From 73cd415c0b95bc815ff17427b9eaba9988c9336f Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Wed, 12 Feb 2025 10:46:54 +0100
Subject: [PATCH] programs: remove DHM_C from ssl_client2 and ssl_server2
MBEDTLS_DHM_C is being removed so all its occurencies should be removed
as well.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
programs/ssl/ssl_client2.c | 22 ----------------
programs/ssl/ssl_server2.c | 51 +-------------------------------------
2 files changed, 1 insertion(+), 72 deletions(-)
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index f009a3169b..6742925f2a 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -71,7 +71,6 @@ int main(void)
#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
#define DFL_TRUNC_HMAC -1
#define DFL_RECSPLIT -1
-#define DFL_DHMLEN -1
#define DFL_RECONNECT 0
#define DFL_RECO_SERVER_NAME NULL
#define DFL_RECO_DELAY 0
@@ -234,13 +233,6 @@ int main(void)
#define USAGE_MAX_FRAG_LEN ""
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-#if defined(MBEDTLS_DHM_C)
-#define USAGE_DHMLEN \
- " dhmlen=%%d default: (library default: 1024 bits)\n"
-#else
-#define USAGE_DHMLEN
-#endif
-
#if defined(MBEDTLS_SSL_ALPN)
#define USAGE_ALPN \
" alpn=%%s default: \"\" (disabled)\n" \
@@ -433,7 +425,6 @@ int main(void)
USAGE_GROUPS \
USAGE_SIG_ALGS \
USAGE_EARLY_DATA \
- USAGE_DHMLEN \
USAGE_KEY_OPAQUE_ALGS \
"\n"
@@ -508,7 +499,6 @@ struct options {
unsigned char mfl_code; /* code for maximum fragment length */
int trunc_hmac; /* negotiate truncated hmac or not */
int recsplit; /* enable record splitting? */
- int dhmlen; /* minimum DHM params len in bits */
int reconnect; /* attempt to resume session */
const char *reco_server_name; /* hostname of the server (re-connect) */
int reco_delay; /* delay in seconds before resuming session */
@@ -956,7 +946,6 @@ int main(int argc, char *argv[])
opt.mfl_code = DFL_MFL_CODE;
opt.trunc_hmac = DFL_TRUNC_HMAC;
opt.recsplit = DFL_RECSPLIT;
- opt.dhmlen = DFL_DHMLEN;
opt.reconnect = DFL_RECONNECT;
opt.reco_server_name = DFL_RECO_SERVER_NAME;
opt.reco_delay = DFL_RECO_DELAY;
@@ -1388,11 +1377,6 @@ usage:
if (opt.recsplit < 0 || opt.recsplit > 1) {
goto usage;
}
- } else if (strcmp(p, "dhmlen") == 0) {
- opt.dhmlen = atoi(q);
- if (opt.dhmlen < 0) {
- goto usage;
- }
} else if (strcmp(p, "query_config") == 0) {
opt.query_config_mode = 1;
query_config_ret = query_config(q);
@@ -1898,12 +1882,6 @@ usage:
}
#endif
-#if defined(MBEDTLS_DHM_C)
- if (opt.dhmlen != DFL_DHMLEN) {
- mbedtls_ssl_conf_dhm_min_bitlen(&conf, opt.dhmlen);
- }
-#endif
-
#if defined(MBEDTLS_SSL_ALPN)
if (opt.alpn_string != NULL) {
if ((ret = mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list)) != 0) {
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index d9e57018ae..dc7ca8f51c 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -58,7 +58,6 @@ int main(void)
#endif
#include "mbedtls/pk.h"
-#include "mbedtls/dhm.h"
/* Size of memory to be allocated for the heap, when using the library's memory
* management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */
@@ -127,7 +126,6 @@ int main(void)
#define DFL_EARLY_DATA -1
#define DFL_MAX_EARLY_DATA_SIZE ((uint32_t) -1)
#define DFL_SIG_ALGS NULL
-#define DFL_DHM_FILE NULL
#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
#define DFL_COOKIES 1
#define DFL_ANTI_REPLAY -1
@@ -192,9 +190,7 @@ int main(void)
" note: if neither crt_file/key_file nor crt_file2/key_file2 are used,\n" \
" preloaded certificate(s) and key(s) are used if available\n" \
" key_pwd2=%%s Password for key specified by key_file2 argument\n" \
- " default: none\n" \
- " dhm_file=%%s File containing Diffie-Hellman parameters\n" \
- " default: preloaded parameters\n"
+ " default: none\n"
#else
#define USAGE_IO \
"\n" \
@@ -675,7 +671,6 @@ struct options {
const char *groups; /* list of supported groups */
const char *sig_algs; /* supported TLS 1.3 signature algorithms */
const char *alpn_string; /* ALPN supported protocols */
- const char *dhm_file; /* the file with the DH parameters */
int extended_ms; /* allow negotiation of extended MS? */
int etm; /* allow negotiation of encrypt-then-MAC? */
int transport; /* TLS or DTLS? */
@@ -1590,9 +1585,6 @@ int main(int argc, char *argv[])
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
ssl_async_key_context_t ssl_async_keys;
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
- mbedtls_dhm_context dhm;
-#endif
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_context cache;
#endif
@@ -1681,9 +1673,6 @@ int main(int argc, char *argv[])
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
memset(&ssl_async_keys, 0, sizeof(ssl_async_keys));
#endif
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
- mbedtls_dhm_init(&dhm);
-#endif
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_init(&cache);
#endif
@@ -1793,7 +1782,6 @@ int main(int argc, char *argv[])
opt.max_early_data_size = DFL_MAX_EARLY_DATA_SIZE;
#endif
opt.sig_algs = DFL_SIG_ALGS;
- opt.dhm_file = DFL_DHM_FILE;
opt.transport = DFL_TRANSPORT;
opt.cookies = DFL_COOKIES;
opt.anti_replay = DFL_ANTI_REPLAY;
@@ -1943,8 +1931,6 @@ usage:
opt.key_file2 = q;
} else if (strcmp(p, "key_pwd2") == 0) {
opt.key_pwd2 = q;
- } else if (strcmp(p, "dhm_file") == 0) {
- opt.dhm_file = q;
}
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
else if (strcmp(p, "async_operations") == 0) {
@@ -2787,21 +2773,6 @@ usage:
key_cert_init2 ? mbedtls_pk_get_name(&pkey2) : "none");
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
- if (opt.dhm_file != NULL) {
- mbedtls_printf(" . Loading DHM parameters...");
- fflush(stdout);
-
- if ((ret = mbedtls_dhm_parse_dhmfile(&dhm, opt.dhm_file)) != 0) {
- mbedtls_printf(" failed\n ! mbedtls_dhm_parse_dhmfile returned -0x%04X\n\n",
- (unsigned int) -ret);
- goto exit;
- }
-
- mbedtls_printf(" ok\n");
- }
-#endif
-
#if defined(SNI_OPTION)
if (opt.sni != NULL) {
mbedtls_printf(" . Setting up SNI information...");
@@ -3269,22 +3240,6 @@ usage:
}
#endif
-#if defined(MBEDTLS_DHM_C)
- /*
- * Use different group than default DHM group
- */
-#if defined(MBEDTLS_FS_IO)
- if (opt.dhm_file != NULL) {
- ret = mbedtls_ssl_conf_dh_param_ctx(&conf, &dhm);
- }
-#endif
- if (ret != 0) {
- mbedtls_printf(" failed\n mbedtls_ssl_conf_dh_param returned -0x%04X\n\n",
- (unsigned int) -ret);
- goto exit;
- }
-#endif
-
if (opt.min_version != DFL_MIN_VERSION) {
mbedtls_ssl_conf_min_tls_version(&conf, opt.min_version);
}
@@ -4284,10 +4239,6 @@ exit:
#endif
#endif
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
- mbedtls_dhm_free(&dhm);
-#endif
-
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
for (i = 0; (size_t) i < ssl_async_keys.slots_used; i++) {
if (ssl_async_keys.slots[i].pk_owned) {
--
GitLab