Merge pull request #4859 from brett-warren-arm/supported_groups
Add mbedtls_ssl_conf_groups to API
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index b2a2e32..5b26084 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -130,10 +130,8 @@
/**
* The number of supported curves, plus one for #MBEDTLS_ECP_DP_NONE.
- *
- * \note Montgomery curves are currently excluded.
*/
-#define MBEDTLS_ECP_DP_MAX 12
+#define MBEDTLS_ECP_DP_MAX 14
/*
* Curve types
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 36e3718..5d2fefc 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -42,10 +42,6 @@
/* Internal helper macros for deprecating API constants. */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
-/* Deliberately don't (yet) export MBEDTLS_DEPRECATED here
- * to avoid conflict with other headers which define and use
- * it, too. We might want to move all these definitions here at
- * some point for uniformity. */
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t;
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \
@@ -53,8 +49,8 @@
MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) \
( (mbedtls_deprecated_numeric_constant_t) ( VAL ) )
-#undef MBEDTLS_DEPRECATED
#else /* MBEDTLS_DEPRECATED_WARNING */
+#define MBEDTLS_DEPRECATED
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL
#endif /* MBEDTLS_DEPRECATED_WARNING */
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 288d9b3..5d04a11 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_H
#define MBEDTLS_SSL_H
+#include "mbedtls/platform_util.h"
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
@@ -187,18 +188,28 @@
* } NamedGroup;
*
*/
+
/* Elliptic Curve Groups (ECDHE) */
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP256R1 0x0017
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP384R1 0x0018
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP521R1 0x0019
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_X25519 0x001D
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_X448 0x001E
+#define MBEDTLS_SSL_IANA_TLS_GROUP_NONE 0
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 0x0012
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 0x0013
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 0x0014
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 0x0015
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 0x0016
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 0x0017
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 0x0018
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 0x0019
+#define MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1 0x001A
+#define MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1 0x001B
+#define MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1 0x001C
+#define MBEDTLS_SSL_IANA_TLS_GROUP_X25519 0x001D
+#define MBEDTLS_SSL_IANA_TLS_GROUP_X448 0x001E
/* Finite Field Groups (DHE) */
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE2048 0x0100
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE3072 0x0101
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE4096 0x0102
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE6144 0x0103
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE8192 0x0104
+#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 0x0100
+#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072 0x0101
+#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096 0x0102
+#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144 0x0103
+#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 0x0104
/*
* TLS 1.3 Key Exchange Modes
@@ -1283,10 +1294,12 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#endif
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */
#endif
+ const uint16_t *MBEDTLS_PRIVATE(group_list); /*!< allowed IANA NamedGroups */
+
#if defined(MBEDTLS_DHM_C)
mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */
mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */
@@ -3143,6 +3156,7 @@
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_ECP_C)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/**
* \brief Set the allowed curves in order of preference.
*
@@ -3156,6 +3170,8 @@
* Both sides: limits the set of curves accepted for use in
* ECDHE and in the peer's end-entity certificate.
*
+ * \deprecated Superseeded by mbedtls_ssl_conf_groups().
+ *
* \note This has no influence on which curves are allowed inside the
* certificate chains, see \c mbedtls_ssl_conf_cert_profile()
* for that. For the end-entity certificate however, the key
@@ -3182,10 +3198,51 @@
* \param curves Ordered list of allowed curves,
* terminated by MBEDTLS_ECP_DP_NONE.
*/
-void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
- const mbedtls_ecp_group_id *curves );
+void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
+ const mbedtls_ecp_group_id *curves );
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_ECP_C */
+/**
+ * \brief Set the allowed groups in order of preference.
+ *
+ * On server: This only affects the choice of key agreement mechanism
+ *
+ * On client: this affects the list of groups offered for any
+ * use. The server can override our preference order.
+ *
+ * Both sides: limits the set of groups accepted for use in
+ * key sharing.
+ *
+ * \note This function replaces the deprecated mbedtls_ssl_conf_curves(),
+ * which only allows ECP curves to be configured.
+ *
+ * \note The most recent invocation of either mbedtls_ssl_conf_curves()
+ * or mbedtls_ssl_conf_groups() nullifies all previous invocations
+ * of both.
+ *
+ * \note This list should be ordered by decreasing preference
+ * (preferred group first).
+ *
+ * \note When this function is not called, a default list is used,
+ * consisting of all supported curves at 255 bits and above,
+ * and all supported finite fields at 2048 bits and above.
+ * The order favors groups with the lowest resource usage.
+ *
+ * \note New minor versions of Mbed TLS will not remove items
+ * from the default list unless serious security concerns require it.
+ * New minor versions of Mbed TLS may change the order in
+ * keeping with the general principle of favoring the lowest
+ * resource usage.
+ *
+ * \param conf SSL configuration
+ * \param groups List of allowed groups ordered by preference, terminated by 0.
+ * Must contain valid IANA NamedGroup IDs (provided via either an integer
+ * or using MBEDTLS_TLS13_NAMED_GROUP_XXX macros).
+ */
+void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf,
+ const uint16_t *groups );
+
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/**
* \brief Set the allowed hashes for signatures during the handshake.
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 9120aa2..9fc8041 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -309,27 +309,32 @@
unsigned char *elliptic_curve_list = p + 6;
size_t elliptic_curve_len = 0;
const mbedtls_ecp_curve_info *info;
- const mbedtls_ecp_group_id *grp_id;
-
+ const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
*olen = 0;
+ /* Check there is room for header */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
+
MBEDTLS_SSL_DEBUG_MSG( 3,
( "client hello, adding supported_elliptic_curves extension" ) );
- if( ssl->conf->curve_list == NULL )
+ if( group_list == NULL )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
- for( grp_id = ssl->conf->curve_list;
- *grp_id != MBEDTLS_ECP_DP_NONE;
- grp_id++ )
+ for( ; *group_list != 0; group_list++ )
{
- info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
+ info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
if( info == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "invalid curve in ssl configuration" ) );
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
}
+
+ /* Check there is room for another curve */
+ MBEDTLS_SSL_CHK_BUF_PTR( elliptic_curve_list, end, elliptic_curve_len + 2 );
+
+ MBEDTLS_PUT_UINT16_BE( *group_list, elliptic_curve_list, elliptic_curve_len );
elliptic_curve_len += 2;
if( elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN )
@@ -344,19 +349,6 @@
if( elliptic_curve_len == 0 )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + elliptic_curve_len );
-
- elliptic_curve_len = 0;
-
- for( grp_id = ssl->conf->curve_list;
- *grp_id != MBEDTLS_ECP_DP_NONE;
- grp_id++ )
- {
- info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
- elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_1( info->tls_id );
- elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_0( info->tls_id );
- }
-
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES, p, 0 );
p += 2;
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index dbef6aa..c7d966b 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -542,6 +542,11 @@
int tls1_3_kex_modes; /*!< key exchange modes for TLS 1.3 */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+ const uint16_t *group_list;
+ unsigned char group_list_heap_allocated;
+#endif
+
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */
@@ -1593,17 +1598,17 @@
*/
static inline int mbedtls_ssl_tls13_named_group_is_ecdhe( uint16_t named_group )
{
- return( named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP256R1 ||
- named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP384R1 ||
- named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP521R1 ||
- named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_X25519 ||
- named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_X448 );
+ return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 );
}
static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group )
{
- return( named_group >= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE2048 &&
- named_group <= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE8192 );
+ return( named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 &&
+ named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 );
}
static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
@@ -1672,4 +1677,27 @@
size_t dst_len,
size_t *olen );
+/*
+ * Return supported groups.
+ *
+ * In future, invocations can be changed to ssl->conf->group_list
+ * when mbedtls_ssl_conf_curves() is deleted.
+ *
+ * ssl->handshake->group_list is either a translation of curve_list to IANA TLS group
+ * identifiers when mbedtls_ssl_conf_curves() has been used, or a pointer to
+ * ssl->conf->group_list when mbedtls_ssl_conf_groups() has been more recently invoked.
+ *
+ */
+static inline const void *mbedtls_ssl_get_groups( const mbedtls_ssl_context *ssl )
+{
+ #if defined(MBEDTLS_DEPRECATED_REMOVED) || !defined(MBEDTLS_ECP_C)
+ return( ssl->conf->group_list );
+ #else
+ if( ( ssl->handshake != NULL ) && ( ssl->handshake->group_list != NULL ) )
+ return( ssl->handshake->group_list );
+ else
+ return( ssl->conf->group_list );
+ #endif
+}
+
#endif /* ssl_misc.h */
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index e27fdff..881b1fd 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3036,14 +3036,16 @@
* } ServerECDHParams;
*/
const mbedtls_ecp_curve_info **curve = NULL;
- const mbedtls_ecp_group_id *gid;
+ const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
/* Match our preference list against the offered curves */
- for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
+ if( group_list == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+ for( ; *group_list != 0; group_list++ )
for( curve = ssl->handshake->curves; *curve != NULL; curve++ )
- if( (*curve)->grp_id == *gid )
+ if( (*curve)->tls_id == *group_list )
goto curve_matching_done;
curve_matching_done:
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c507950..d604f38 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3073,6 +3073,52 @@
}
#endif
+/*
+ * curve_list is translated to IANA TLS group identifiers here because
+ * mbedtls_ssl_conf_curves returns void and so can't return
+ * any error codes.
+ */
+#if defined(MBEDTLS_ECP_C)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+ /* Heap allocate and translate curve_list from internal to IANA group ids */
+ if ( ssl->conf->curve_list != NULL )
+ {
+ size_t length;
+ const mbedtls_ecp_group_id *curve_list = ssl->conf->curve_list;
+
+ for( length = 0; ( curve_list[length] != MBEDTLS_ECP_DP_NONE ) &&
+ ( length < MBEDTLS_ECP_DP_MAX ); length++ ) {}
+
+ /* Leave room for zero termination */
+ uint16_t *group_list = mbedtls_calloc( length + 1, sizeof(uint16_t) );
+ if ( group_list == NULL )
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+ for( size_t i = 0; i < length; i++ )
+ {
+ const mbedtls_ecp_curve_info *info =
+ mbedtls_ecp_curve_info_from_grp_id( curve_list[i] );
+ if ( info == NULL )
+ {
+ mbedtls_free( group_list );
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+ }
+ group_list[i] = info->tls_id;
+ }
+
+ group_list[length] = 0;
+
+ ssl->handshake->group_list = group_list;
+ ssl->handshake->group_list_heap_allocated = 1;
+ }
+ else
+ {
+ ssl->handshake->group_list = ssl->conf->group_list;
+ ssl->handshake->group_list_heap_allocated = 0;
+ }
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+#endif /* MBEDTLS_ECP_C */
+
return( 0 );
}
@@ -3928,16 +3974,36 @@
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECP_C)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/*
* Set the allowed elliptic curves
+ *
+ * mbedtls_ssl_setup() takes the provided list
+ * and translates it to a list of IANA TLS group identifiers,
+ * stored in ssl->handshake->group_list.
+ *
*/
void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
const mbedtls_ecp_group_id *curve_list )
{
conf->curve_list = curve_list;
+ conf->group_list = NULL;
}
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_ECP_C */
+/*
+ * Set the allowed groups
+ */
+void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf,
+ const uint16_t *group_list )
+{
+#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
+ conf->curve_list = NULL;
+#endif
+ conf->group_list = group_list;
+}
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
{
@@ -5379,6 +5445,14 @@
if( handshake == NULL )
return;
+#if defined(MBEDTLS_ECP_C)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+ if ( ssl->handshake->group_list_heap_allocated )
+ mbedtls_free( (void*) handshake->group_list );
+ handshake->group_list = NULL;
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+#endif /* MBEDTLS_ECP_C */
+
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0 )
{
@@ -6233,41 +6307,39 @@
};
#endif
-#if defined(MBEDTLS_ECP_C)
/* The selection should be the same as mbedtls_x509_crt_profile_default in
* x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters:
* curves with a lower resource usage come first.
* See the documentation of mbedtls_ssl_conf_curves() for what we promise
* about this list.
*/
-static mbedtls_ecp_group_id ssl_preset_default_curves[] = {
+static uint16_t ssl_preset_default_groups[] = {
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
- MBEDTLS_ECP_DP_CURVE25519,
+ MBEDTLS_SSL_IANA_TLS_GROUP_X25519,
#endif
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
- MBEDTLS_ECP_DP_SECP256R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
#endif
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
- MBEDTLS_ECP_DP_SECP384R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
#endif
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
- MBEDTLS_ECP_DP_CURVE448,
+ MBEDTLS_SSL_IANA_TLS_GROUP_X448,
#endif
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
- MBEDTLS_ECP_DP_SECP521R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1,
#endif
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
- MBEDTLS_ECP_DP_BP256R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1,
#endif
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
- MBEDTLS_ECP_DP_BP384R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1,
#endif
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
- MBEDTLS_ECP_DP_BP512R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1,
#endif
- MBEDTLS_ECP_DP_NONE
+ MBEDTLS_SSL_IANA_TLS_GROUP_NONE
};
-#endif
static int ssl_preset_suiteb_ciphersuites[] = {
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
@@ -6314,17 +6386,15 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#endif
-#if defined(MBEDTLS_ECP_C)
-static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = {
+static uint16_t ssl_preset_suiteb_groups[] = {
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
- MBEDTLS_ECP_DP_SECP256R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
#endif
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
- MBEDTLS_ECP_DP_SECP384R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
#endif
- MBEDTLS_ECP_DP_NONE
+ MBEDTLS_SSL_IANA_TLS_GROUP_NONE
};
-#endif
/*
* Load default in mbedtls_ssl_config
@@ -6438,9 +6508,10 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#endif
-#if defined(MBEDTLS_ECP_C)
- conf->curve_list = ssl_preset_suiteb_curves;
+#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
+ conf->curve_list = NULL;
#endif
+ conf->group_list = ssl_preset_suiteb_groups;
break;
/*
@@ -6475,9 +6546,10 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_ECP_C)
- conf->curve_list = ssl_preset_default_curves;
+#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
+ conf->curve_list = NULL;
#endif
+ conf->group_list = ssl_preset_default_groups;
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
conf->dhm_min_bitlen = 1024;
@@ -6701,14 +6773,17 @@
*/
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id )
{
- const mbedtls_ecp_group_id *gid;
+ const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
- if( ssl->conf->curve_list == NULL )
+ if( group_list == NULL )
return( -1 );
+ uint16_t tls_id = mbedtls_ecp_curve_info_from_grp_id(grp_id)->tls_id;
- for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
- if( *gid == grp_id )
+ for( ; *group_list != 0; group_list++ )
+ {
+ if( *group_list == tls_id )
return( 0 );
+ }
return( -1 );
}
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 0fb09c4..9c88484 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -137,36 +137,35 @@
* 'elliptic_curves' and only contained elliptic curve groups.
*/
static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- unsigned char *end,
- size_t *olen )
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
*olen = 0;
- if( ssl->conf->curve_list == NULL )
+ const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
+
+ if( group_list == NULL )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
- for ( const mbedtls_ecp_group_id *grp_id = ssl->conf->curve_list;
- *grp_id != MBEDTLS_ECP_DP_NONE;
- grp_id++ )
+ for ( ; *group_list != 0; group_list++ )
{
const mbedtls_ecp_curve_info *info;
- info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
+ info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
if( info == NULL )
continue;
- if( !mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) )
+ if( !mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) )
continue;
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2);
- MBEDTLS_PUT_UINT16_BE( info->tls_id, p, 0 );
+ MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 );
p += 2;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )",
- mbedtls_ecp_curve_info_from_tls_id( info->tls_id )->name,
- info->tls_id ) );
+ info->name, *group_list ) );
}
*olen = p - buf;
@@ -321,20 +320,19 @@
#if defined(MBEDTLS_ECDH_C)
+ const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
/* Pick first available ECDHE group compatible with TLS 1.3 */
- if( ssl->conf->curve_list == NULL )
+ if( group_list == NULL )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
- for ( const mbedtls_ecp_group_id *grp_id = ssl->conf->curve_list;
- *grp_id != MBEDTLS_ECP_DP_NONE;
- grp_id++ )
+ for ( ; *group_list != 0; group_list++ )
{
const mbedtls_ecp_curve_info *info;
- info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
+ info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
if( info != NULL &&
- mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) )
+ mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) )
{
- *group_id = info->tls_id;
+ *group_id = *group_list;
return( 0 );
}
}
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index f872e60..29bda7f 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -678,7 +678,7 @@
#endif
#if defined(MBEDTLS_ECP_C)
- mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE];
+ uint16_t group_list[CURVE_LIST_SIZE];
const mbedtls_ecp_curve_info *curve_cur;
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
@@ -1452,7 +1452,7 @@
if( strcmp( p, "none" ) == 0 )
{
- curve_list[0] = MBEDTLS_ECP_DP_NONE;
+ group_list[0] = 0;
}
else if( strcmp( p, "default" ) != 0 )
{
@@ -1469,7 +1469,7 @@
if( ( curve_cur = mbedtls_ecp_curve_info_from_name( q ) ) != NULL )
{
- curve_list[i++] = curve_cur->grp_id;
+ group_list[i++] = curve_cur->tls_id;
}
else
{
@@ -1495,7 +1495,7 @@
goto exit;
}
- curve_list[i] = MBEDTLS_ECP_DP_NONE;
+ group_list[i] = 0;
}
}
#endif /* MBEDTLS_ECP_C */
@@ -1889,7 +1889,7 @@
if( opt.curves != NULL &&
strcmp( opt.curves, "default" ) != 0 )
{
- mbedtls_ssl_conf_curves( &conf, curve_list );
+ mbedtls_ssl_conf_groups( &conf, group_list );
}
#endif
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index c0f3196..4d785d7 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1340,7 +1340,7 @@
sni_entry *sni_info = NULL;
#endif
#if defined(MBEDTLS_ECP_C)
- mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE];
+ uint16_t group_list[CURVE_LIST_SIZE];
const mbedtls_ecp_curve_info * curve_cur;
#endif
#if defined(MBEDTLS_SSL_ALPN)
@@ -2196,7 +2196,7 @@
if( strcmp( p, "none" ) == 0 )
{
- curve_list[0] = MBEDTLS_ECP_DP_NONE;
+ group_list[0] = 0;
}
else if( strcmp( p, "default" ) != 0 )
{
@@ -2213,7 +2213,7 @@
if( ( curve_cur = mbedtls_ecp_curve_info_from_name( q ) ) != NULL )
{
- curve_list[i++] = curve_cur->grp_id;
+ group_list[i++] = curve_cur->tls_id;
}
else
{
@@ -2239,7 +2239,7 @@
goto exit;
}
- curve_list[i] = MBEDTLS_ECP_DP_NONE;
+ group_list[i] = 0;
}
}
#endif /* MBEDTLS_ECP_C */
@@ -2903,7 +2903,7 @@
if( opt.curves != NULL &&
strcmp( opt.curves, "default" ) != 0 )
{
- mbedtls_ssl_conf_curves( &conf, curve_list );
+ mbedtls_ssl_conf_groups( &conf, group_list );
}
#endif
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 25eefb3..9dabb51 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -6229,3 +6229,9 @@
# we could get this with 255-bytes plaintext and untruncated SHA-384
Constant-flow memcpy from offset: large
ssl_cf_memcpy_offset:100:339:48
+
+Test configuration of groups for DHE through mbedtls_ssl_conf_curves()
+conf_curve:
+
+Test configuration of groups for DHE through mbedtls_ssl_conf_groups()
+conf_group:
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 69d2e00..75eda1d 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -4881,3 +4881,72 @@
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_C:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+void conf_curve()
+{
+
+ mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP192R1,
+ MBEDTLS_ECP_DP_SECP224R1,
+ MBEDTLS_ECP_DP_SECP256R1,
+ MBEDTLS_ECP_DP_NONE };
+ mbedtls_ecp_group_id iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
+
+ mbedtls_ssl_config conf;
+ mbedtls_ssl_config_init( &conf );
+
+ mbedtls_ssl_conf_max_version( &conf, 3, 3 );
+ mbedtls_ssl_conf_min_version( &conf, 3, 3 );
+ mbedtls_ssl_conf_curves( &conf, curve_list );
+
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_setup( &ssl, &conf );
+
+ TEST_ASSERT( ssl.handshake != NULL && ssl.handshake->group_list != NULL );
+ TEST_ASSERT( ssl.conf != NULL && ssl.conf->group_list == NULL );
+
+ TEST_EQUAL( ssl.handshake->group_list[ARRAY_LENGTH( iana_tls_group_list ) - 1], MBEDTLS_SSL_IANA_TLS_GROUP_NONE );
+
+ for( size_t i = 0; i < ARRAY_LENGTH( iana_tls_group_list ); i++ )
+ TEST_EQUAL( iana_tls_group_list[i], ssl.handshake->group_list[i] );
+
+ mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_config_free( &conf );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_DEPRECATED_REMOVED */
+void conf_group()
+{
+ uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
+
+ mbedtls_ssl_config conf;
+ mbedtls_ssl_config_init( &conf );
+
+ mbedtls_ssl_conf_max_version( &conf, 3, 3 );
+ mbedtls_ssl_conf_min_version( &conf, 3, 3 );
+
+ mbedtls_ssl_conf_groups( &conf, iana_tls_group_list );
+
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_setup( &ssl, &conf );
+
+ TEST_ASSERT( ssl.conf != NULL && ssl.conf->group_list != NULL );
+
+ TEST_EQUAL( ssl.conf->group_list[ARRAY_LENGTH( iana_tls_group_list ) - 1], MBEDTLS_SSL_IANA_TLS_GROUP_NONE );
+
+ for( size_t i = 0; i < ARRAY_LENGTH( iana_tls_group_list ); i++ )
+ TEST_EQUAL( iana_tls_group_list[i], ssl.conf->group_list[i] );
+
+ mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_config_free( &conf );
+}
+/* END_CASE */