mirror of
https://github.com/ARMmbed/mbedtls.git
synced 2025-05-09 00:21:18 +08:00
ssl: remove support for MBEDTLS_DHM_C
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti
parent
461899e382
commit
15fd5c9925
@ -24,10 +24,6 @@
|
|||||||
#include "mbedtls/x509_crl.h"
|
#include "mbedtls/x509_crl.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_DHM_C)
|
|
||||||
#include "mbedtls/dhm.h"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include "mbedtls/md.h"
|
#include "mbedtls/md.h"
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED)
|
||||||
@ -1562,11 +1558,6 @@ struct mbedtls_ssl_config {
|
|||||||
|
|
||||||
const uint16_t *MBEDTLS_PRIVATE(group_list); /*!< allowed IANA NamedGroups */
|
const uint16_t *MBEDTLS_PRIVATE(group_list); /*!< allowed IANA NamedGroups */
|
||||||
|
|
||||||
#if defined(MBEDTLS_DHM_C)
|
|
||||||
mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */
|
|
||||||
mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
|
|
||||||
mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field
|
mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field
|
||||||
@ -1642,10 +1633,6 @@ struct mbedtls_ssl_config {
|
|||||||
|
|
||||||
unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad MAC */
|
unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad MAC */
|
||||||
|
|
||||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
|
|
||||||
unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the DHM prime */
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/** User data pointer or handle.
|
/** User data pointer or handle.
|
||||||
*
|
*
|
||||||
* The library sets this to \p 0 when creating a context and does not
|
* The library sets this to \p 0 when creating a context and does not
|
||||||
@ -3753,49 +3740,6 @@ void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf,
|
|||||||
#endif /* MBEDTLS_SSL_SRV_C */
|
#endif /* MBEDTLS_SSL_SRV_C */
|
||||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
|
|
||||||
/**
|
|
||||||
* \brief Set the Diffie-Hellman public P and G values
|
|
||||||
* from big-endian binary presentations.
|
|
||||||
* (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]_BIN)
|
|
||||||
*
|
|
||||||
* \param conf SSL configuration
|
|
||||||
* \param dhm_P Diffie-Hellman-Merkle modulus in big-endian binary form
|
|
||||||
* \param P_len Length of DHM modulus
|
|
||||||
* \param dhm_G Diffie-Hellman-Merkle generator in big-endian binary form
|
|
||||||
* \param G_len Length of DHM generator
|
|
||||||
*
|
|
||||||
* \return 0 if successful
|
|
||||||
*/
|
|
||||||
int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf,
|
|
||||||
const unsigned char *dhm_P, size_t P_len,
|
|
||||||
const unsigned char *dhm_G, size_t G_len);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* \brief Set the Diffie-Hellman public P and G values,
|
|
||||||
* read from existing context (server-side only)
|
|
||||||
*
|
|
||||||
* \param conf SSL configuration
|
|
||||||
* \param dhm_ctx Diffie-Hellman-Merkle context
|
|
||||||
*
|
|
||||||
* \return 0 if successful
|
|
||||||
*/
|
|
||||||
int mbedtls_ssl_conf_dh_param_ctx(mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx);
|
|
||||||
#endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
|
|
||||||
/**
|
|
||||||
* \brief Set the minimum length for Diffie-Hellman parameters.
|
|
||||||
* (Client-side only.)
|
|
||||||
* (Default: 1024 bits.)
|
|
||||||
*
|
|
||||||
* \param conf SSL configuration
|
|
||||||
* \param bitlen Minimum bit length of the DHM prime
|
|
||||||
*/
|
|
||||||
void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf,
|
|
||||||
unsigned int bitlen);
|
|
||||||
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Set the allowed groups in order of preference.
|
* \brief Set the allowed groups in order of preference.
|
||||||
*
|
*
|
||||||
|
|||||||
@ -763,10 +763,6 @@ struct mbedtls_ssl_handshake_params {
|
|||||||
const uint16_t *sig_algs;
|
const uint16_t *sig_algs;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_DHM_C)
|
|
||||||
mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED)
|
||||||
psa_key_type_t xxdh_psa_type;
|
psa_key_type_t xxdh_psa_type;
|
||||||
size_t xxdh_psa_bits;
|
size_t xxdh_psa_bits;
|
||||||
|
|||||||
@ -911,9 +911,6 @@ static void ssl_handshake_params_init(mbedtls_ssl_handshake_params *handshake)
|
|||||||
|
|
||||||
handshake->update_checksum = ssl_update_checksum_start;
|
handshake->update_checksum = ssl_update_checksum_start;
|
||||||
|
|
||||||
#if defined(MBEDTLS_DHM_C)
|
|
||||||
mbedtls_dhm_init(&handshake->dhm_ctx);
|
|
||||||
#endif
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||||
handshake->psa_pake_ctx = psa_pake_operation_init();
|
handshake->psa_pake_ctx = psa_pake_operation_init();
|
||||||
handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT;
|
handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
@ -2431,57 +2428,6 @@ psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type
|
|||||||
return PSA_SUCCESS;
|
return PSA_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
|
|
||||||
int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf,
|
|
||||||
const unsigned char *dhm_P, size_t P_len,
|
|
||||||
const unsigned char *dhm_G, size_t G_len)
|
|
||||||
{
|
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
|
||||||
|
|
||||||
mbedtls_mpi_free(&conf->dhm_P);
|
|
||||||
mbedtls_mpi_free(&conf->dhm_G);
|
|
||||||
|
|
||||||
if ((ret = mbedtls_mpi_read_binary(&conf->dhm_P, dhm_P, P_len)) != 0 ||
|
|
||||||
(ret = mbedtls_mpi_read_binary(&conf->dhm_G, dhm_G, G_len)) != 0) {
|
|
||||||
mbedtls_mpi_free(&conf->dhm_P);
|
|
||||||
mbedtls_mpi_free(&conf->dhm_G);
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
int mbedtls_ssl_conf_dh_param_ctx(mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx)
|
|
||||||
{
|
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
|
||||||
|
|
||||||
mbedtls_mpi_free(&conf->dhm_P);
|
|
||||||
mbedtls_mpi_free(&conf->dhm_G);
|
|
||||||
|
|
||||||
if ((ret = mbedtls_dhm_get_value(dhm_ctx, MBEDTLS_DHM_PARAM_P,
|
|
||||||
&conf->dhm_P)) != 0 ||
|
|
||||||
(ret = mbedtls_dhm_get_value(dhm_ctx, MBEDTLS_DHM_PARAM_G,
|
|
||||||
&conf->dhm_G)) != 0) {
|
|
||||||
mbedtls_mpi_free(&conf->dhm_P);
|
|
||||||
mbedtls_mpi_free(&conf->dhm_G);
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_SRV_C */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
|
|
||||||
/*
|
|
||||||
* Set the minimum length for Diffie-Hellman parameters
|
|
||||||
*/
|
|
||||||
void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf,
|
|
||||||
unsigned int bitlen)
|
|
||||||
{
|
|
||||||
conf->dhm_min_bitlen = bitlen;
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
/*
|
/*
|
||||||
@ -4537,10 +4483,6 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl)
|
|||||||
psa_hash_abort(&handshake->fin_sha384_psa);
|
psa_hash_abort(&handshake->fin_sha384_psa);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_DHM_C)
|
|
||||||
mbedtls_dhm_free(&handshake->dhm_ctx);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||||
psa_pake_abort(&handshake->psa_pake_ctx);
|
psa_pake_abort(&handshake->psa_pake_ctx);
|
||||||
/*
|
/*
|
||||||
@ -5551,10 +5493,6 @@ static int ssl_check_no_sig_alg_duplication(const uint16_t *sig_algs)
|
|||||||
int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf,
|
int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf,
|
||||||
int endpoint, int transport, int preset)
|
int endpoint, int transport, int preset)
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
|
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
if (ssl_check_no_sig_alg_duplication(ssl_preset_suiteb_sig_algs)) {
|
if (ssl_check_no_sig_alg_duplication(ssl_preset_suiteb_sig_algs)) {
|
||||||
mbedtls_printf("ssl_preset_suiteb_sig_algs has duplicated entries\n");
|
mbedtls_printf("ssl_preset_suiteb_sig_algs has duplicated entries\n");
|
||||||
@ -5629,21 +5567,6 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf,
|
|||||||
memset(conf->renego_period + 2, 0xFF, 6);
|
memset(conf->renego_period + 2, 0xFF, 6);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
|
|
||||||
if (endpoint == MBEDTLS_SSL_IS_SERVER) {
|
|
||||||
const unsigned char dhm_p[] =
|
|
||||||
MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN;
|
|
||||||
const unsigned char dhm_g[] =
|
|
||||||
MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN;
|
|
||||||
|
|
||||||
if ((ret = mbedtls_ssl_conf_dh_param_bin(conf,
|
|
||||||
dhm_p, sizeof(dhm_p),
|
|
||||||
dhm_g, sizeof(dhm_g))) != 0) {
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||||
@ -5733,10 +5656,6 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf,
|
|||||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
conf->group_list = ssl_preset_default_groups;
|
conf->group_list = ssl_preset_default_groups;
|
||||||
|
|
||||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
|
|
||||||
conf->dhm_min_bitlen = 1024;
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
@ -5751,11 +5670,6 @@ void mbedtls_ssl_config_free(mbedtls_ssl_config *conf)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_DHM_C)
|
|
||||||
mbedtls_mpi_free(&conf->dhm_P);
|
|
||||||
mbedtls_mpi_free(&conf->dhm_G);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) {
|
if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) {
|
||||||
conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
|
conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user