig_algs != NULL) { if (opt.sig_algs != NULL) {

7
programs/ssl/ssl_server2.c
View File

@ -1522,9 +1522,7 @@ int main(int argc, char *argv[])
#if defined(SNI_OPTION) #if defined(SNI_OPTION)
sni_entry *sni_info = NULL; sni_entry *sni_info = NULL;
#endif #endif
#if defined(MBEDTLS_ECP_LIGHT)
uint16_t group_list[CURVE_LIST_SIZE]; uint16_t group_list[CURVE_LIST_SIZE];
#endif
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
const char *alpn_list[ALPN_LIST_SIZE]; const char *alpn_list[ALPN_LIST_SIZE];
#endif #endif
@ -2388,16 +2386,11 @@ usage:
} }
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
#if defined(MBEDTLS_ECP_LIGHT) || \
(defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
defined(PSA_WANT_ALG_FFDH))
if (opt.curves != NULL) { if (opt.curves != NULL) {
if (parse_curves(opt.curves, group_list, CURVE_LIST_SIZE) != 0) { if (parse_curves(opt.curves, group_list, CURVE_LIST_SIZE) != 0) {
goto exit; goto exit;
} }
} }
#endif /* MBEDTLS_ECP_LIGHT ||
(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH) */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if (opt.sig_algs != NULL) { if (opt.sig_algs != NULL) {

41
programs/ssl/ssl_test_lib.c
View File

@ -449,7 +449,9 @@ void test_hooks_free(void)
#endif /* MBEDTLS_TEST_HOOKS */ #endif /* MBEDTLS_TEST_HOOKS */
uint16_t mbedtls_ssl_ffdh_group_from_name(const char *name) #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
defined(PSA_WANT_ALG_FFDH)
static uint16_t mbedtls_ssl_ffdh_group_from_name(const char *name)
{ {
if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE2048) == 0) { if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE2048) == 0) {
return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048; return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048;
@ -465,8 +467,9 @@ uint16_t mbedtls_ssl_ffdh_group_from_name(const char *name)
return 0; return 0;
} }
const uint16_t *mbedtls_ssl_ffdh_supported_groups(void) static const uint16_t *mbedtls_ssl_ffdh_supported_groups(void)
{ {
#if defined(PSA_WANT_ALG_FFDH)
static const uint16_t ffdh_groups[] = { static const uint16_t ffdh_groups[] = {
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048,
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072,
@ -475,19 +478,18 @@ const uint16_t *mbedtls_ssl_ffdh_supported_groups(void)
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192,
0 0
}; };
return ffdh_groups; return ffdh_groups;
#else
return NULL;
#endif
} }
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH */
#if defined(MBEDTLS_ECP_LIGHT) || \
(defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
defined(PSA_WANT_ALG_FFDH))
int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len) int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len)
{ {
char *p = (char *) curves; char *p = (char *) curves;
char *q = NULL; char *q = NULL;
size_t i = 0; size_t i = 0;
const mbedtls_ecp_curve_info *curve_cur = NULL;
if (strcmp(p, "none") == 0) { if (strcmp(p, "none") == 0) {
group_list[0] = 0; group_list[0] = 0;
@ -495,8 +497,13 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len
/* Leave room for a final NULL in curve list */ /* Leave room for a final NULL in curve list */
while (i < group_list_len - 1 && *p != '\0') { while (i < group_list_len - 1 && *p != '\0') {
q = p; q = p;
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
defined(PSA_WANT_ALG_FFDH)
uint16_t ffdh_group = 0; uint16_t ffdh_group = 0;
#endif
#if defined(MBEDTLS_ECP_LIGHT)
const mbedtls_ecp_curve_info *curve_cur = NULL;
#endif
/* Terminate the current string */ /* Terminate the current string */
while (*p != ',' && *p != '\0') { while (*p != ',' && *p != '\0') {
p++; p++;
@ -505,24 +512,36 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len
*p++ = '\0'; *p++ = '\0';
} }
#if defined(MBEDTLS_ECP_LIGHT)
if ((curve_cur = mbedtls_ecp_curve_info_from_name(q)) != NULL) { if ((curve_cur = mbedtls_ecp_curve_info_from_name(q)) != NULL) {
group_list[i++] = curve_cur->tls_id; group_list[i++] = curve_cur->tls_id;
} else if ((ffdh_group = mbedtls_ssl_ffdh_group_from_name(q)) != 0) { } else
#endif
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
defined(PSA_WANT_ALG_FFDH)
if ((ffdh_group = mbedtls_ssl_ffdh_group_from_name(q)) != 0) {
group_list[i++] = ffdh_group; group_list[i++] = ffdh_group;
} else { } else
#endif
{
mbedtls_printf("unknown curve %s\n", q); mbedtls_printf("unknown curve %s\n", q);
#if defined(MBEDTLS_ECP_LIGHT)
mbedtls_printf("supported curves: "); mbedtls_printf("supported curves: ");
for (curve_cur = mbedtls_ecp_curve_list(); for (curve_cur = mbedtls_ecp_curve_list();
curve_cur->grp_id != MBEDTLS_ECP_DP_NONE; curve_cur->grp_id != MBEDTLS_ECP_DP_NONE;
curve_cur++) { curve_cur++) {
mbedtls_printf("%s ", curve_cur->name); mbedtls_printf("%s ", curve_cur->name);
} }
#endif
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
defined(PSA_WANT_ALG_FFDH)
const uint16_t *supported_ffdh_group = mbedtls_ssl_ffdh_supported_groups(); const uint16_t *supported_ffdh_group = mbedtls_ssl_ffdh_supported_groups();
while (*supported_ffdh_group != 0) { while (*supported_ffdh_group != 0) {
mbedtls_printf("%s ", mbedtls_printf("%s ",
mbedtls_ssl_ffdh_name_from_group(*supported_ffdh_group)); mbedtls_ssl_ffdh_name_from_group(*supported_ffdh_group));
supported_ffdh_group++; supported_ffdh_group++;
} }
#endif
mbedtls_printf("\n"); mbedtls_printf("\n");
return -1; return -1;
} }
@ -541,7 +560,5 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len
return 0; return 0;
} }
#endif /* MBEDTLS_ECP_LIGHT ||
(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH) */
#endif /* !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) */ #endif /* !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) */

6
programs/ssl/ssl_test_lib.h
View File

@ -312,13 +312,7 @@ void test_hooks_free(void);
#endif /* !MBEDTLS_TEST_HOOKS */ #endif /* !MBEDTLS_TEST_HOOKS */
/* Helper functions for FFDH groups. */ /* Helper functions for FFDH groups. */
uint16_t mbedtls_ssl_ffdh_group_from_name(const char *name);
const uint16_t *mbedtls_ssl_ffdh_supported_groups(void);
#if defined(MBEDTLS_ECP_LIGHT) || \
(defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
defined(PSA_WANT_ALG_FFDH))
int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len); int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len);
#endif
#endif /* MBEDTLS_SSL_TEST_IMPOSSIBLE conditions: else */ #endif /* MBEDTLS_SSL_TEST_IMPOSSIBLE conditions: else */
#endif /* MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H */ #endif /* MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H */

8
tests/ssl-opt.sh
View File

@ -11289,7 +11289,7 @@ run_test "TLS 1.3: minimal feature sets - openssl" \
-c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
-c "<= ssl_tls13_process_server_hello" \ -c "<= ssl_tls13_process_server_hello" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "ECDH curve: x25519" \ -c "DHE group name: x25519" \
-c "=> ssl_tls13_process_server_hello" \ -c "=> ssl_tls13_process_server_hello" \
-c "<= parse encrypted extensions" \ -c "<= parse encrypted extensions" \
-c "Certificate verification flags clear" \ -c "Certificate verification flags clear" \
@ -11323,7 +11323,7 @@ run_test "TLS 1.3: minimal feature sets - gnutls" \
-c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
-c "<= ssl_tls13_process_server_hello" \ -c "<= ssl_tls13_process_server_hello" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "ECDH curve: x25519" \ -c "DHE group name: x25519" \
-c "=> ssl_tls13_process_server_hello" \ -c "=> ssl_tls13_process_server_hello" \
-c "<= parse encrypted extensions" \ -c "<= parse encrypted extensions" \
-c "Certificate verification flags clear" \ -c "Certificate verification flags clear" \
@ -11356,7 +11356,7 @@ run_test "TLS 1.3: alpn - openssl" \
-c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
-c "<= ssl_tls13_process_server_hello" \ -c "<= ssl_tls13_process_server_hello" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "ECDH curve: x25519" \ -c "DHE group name: x25519" \
-c "=> ssl_tls13_process_server_hello" \ -c "=> ssl_tls13_process_server_hello" \
-c "<= parse encrypted extensions" \ -c "<= parse encrypted extensions" \
-c "Certificate verification flags clear" \ -c "Certificate verification flags clear" \
@ -11392,7 +11392,7 @@ run_test "TLS 1.3: alpn - gnutls" \
-c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
-c "<= ssl_tls13_process_server_hello" \ -c "<= ssl_tls13_process_server_hello" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "ECDH curve: x25519" \ -c "DHE group name: x25519" \
-c "=> ssl_tls13_process_server_hello" \ -c "=> ssl_tls13_process_server_hello" \
-c "<= parse encrypted extensions" \ -c "<= parse encrypted extensions" \
-c "Certificate verification flags clear" \ -c "Certificate verification flags clear" \

2
tests/suites/test_suite_ssl.function
View File

@ -3591,7 +3591,7 @@ void ssl_ecjpake_set_password(int use_opaque_arg)
/* BEGIN_CASE */ /* BEGIN_CASE */
void elliptic_curve_get_properties() void elliptic_curve_get_properties()
{ {
psa_key_type_t psa_type = 0; psa_key_type_t psa_type = PSA_KEY_TYPE_NONE;
size_t psa_bits; size_t psa_bits;
MD_OR_USE_PSA_INIT(); MD_OR_USE_PSA_INIT();