From 7581c11fc76a9001b2f26d5ba39d9937663cd206 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 20 Dec 2021 22:25:41 +0800 Subject: [PATCH] Remove tls13_write_supported_groups_ext Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 159 +------------------------------------ 1 file changed, 1 insertion(+), 158 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 31d7dafdb9..5b6aee1f83 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -115,163 +115,6 @@ static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -/* - * Functions for writing supported_groups extension. - * - * Stucture of supported_groups: - * enum { - * secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019), - * x25519(0x001D), x448(0x001E), - * ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102), - * ffdhe6144(0x0103), ffdhe8192(0x0104), - * ffdhe_private_use(0x01FC..0x01FF), - * ecdhe_private_use(0xFE00..0xFEFF), - * (0xFFFF) - * } NamedGroup; - * struct { - * NamedGroup named_group_list<2..2^16-1>; - * } NamedGroupList; - */ -#if defined(MBEDTLS_ECDH_C) -/* - * In versions of TLS prior to TLS 1.3, this extension was named - * 'elliptic_curves' and only contained elliptic curve groups. - */ -static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len ) -{ - unsigned char *p = buf; - - *out_len = 0; - - const uint16_t *group_list = mbedtls_ssl_get_groups( ssl ); - - if( group_list == NULL ) - return( MBEDTLS_ERR_SSL_BAD_CONFIG ); - - for ( ; *group_list != 0; group_list++ ) - { - const mbedtls_ecp_curve_info *curve_info; - curve_info = mbedtls_ecp_curve_info_from_tls_id( *group_list ); - if( curve_info == NULL ) - continue; - - if( !mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) ) - continue; - - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2); - MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 ); - p += 2; - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )", - curve_info->name, *group_list ) ); - } - - *out_len = p - buf; - - return( 0 ); -} -#else -static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len ) -{ - ((void) ssl); - ((void) buf); - ((void) end); - *out_len = 0; - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); -} -#endif /* MBEDTLS_ECDH_C */ - -static int ssl_tls13_write_named_group_list_dhe( mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len ) -{ - ((void) ssl); - ((void) buf); - ((void) end); - *out_len = 0; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "write_named_group_dhe is not implemented" ) ); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); -} - -static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len ) -{ - unsigned char *p = buf ; - unsigned char *named_group_list; /* Start of named_group_list */ - size_t named_group_list_len; /* Length of named_group_list */ - size_t output_len = 0; - int ret_ecdhe, ret_dhe; - - *out_len = 0; - - if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) ) - return( 0 ); - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_groups extension" ) ); - - /* Check if we have space for header and length fields: - * - extension_type (2 bytes) - * - extension_data_length (2 bytes) - * - named_group_list_length (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); - p += 6; - - named_group_list = p; - ret_ecdhe = ssl_tls13_write_named_group_list_ecdhe( ssl, p, end, &output_len ); - if( ret_ecdhe != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_list_ecdhe", ret_ecdhe ); - } - p += output_len; - - ret_dhe = ssl_tls13_write_named_group_list_dhe( ssl, p, end, &output_len ); - if( ret_dhe != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_list_dhe", ret_dhe ); - } - p += output_len; - - /* Both ECDHE and DHE failed. */ - if( ret_ecdhe != 0 && ret_dhe != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Both ECDHE and DHE groups are fail. " ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - - /* Length of named_group_list*/ - named_group_list_len = p - named_group_list; - if( named_group_list_len == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "No group available." ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - - /* Write extension_type */ - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, buf, 0 ); - /* Write extension_data_length */ - MBEDTLS_PUT_UINT16_BE( named_group_list_len + 2, buf, 2 ); - /* Write length of named_group_list */ - MBEDTLS_PUT_UINT16_BE( named_group_list_len, buf, 4 ); - - MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension", buf + 4, named_group_list_len + 2 ); - - *out_len = p - buf; - - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS; - - return( 0 ); -} - /* * Functions for writing key_share extension. */ @@ -777,7 +620,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, * * It is REQUIRED for ECDHE cipher_suites. */ - ret = ssl_tls13_write_supported_groups_ext( ssl, p, end, &output_len ); + ret = mbedtls_ssl_write_supported_groups_ext( ssl, p, end, &output_len ); if( ret != 0 ) return( ret ); p += output_len;