ssl_client2, ssl_server2: code optimization + guards adaptation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 17b8ff7..8aea0e5 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -364,6 +364,12 @@
#define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
#endif
+/* Key exchanges ephemeral */
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \
+ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
+#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED
+#endif
+
typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
#define MBEDTLS_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 030135b..0447790 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1579,7 +1579,6 @@
}
if (buf_size < PSA_BITS_TO_BYTES(bits)) {
-
return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
}
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index eb47af1..af41e38 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -261,7 +261,9 @@
#define USAGE_ALPN ""
#endif /* MBEDTLS_SSL_ALPN */
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_ECP_LIGHT) || \
+ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
+ defined(PSA_WANT_ALG_FFDH))
#define USAGE_CURVES \
" curves=a,b,c,d default: \"default\" (library default)\n" \
" example: \"secp521r1,brainpoolP512r1\"\n" \
@@ -758,7 +760,6 @@
#if defined(MBEDTLS_ECP_LIGHT)
uint16_t group_list[CURVE_LIST_SIZE];
- const mbedtls_ecp_curve_info *curve_cur;
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
unsigned char mki[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
@@ -1493,62 +1494,16 @@
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_ECP_LIGHT) || \
+ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
+ defined(PSA_WANT_ALG_FFDH))
if (opt.curves != NULL) {
- p = (char *) opt.curves;
- i = 0;
-
- if (strcmp(p, "none") == 0) {
- group_list[0] = 0;
- } else if (strcmp(p, "default") != 0) {
- /* Leave room for a final NULL in curve list */
- while (i < CURVE_LIST_SIZE - 1 && *p != '\0') {
- q = p;
- uint16_t ffdh_group = 0;
-
- /* Terminate the current string */
- while (*p != ',' && *p != '\0') {
- p++;
- }
- if (*p == ',') {
- *p++ = '\0';
- }
-
- if ((curve_cur = mbedtls_ecp_curve_info_from_name(q)) != NULL) {
- group_list[i++] = curve_cur->tls_id;
- } else if ((ffdh_group = mbedtls_ssl_ffdh_group_from_name(q)) != 0) {
- group_list[i++] = ffdh_group;
- } else {
- mbedtls_printf("unknown curve %s\n", q);
- mbedtls_printf("supported curves: ");
- for (curve_cur = mbedtls_ecp_curve_list();
- curve_cur->grp_id != MBEDTLS_ECP_DP_NONE;
- curve_cur++) {
- mbedtls_printf("%s ", curve_cur->name);
- }
- const uint16_t *supported_ffdh_group = mbedtls_ssl_ffdh_supported_groups();
- while (*supported_ffdh_group != 0) {
- mbedtls_printf("%s ",
- mbedtls_ssl_ffdh_name_from_group(*supported_ffdh_group));
- supported_ffdh_group++;
- }
- mbedtls_printf("\n");
- goto exit;
- }
- }
-
- mbedtls_printf("Number of curves: %d\n", i);
-
- if (i == CURVE_LIST_SIZE - 1 && *p != '\0') {
- mbedtls_printf("curves list too long, maximum %d",
- CURVE_LIST_SIZE - 1);
- goto exit;
- }
-
- group_list[i] = 0;
+ if (parse_curves(opt.curves, group_list, CURVE_LIST_SIZE) != 0) {
+ goto exit;
}
}
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_ECP_LIGHT ||
+ (MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH) */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if (opt.sig_algs != NULL) {
@@ -1951,7 +1906,9 @@
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_ECP_LIGHT) || \
+ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
+ defined(PSA_WANT_ALG_FFDH))
if (opt.curves != NULL &&
strcmp(opt.curves, "default") != 0) {
mbedtls_ssl_conf_groups(&conf, group_list);
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 1986b35..715fe0c 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -446,7 +446,9 @@
#define USAGE_EARLY_DATA ""
#endif /* MBEDTLS_SSL_EARLY_DATA */
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_ECP_LIGHT) || \
+ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
+ defined(PSA_WANT_ALG_FFDH))
#define USAGE_CURVES \
" curves=a,b,c,d default: \"default\" (library default)\n" \
" example: \"secp521r1,brainpoolP512r1\"\n" \
@@ -1522,7 +1524,6 @@
#endif
#if defined(MBEDTLS_ECP_LIGHT)
uint16_t group_list[CURVE_LIST_SIZE];
- const mbedtls_ecp_curve_info *curve_cur;
#endif
#if defined(MBEDTLS_SSL_ALPN)
const char *alpn_list[ALPN_LIST_SIZE];
@@ -2387,62 +2388,16 @@
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_ECP_LIGHT) || \
+ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
+ defined(PSA_WANT_ALG_FFDH))
if (opt.curves != NULL) {
- p = (char *) opt.curves;
- i = 0;
-
- if (strcmp(p, "none") == 0) {
- group_list[0] = 0;
- } else if (strcmp(p, "default") != 0) {
- /* Leave room for a final NULL in curve list */
- while (i < CURVE_LIST_SIZE - 1 && *p != '\0') {
- q = p;
- uint16_t ffdh_group = 0;
-
- /* Terminate the current string */
- while (*p != ',' && *p != '\0') {
- p++;
- }
- if (*p == ',') {
- *p++ = '\0';
- }
-
- if ((curve_cur = mbedtls_ecp_curve_info_from_name(q)) != NULL) {
- group_list[i++] = curve_cur->tls_id;
- } else if ((ffdh_group = mbedtls_ssl_ffdh_group_from_name(q)) != 0) {
- group_list[i++] = ffdh_group;
- } else {
- mbedtls_printf("unknown curve %s\n", q);
- mbedtls_printf("supported curves: ");
- for (curve_cur = mbedtls_ecp_curve_list();
- curve_cur->grp_id != MBEDTLS_ECP_DP_NONE;
- curve_cur++) {
- mbedtls_printf("%s ", curve_cur->name);
- const uint16_t *supported_ffdh_group = mbedtls_ssl_ffdh_supported_groups();
- while (*supported_ffdh_group != 0) {
- mbedtls_printf("%s ",
- mbedtls_ssl_ffdh_name_from_group(*supported_ffdh_group));
- supported_ffdh_group++;
- }
- }
- mbedtls_printf("\n");
- goto exit;
- }
- }
-
- mbedtls_printf("Number of curves: %d\n", i);
-
- if (i == CURVE_LIST_SIZE - 1 && *p != '\0') {
- mbedtls_printf("curves list too long, maximum %d",
- CURVE_LIST_SIZE - 1);
- goto exit;
- }
-
- group_list[i] = 0;
+ if (parse_curves(opt.curves, group_list, CURVE_LIST_SIZE) != 0) {
+ goto exit;
}
}
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_ECP_LIGHT ||
+ (MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH) */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if (opt.sig_algs != NULL) {
@@ -3144,7 +3099,9 @@
}
#endif
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_ECP_LIGHT) || \
+ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
+ defined(PSA_WANT_ALG_FFDH))
if (opt.curves != NULL &&
strcmp(opt.curves, "default") != 0) {
mbedtls_ssl_conf_groups(&conf, group_list);
diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c
index 26824c2..077df2e 100644
--- a/programs/ssl/ssl_test_lib.c
+++ b/programs/ssl/ssl_test_lib.c
@@ -479,4 +479,69 @@
return ffdh_groups;
}
+#if defined(MBEDTLS_ECP_LIGHT) || \
+ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
+ defined(PSA_WANT_ALG_FFDH))
+int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len)
+{
+ char *p = (char *) curves;
+ char *q = NULL;
+ size_t i = 0;
+ const mbedtls_ecp_curve_info *curve_cur = NULL;
+
+ if (strcmp(p, "none") == 0) {
+ group_list[0] = 0;
+ } else if (strcmp(p, "default") != 0) {
+ /* Leave room for a final NULL in curve list */
+ while (i < group_list_len - 1 && *p != '\0') {
+ q = p;
+ uint16_t ffdh_group = 0;
+
+ /* Terminate the current string */
+ while (*p != ',' && *p != '\0') {
+ p++;
+ }
+ if (*p == ',') {
+ *p++ = '\0';
+ }
+
+ if ((curve_cur = mbedtls_ecp_curve_info_from_name(q)) != NULL) {
+ group_list[i++] = curve_cur->tls_id;
+ } else if ((ffdh_group = mbedtls_ssl_ffdh_group_from_name(q)) != 0) {
+ group_list[i++] = ffdh_group;
+ } else {
+ mbedtls_printf("unknown curve %s\n", q);
+ mbedtls_printf("supported curves: ");
+ for (curve_cur = mbedtls_ecp_curve_list();
+ curve_cur->grp_id != MBEDTLS_ECP_DP_NONE;
+ curve_cur++) {
+ mbedtls_printf("%s ", curve_cur->name);
+ }
+ const uint16_t *supported_ffdh_group = mbedtls_ssl_ffdh_supported_groups();
+ while (*supported_ffdh_group != 0) {
+ mbedtls_printf("%s ",
+ mbedtls_ssl_ffdh_name_from_group(*supported_ffdh_group));
+ supported_ffdh_group++;
+ }
+ mbedtls_printf("\n");
+ return -1;
+ }
+ }
+
+ mbedtls_printf("Number of curves: %u\n", (unsigned int) i);
+
+ if (i == group_list_len - 1 && *p != '\0') {
+ mbedtls_printf("curves list too long, maximum %u",
+ (unsigned int) (group_list_len - 1));
+ return -1;
+ }
+
+ group_list[i] = 0;
+ }
+
+ return 0;
+}
+#endif /* MBEDTLS_ECP_LIGHT ||
+ (MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH) */
+
#endif /* !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) */
diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index c2afc96..eb29dc7 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -314,6 +314,11 @@
/* Helper functions for FFDH groups. */
uint16_t mbedtls_ssl_ffdh_group_from_name(const char *name);
const uint16_t *mbedtls_ssl_ffdh_supported_groups(void);
+#if defined(MBEDTLS_ECP_LIGHT) || \
+ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
+ defined(PSA_WANT_ALG_FFDH))
+int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len);
+#endif
#endif /* MBEDTLS_SSL_TEST_IMPOSSIBLE conditions: else */
#endif /* MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H */