Merge pull request #5351 from yuhaoth/pr/remove-duplicate-supported_group_ext
Remove duplicate function for writing supported_groups extension
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 32d4969..888523f 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -302,68 +302,6 @@
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
-{
- unsigned char *p = buf;
- unsigned char *elliptic_curve_list = p + 6;
- size_t elliptic_curve_len = 0;
- const mbedtls_ecp_curve_info *info;
- const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
- *olen = 0;
-
- /* Check there is room for header */
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
-
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, adding supported_elliptic_curves extension" ) );
-
- if( group_list == NULL )
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
-
- for( ; *group_list != 0; group_list++ )
- {
- info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
- if( info == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "invalid curve in ssl configuration" ) );
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
- }
-
- /* Check there is room for another curve */
- MBEDTLS_SSL_CHK_BUF_PTR( elliptic_curve_list, end, elliptic_curve_len + 2 );
-
- MBEDTLS_PUT_UINT16_BE( *group_list, elliptic_curve_list, elliptic_curve_len );
- elliptic_curve_len += 2;
-
- if( elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "malformed supported_elliptic_curves extension in config" ) );
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
- }
- }
-
- /* Empty elliptic curve list, this is a configuration error. */
- if( elliptic_curve_len == 0 )
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
-
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES, p, 0 );
- p += 2;
-
- MBEDTLS_PUT_UINT16_BE( elliptic_curve_len + 2, p, 0 );
- p += 2;
-
- MBEDTLS_PUT_UINT16_BE( elliptic_curve_len, p, 0 );
- p += 2;
-
- *olen = 6 + elliptic_curve_len;
-
- return( 0 );
-}
static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
@@ -1206,10 +1144,10 @@
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if( uses_ec )
{
- if( ( ret = ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
+ if( ( ret = mbedtls_ssl_write_supported_groups_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_elliptic_curves_ext", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_groups_ext", ret );
return( ret );
}
ext_len += olen;
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 40e4aaf..515f684 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1489,6 +1489,7 @@
}
return( 0 );
}
+
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
@@ -1503,8 +1504,43 @@
}
return( 0 );
}
+
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+static inline int mbedtls_ssl_conf_is_tls13_enabled( const mbedtls_ssl_config *conf )
+{
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
+ conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
+ conf->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_4 &&
+ conf->max_minor_ver >= MBEDTLS_SSL_MINOR_VERSION_4 )
+ {
+ return( 1 );
+ }
+ return( 0 );
+#else
+ ((void) conf);
+ return( 0 );
+#endif
+}
+
+static inline int mbedtls_ssl_conf_is_tls12_enabled( const mbedtls_ssl_config *conf )
+{
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
+ conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
+ conf->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_3 &&
+ conf->max_minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
+ {
+ return( 1 );
+ }
+ return( 0 );
+#else
+ ((void) conf);
+ return( 0 );
+#endif
+}
+
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_config *conf )
{
@@ -1626,23 +1662,6 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
}
-/*
- * Helper functions for NamedGroup.
- */
-static inline int mbedtls_ssl_tls13_named_group_is_ecdhe( uint16_t named_group )
-{
- return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 );
-}
-
-static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group )
-{
- return( named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 &&
- named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 );
-}
static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
mbedtls_ssl_states state )
@@ -1743,4 +1762,55 @@
#endif
}
+/*
+ * Helper functions for NamedGroup.
+ */
+static inline int mbedtls_ssl_tls12_named_group_is_ecdhe( uint16_t named_group )
+{
+ /*
+ * RFC 8422 section 5.1.1
+ */
+ return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 ||
+ /* Below deprected curves should be removed with notice to users */
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 );
+}
+
+static inline int mbedtls_ssl_tls13_named_group_is_ecdhe( uint16_t named_group )
+{
+ return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 );
+}
+
+static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group )
+{
+ return( named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 &&
+ named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 );
+}
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) || \
+ defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *out_len );
+
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED ||
+ MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
+ MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
#endif /* ssl_misc.h */
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index f34f2de..a8b1e7d 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -317,9 +317,48 @@
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+/*
+ * Function for parsing a supported groups (TLS 1.3) or supported elliptic
+ * curves (TLS 1.2) extension.
+ *
+ * The "extension_data" field of a supported groups extension contains a
+ * "NamedGroupList" value (TLS 1.3 RFC8446):
+ * enum {
+ * secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
+ * x25519(0x001D), x448(0x001E),
+ * ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102),
+ * ffdhe6144(0x0103), ffdhe8192(0x0104),
+ * ffdhe_private_use(0x01FC..0x01FF),
+ * ecdhe_private_use(0xFE00..0xFEFF),
+ * (0xFFFF)
+ * } NamedGroup;
+ * struct {
+ * NamedGroup named_group_list<2..2^16-1>;
+ * } NamedGroupList;
+ *
+ * The "extension_data" field of a supported elliptic curves extension contains
+ * a "NamedCurveList" value (TLS 1.2 RFC 8422):
+ * enum {
+ * deprecated(1..22),
+ * secp256r1 (23), secp384r1 (24), secp521r1 (25),
+ * x25519(29), x448(30),
+ * reserved (0xFE00..0xFEFF),
+ * deprecated(0xFF01..0xFF02),
+ * (0xFFFF)
+ * } NamedCurve;
+ * struct {
+ * NamedCurve named_curve_list<2..2^16-1>
+ * } NamedCurveList;
+ *
+ * The TLS 1.3 supported groups extension was defined to be a compatible
+ * generalization of the TLS 1.2 supported elliptic curves extension. They both
+ * share the same extension identifier.
+ *
+ * DHE groups are not supported yet.
+ */
+static int ssl_parse_supported_groups_ext( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
{
size_t list_size, our_size;
const unsigned char *p;
@@ -1646,10 +1685,10 @@
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- case MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES:
+ case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported elliptic curves extension" ) );
- ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size );
+ ret = ssl_parse_supported_groups_ext( ssl, ext + 4, ext_size );
if( ret != 0 )
return( ret );
break;
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index dd34651..d8739bd 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7195,4 +7195,129 @@
}
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) || \
+ defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+/*
+ * Function for writing a supported groups (TLS 1.3) or supported elliptic
+ * curves (TLS 1.2) extension.
+ *
+ * The "extension_data" field of a supported groups extension contains a
+ * "NamedGroupList" value (TLS 1.3 RFC8446):
+ * enum {
+ * secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
+ * x25519(0x001D), x448(0x001E),
+ * ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102),
+ * ffdhe6144(0x0103), ffdhe8192(0x0104),
+ * ffdhe_private_use(0x01FC..0x01FF),
+ * ecdhe_private_use(0xFE00..0xFEFF),
+ * (0xFFFF)
+ * } NamedGroup;
+ * struct {
+ * NamedGroup named_group_list<2..2^16-1>;
+ * } NamedGroupList;
+ *
+ * The "extension_data" field of a supported elliptic curves extension contains
+ * a "NamedCurveList" value (TLS 1.2 RFC 8422):
+ * enum {
+ * deprecated(1..22),
+ * secp256r1 (23), secp384r1 (24), secp521r1 (25),
+ * x25519(29), x448(30),
+ * reserved (0xFE00..0xFEFF),
+ * deprecated(0xFF01..0xFF02),
+ * (0xFFFF)
+ * } NamedCurve;
+ * struct {
+ * NamedCurve named_curve_list<2..2^16-1>
+ * } NamedCurveList;
+ *
+ * The TLS 1.3 supported groups extension was defined to be a compatible
+ * generalization of the TLS 1.2 supported elliptic curves extension. They both
+ * share the same extension identifier.
+ *
+ * DHE groups are not supported yet.
+ */
+int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *out_len )
+{
+ unsigned char *p = buf ;
+ unsigned char *named_group_list; /* Start of named_group_list */
+ size_t named_group_list_len; /* Length of named_group_list */
+ const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
+
+ *out_len = 0;
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_groups extension" ) );
+
+ /* Check if we have space for header and length fields:
+ * - extension_type (2 bytes)
+ * - extension_data_length (2 bytes)
+ * - named_group_list_length (2 bytes)
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
+ p += 6;
+
+ named_group_list = p;
+
+ if( group_list == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+
+ for( ; *group_list != 0; group_list++ )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "got supported group(%04x)", *group_list ) );
+
+#if defined(MBEDTLS_ECP_C)
+ if( ( mbedtls_ssl_conf_is_tls13_enabled( ssl->conf ) &&
+ mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) ) ||
+ ( mbedtls_ssl_conf_is_tls12_enabled( ssl->conf ) &&
+ mbedtls_ssl_tls12_named_group_is_ecdhe( *group_list ) ) )
+ {
+ const mbedtls_ecp_curve_info *curve_info;
+ curve_info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
+ if( curve_info == NULL )
+ continue;
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+ MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 );
+ p += 2;
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )",
+ curve_info->name, *group_list ) );
+ }
+#endif /* MBEDTLS_ECP_C */
+ /* Add DHE groups here */
+
+ }
+
+ /* Length of named_group_list */
+ named_group_list_len = p - named_group_list;
+ if( named_group_list_len == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "No group available." ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ /* Write extension_type */
+ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, buf, 0 );
+ /* Write extension_data_length */
+ MBEDTLS_PUT_UINT16_BE( named_group_list_len + 2, buf, 2 );
+ /* Write length of named_group_list */
+ MBEDTLS_PUT_UINT16_BE( named_group_list_len, buf, 4 );
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension",
+ buf + 4, named_group_list_len + 2 );
+
+ *out_len = p - buf;
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+ return( 0 );
+}
+
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED ||
+ MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
+ MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
#endif /* MBEDTLS_SSL_TLS_C */
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index dcf1ff8..9f9ab72 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -116,163 +116,6 @@
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/*
- * Functions for writing supported_groups extension.
- *
- * Stucture of supported_groups:
- * enum {
- * secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
- * x25519(0x001D), x448(0x001E),
- * ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102),
- * ffdhe6144(0x0103), ffdhe8192(0x0104),
- * ffdhe_private_use(0x01FC..0x01FF),
- * ecdhe_private_use(0xFE00..0xFEFF),
- * (0xFFFF)
- * } NamedGroup;
- * struct {
- * NamedGroup named_group_list<2..2^16-1>;
- * } NamedGroupList;
- */
-#if defined(MBEDTLS_ECDH_C)
-/*
- * In versions of TLS prior to TLS 1.3, this extension was named
- * 'elliptic_curves' and only contained elliptic curve groups.
- */
-static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- unsigned char *end,
- size_t *out_len )
-{
- unsigned char *p = buf;
-
- *out_len = 0;
-
- const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
-
- if( group_list == NULL )
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
-
- for ( ; *group_list != 0; group_list++ )
- {
- const mbedtls_ecp_curve_info *curve_info;
- curve_info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
- if( curve_info == NULL )
- continue;
-
- if( !mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) )
- continue;
-
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2);
- MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 );
- p += 2;
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )",
- curve_info->name, *group_list ) );
- }
-
- *out_len = p - buf;
-
- return( 0 );
-}
-#else
-static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- unsigned char *end,
- size_t *out_len )
-{
- ((void) ssl);
- ((void) buf);
- ((void) end);
- *out_len = 0;
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-}
-#endif /* MBEDTLS_ECDH_C */
-
-static int ssl_tls13_write_named_group_list_dhe( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- unsigned char *end,
- size_t *out_len )
-{
- ((void) ssl);
- ((void) buf);
- ((void) end);
- *out_len = 0;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "write_named_group_dhe is not implemented" ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-}
-
-static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- unsigned char *end,
- size_t *out_len )
-{
- unsigned char *p = buf ;
- unsigned char *named_group_list; /* Start of named_group_list */
- size_t named_group_list_len; /* Length of named_group_list */
- size_t output_len = 0;
- int ret_ecdhe, ret_dhe;
-
- *out_len = 0;
-
- if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
- return( 0 );
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_groups extension" ) );
-
- /* Check if we have space for header and length fields:
- * - extension_type (2 bytes)
- * - extension_data_length (2 bytes)
- * - named_group_list_length (2 bytes)
- */
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
- p += 6;
-
- named_group_list = p;
- ret_ecdhe = ssl_tls13_write_named_group_list_ecdhe( ssl, p, end, &output_len );
- if( ret_ecdhe != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_list_ecdhe", ret_ecdhe );
- }
- p += output_len;
-
- ret_dhe = ssl_tls13_write_named_group_list_dhe( ssl, p, end, &output_len );
- if( ret_dhe != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_list_dhe", ret_dhe );
- }
- p += output_len;
-
- /* Both ECDHE and DHE failed. */
- if( ret_ecdhe != 0 && ret_dhe != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Both ECDHE and DHE groups are fail. " ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
-
- /* Length of named_group_list*/
- named_group_list_len = p - named_group_list;
- if( named_group_list_len == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "No group available." ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
-
- /* Write extension_type */
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, buf, 0 );
- /* Write extension_data_length */
- MBEDTLS_PUT_UINT16_BE( named_group_list_len + 2, buf, 2 );
- /* Write length of named_group_list */
- MBEDTLS_PUT_UINT16_BE( named_group_list_len, buf, 4 );
-
- MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension", buf + 4, named_group_list_len + 2 );
-
- *out_len = p - buf;
-
- ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS;
-
- return( 0 );
-}
-
-/*
* Functions for writing key_share extension.
*/
#if defined(MBEDTLS_ECDH_C)
@@ -376,9 +219,6 @@
*out_len = 0;
- if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
- return( 0 );
-
/* Check if we have space for header and length fields:
* - extension_type (2 bytes)
* - extension_data_length (2 bytes)
@@ -773,40 +613,28 @@
p += output_len;
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- /* Write supported_groups extension
- *
- * It is REQUIRED for ECDHE cipher_suites.
- */
- ret = ssl_tls13_write_supported_groups_ext( ssl, p, end, &output_len );
- if( ret != 0 )
- return( ret );
- p += output_len;
- /* Write key_share extension
- *
- * We need to send the key shares under three conditions:
- * 1) A certificate-based ciphersuite is being offered. In this case
- * supported_groups and supported_signature extensions have been
- * successfully added.
- * 2) A PSK-based ciphersuite with ECDHE is offered. In this case the
- * psk_key_exchange_modes has been added as the last extension.
- * 3) Or, in case all ciphers are supported ( which includes #1 and #2
- * from above )
+ /*
+ * Add the extensions related to (EC)DHE ephemeral key establishment only if
+ * enabled as per the configuration.
*/
- ret = ssl_tls13_write_key_share_ext( ssl, p, end, &output_len );
- if( ret != 0 )
- return( ret );
- p += output_len;
+ if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
+ {
+ ret = mbedtls_ssl_write_supported_groups_ext( ssl, p, end, &output_len );
+ if( ret != 0 )
+ return( ret );
+ p += output_len;
- /* Write signature_algorithms extension
- *
- * It is REQUIRED for certificate authenticated cipher_suites.
- */
- ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, p, end, &output_len );
- if( ret != 0 )
- return( ret );
- p += output_len;
+ ret = ssl_tls13_write_key_share_ext( ssl, p, end, &output_len );
+ if( ret != 0 )
+ return( ret );
+ p += output_len;
+ ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, p, end, &output_len );
+ if( ret != 0 )
+ return( ret );
+ p += output_len;
+ }
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 1260740..c789ed4 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -165,16 +165,6 @@
*out_len = 0;
- /* Skip the extension on the client if all allowed key exchanges
- * are PSK-based. */
-#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
- !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
- {
- return( 0 );
- }
-#endif /* MBEDTLS_SSL_CLI_C */
-
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding signature_algorithms extension" ) );
/* Check if we have space for header and length field:
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 691c0e7..b060e7b 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -6585,7 +6585,7 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
0 \
- -C "client hello, adding supported_elliptic_curves extension" \
+ -C "client hello, adding supported_groups extension" \
-C "client hello, adding supported_point_formats extension" \
-S "found supported elliptic curves extension" \
-S "found supported point formats extension"
@@ -6609,7 +6609,7 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
0 \
- -c "client hello, adding supported_elliptic_curves extension" \
+ -c "client hello, adding supported_groups extension" \
-c "client hello, adding supported_point_formats extension" \
-s "found supported elliptic curves extension" \
-s "found supported point formats extension"