ssl: remove support for MBEDTLS_DHM_C
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index e0c0eae..958ee9b 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -24,10 +24,6 @@
#include "mbedtls/x509_crl.h"
#endif
-#if defined(MBEDTLS_DHM_C)
-#include "mbedtls/dhm.h"
-#endif
-
#include "mbedtls/md.h"
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED)
@@ -1562,11 +1558,6 @@
const uint16_t *MBEDTLS_PRIVATE(group_list); /*!< allowed IANA NamedGroups */
-#if defined(MBEDTLS_DHM_C)
- mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */
- mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */
-#endif
-
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field
@@ -1642,10 +1633,6 @@
unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad MAC */
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
- unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the DHM prime */
-#endif
-
/** User data pointer or handle.
*
* The library sets this to \p 0 when creating a context and does not
@@ -3753,49 +3740,6 @@
#endif /* MBEDTLS_SSL_SRV_C */
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
-/**
- * \brief Set the Diffie-Hellman public P and G values
- * from big-endian binary presentations.
- * (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]_BIN)
- *
- * \param conf SSL configuration
- * \param dhm_P Diffie-Hellman-Merkle modulus in big-endian binary form
- * \param P_len Length of DHM modulus
- * \param dhm_G Diffie-Hellman-Merkle generator in big-endian binary form
- * \param G_len Length of DHM generator
- *
- * \return 0 if successful
- */
-int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf,
- const unsigned char *dhm_P, size_t P_len,
- const unsigned char *dhm_G, size_t G_len);
-
-/**
- * \brief Set the Diffie-Hellman public P and G values,
- * read from existing context (server-side only)
- *
- * \param conf SSL configuration
- * \param dhm_ctx Diffie-Hellman-Merkle context
- *
- * \return 0 if successful
- */
-int mbedtls_ssl_conf_dh_param_ctx(mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx);
-#endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */
-
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
-/**
- * \brief Set the minimum length for Diffie-Hellman parameters.
- * (Client-side only.)
- * (Default: 1024 bits.)
- *
- * \param conf SSL configuration
- * \param bitlen Minimum bit length of the DHM prime
- */
-void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf,
- unsigned int bitlen);
-#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
-
/**
* \brief Set the allowed groups in order of preference.
*
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 9f91861..9ff0fca 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -763,10 +763,6 @@
const uint16_t *sig_algs;
#endif
-#if defined(MBEDTLS_DHM_C)
- mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
-#endif
-
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED)
psa_key_type_t xxdh_psa_type;
size_t xxdh_psa_bits;
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 60f2e1c..ec4272a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -911,9 +911,6 @@
handshake->update_checksum = ssl_update_checksum_start;
-#if defined(MBEDTLS_DHM_C)
- mbedtls_dhm_init(&handshake->dhm_ctx);
-#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
handshake->psa_pake_ctx = psa_pake_operation_init();
handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT;
@@ -2431,57 +2428,6 @@
return PSA_SUCCESS;
}
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
-int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf,
- const unsigned char *dhm_P, size_t P_len,
- const unsigned char *dhm_G, size_t G_len)
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- mbedtls_mpi_free(&conf->dhm_P);
- mbedtls_mpi_free(&conf->dhm_G);
-
- if ((ret = mbedtls_mpi_read_binary(&conf->dhm_P, dhm_P, P_len)) != 0 ||
- (ret = mbedtls_mpi_read_binary(&conf->dhm_G, dhm_G, G_len)) != 0) {
- mbedtls_mpi_free(&conf->dhm_P);
- mbedtls_mpi_free(&conf->dhm_G);
- return ret;
- }
-
- return 0;
-}
-
-int mbedtls_ssl_conf_dh_param_ctx(mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx)
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- mbedtls_mpi_free(&conf->dhm_P);
- mbedtls_mpi_free(&conf->dhm_G);
-
- if ((ret = mbedtls_dhm_get_value(dhm_ctx, MBEDTLS_DHM_PARAM_P,
- &conf->dhm_P)) != 0 ||
- (ret = mbedtls_dhm_get_value(dhm_ctx, MBEDTLS_DHM_PARAM_G,
- &conf->dhm_G)) != 0) {
- mbedtls_mpi_free(&conf->dhm_P);
- mbedtls_mpi_free(&conf->dhm_G);
- return ret;
- }
-
- return 0;
-}
-#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
-/*
- * Set the minimum length for Diffie-Hellman parameters
- */
-void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf,
- unsigned int bitlen)
-{
- conf->dhm_min_bitlen = bitlen;
-}
-#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
-
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
/*
@@ -4537,10 +4483,6 @@
psa_hash_abort(&handshake->fin_sha384_psa);
#endif
-#if defined(MBEDTLS_DHM_C)
- mbedtls_dhm_free(&handshake->dhm_ctx);
-#endif
-
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
psa_pake_abort(&handshake->psa_pake_ctx);
/*
@@ -5551,10 +5493,6 @@
int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf,
int endpoint, int transport, int preset)
{
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-#endif
-
#if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if (ssl_check_no_sig_alg_duplication(ssl_preset_suiteb_sig_algs)) {
mbedtls_printf("ssl_preset_suiteb_sig_algs has duplicated entries\n");
@@ -5629,21 +5567,6 @@
memset(conf->renego_period + 2, 0xFF, 6);
#endif
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
- if (endpoint == MBEDTLS_SSL_IS_SERVER) {
- const unsigned char dhm_p[] =
- MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN;
- const unsigned char dhm_g[] =
- MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN;
-
- if ((ret = mbedtls_ssl_conf_dh_param_bin(conf,
- dhm_p, sizeof(dhm_p),
- dhm_g, sizeof(dhm_g))) != 0) {
- return ret;
- }
- }
-#endif
-
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#if defined(MBEDTLS_SSL_EARLY_DATA)
@@ -5733,10 +5656,6 @@
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
conf->group_list = ssl_preset_default_groups;
-
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
- conf->dhm_min_bitlen = 1024;
-#endif
}
return 0;
@@ -5751,11 +5670,6 @@
return;
}
-#if defined(MBEDTLS_DHM_C)
- mbedtls_mpi_free(&conf->dhm_P);
- mbedtls_mpi_free(&conf->dhm_G);
-#endif
-
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) {
conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;