diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b10a56303..4b73b41a1 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -221,12 +221,6 @@ #define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096 0x0102 #define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144 0x0103 #define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 0x0104 -/* Finite Field Group Names (DHE) */ -#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE2048 "ffdhe2048" -#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE3072 "ffdhe3072" -#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE4096 "ffdhe4096" -#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE6144 "ffdhe6144" -#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE8192 "ffdhe8192" /* * TLS 1.3 Key Exchange Modes @@ -5339,23 +5333,4 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, } #endif -static inline const char *mbedtls_ssl_ffdh_name_from_group(uint16_t group) -{ - switch (group) { - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048: - return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE2048; - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072: - return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE3072; - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096: - return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE4096; - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144: - return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE6144; - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192: - return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE8192; - default: - return NULL; - } - return NULL; -} - #endif /* ssl.h */ diff --git a/library/ssl_client.c b/library/ssl_client.c index bc3a461a5..dee56c93a 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -277,11 +277,9 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl, #if defined(PSA_WANT_ALG_FFDH) if ((mbedtls_ssl_conf_is_tls13_enabled(ssl->conf) && mbedtls_ssl_tls13_named_group_is_dhe(*group_list))) { -#if defined(MBEDTLS_DEBUG_C) - const char *ffdh_group = mbedtls_ssl_named_group_to_str(*group_list); + MBEDTLS_SSL_DEBUG_MSG(3, ("NamedGroup: %s ( %x )", - ffdh_group, *group_list)); -#endif + mbedtls_ssl_named_group_to_str(*group_list), *group_list)); MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); MBEDTLS_PUT_UINT16_BE(*group_list, p, 0); p += 2; diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 17479b86e..2fbcdd438 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -496,10 +496,8 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl, #if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) || mbedtls_ssl_tls13_named_group_is_dhe(group)) { -#if defined(MBEDTLS_DEBUG_C) MBEDTLS_SSL_DEBUG_MSG(2, ("DHE group name: %s", mbedtls_ssl_named_group_to_str(group))); -#endif ret = mbedtls_ssl_tls13_read_public_ecdhe_share(ssl, p, end - p); if (ret != 0) { return ret; diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index fdb6a523a..37062b766 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -451,6 +451,14 @@ void test_hooks_free(void) #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ defined(PSA_WANT_ALG_FFDH) + +/* Finite Field Group Names (DHE) */ +#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE2048 "ffdhe2048" +#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE3072 "ffdhe3072" +#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE4096 "ffdhe4096" +#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE6144 "ffdhe6144" +#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE8192 "ffdhe8192" + static uint16_t mbedtls_ssl_ffdh_group_from_name(const char *name) { if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE2048) == 0) { @@ -469,7 +477,6 @@ static uint16_t mbedtls_ssl_ffdh_group_from_name(const char *name) static const uint16_t *mbedtls_ssl_ffdh_supported_groups(void) { -#if defined(PSA_WANT_ALG_FFDH) static const uint16_t ffdh_groups[] = { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, @@ -479,9 +486,25 @@ static const uint16_t *mbedtls_ssl_ffdh_supported_groups(void) 0 }; return ffdh_groups; -#else +} + +static inline const char *mbedtls_ssl_ffdh_name_from_group(uint16_t group) +{ + switch (group) { + case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048: + return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE2048; + case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072: + return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE3072; + case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096: + return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE4096; + case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144: + return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE6144; + case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192: + return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE8192; + default: + return NULL; + } return NULL; -#endif } #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH */ @@ -498,7 +521,7 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len while (i < group_list_len - 1 && *p != '\0') { q = p; #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH) + defined(PSA_WANT_ALG_FFDH) uint16_t ffdh_group = 0; #endif #if defined(MBEDTLS_ECP_LIGHT) @@ -518,7 +541,7 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len } else #endif #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH) + defined(PSA_WANT_ALG_FFDH) if ((ffdh_group = mbedtls_ssl_ffdh_group_from_name(q)) != 0) { group_list[i++] = ffdh_group; } else @@ -534,7 +557,7 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len } #endif #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH) + defined(PSA_WANT_ALG_FFDH) const uint16_t *supported_ffdh_group = mbedtls_ssl_ffdh_supported_groups(); while (*supported_ffdh_group != 0) { mbedtls_printf("%s ",