Created
April 10, 2018 09:43
-
-
Save zb3/c1257c0888418d2721e198db337b11c0 to your computer and use it in GitHub Desktop.
Add support for Anonymous Diffie-Hellman key exchange in MbedTLS. This patch is experimental and ADH is not secure.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff -Naur mbedtls/include/mbedtls/config.h mbedtls-dh-anon/include/mbedtls/config.h | |
| --- mbedtls/include/mbedtls/config.h 2018-04-10 11:30:33.713503768 +0200 | |
| +++ mbedtls-dh-anon/include/mbedtls/config.h 2018-04-10 11:38:50.001356927 +0200 | |
| @@ -637,6 +637,36 @@ | |
| #define MBEDTLS_ECDSA_DETERMINISTIC | |
| /** | |
| + * \def MBEDTLS_KEY_EXCHANGE_DH_ANON_ENABLED | |
| + * | |
| + * Enable the ADH based ciphersuite modes in SSL / TLS. | |
| + * | |
| + * Requires: MBEDTLS_DHM_C | |
| + * | |
| + * This enables the following ciphersuites (if other requisites are | |
| + * enabled as well): | |
| + * MBEDTLS_TLS_DH_anon_WITH_AES_256_GCM_SHA384 | |
| + * MBEDTLS_TLS_DH_anon_WITH_AES_256_CBC_SHA256 | |
| + * MBEDTLS_TLS_DH_anon_WITH_AES_256_CBC_SHA | |
| + * MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 | |
| + * MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 | |
| + * MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA | |
| + * MBEDTLS_TLS_DH_anon_WITH_AES_128_GCM_SHA256 | |
| + * MBEDTLS_TLS_DH_anon_WITH_AES_128_CBC_SHA256 | |
| + * MBEDTLS_TLS_DH_anon_WITH_AES_128_CBC_SHA | |
| + * MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 | |
| + * MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 | |
| + * MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA | |
| + * MBEDTLS_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA | |
| + * MBEDTLS_TLS_DH_anon_WITH_DES_CBC_SHA | |
| + * MBEDTLS_TLS_DH_anon_WITH_RC4_128_MD5 | |
| + * | |
| + * \warning ADH is suspectible to MITM attack, and thus not secure. | |
| + * | |
| + */ | |
| +#define MBEDTLS_KEY_EXCHANGE_DH_ANON_ENABLED | |
| + | |
| +/** | |
| * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED | |
| * | |
| * Enable the PSK based ciphersuite modes in SSL / TLS. | |
| diff -Naur mbedtls/include/mbedtls/ssl_ciphersuites.h mbedtls-dh-anon/include/mbedtls/ssl_ciphersuites.h | |
| --- mbedtls/include/mbedtls/ssl_ciphersuites.h 2018-04-10 11:30:33.727503888 +0200 | |
| +++ mbedtls-dh-anon/include/mbedtls/ssl_ciphersuites.h 2018-04-10 11:30:05.377258724 +0200 | |
| @@ -47,14 +47,20 @@ | |
| #define MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15 /**< Weak! Not in TLS 1.2 */ | |
| #define MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16 | |
| +#define MBEDTLS_TLS_DH_anon_WITH_RC4_128_MD5 0x18 | |
| +#define MBEDTLS_TLS_DH_anon_WITH_DES_CBC_SHA 0x1A | |
| +#define MBEDTLS_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x1B | |
| + | |
| #define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */ | |
| #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D /**< Weak! */ | |
| #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E /**< Weak! */ | |
| #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F | |
| #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33 | |
| +#define MBEDTLS_TLS_DH_anon_WITH_AES_128_CBC_SHA 0x34 | |
| #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35 | |
| #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39 | |
| +#define MBEDTLS_TLS_DH_anon_WITH_AES_256_CBC_SHA 0x3A | |
| #define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */ | |
| #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */ | |
| @@ -62,12 +68,16 @@ | |
| #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41 | |
| #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45 | |
| +#define MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA 0x46 | |
| #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67 /**< TLS 1.2 */ | |
| #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B /**< TLS 1.2 */ | |
| +#define MBEDTLS_TLS_DH_anon_WITH_AES_128_CBC_SHA256 0x6C | |
| +#define MBEDTLS_TLS_DH_anon_WITH_AES_256_CBC_SHA256 0x6D | |
| #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84 | |
| #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88 | |
| +#define MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA 0x89 | |
| #define MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 0x8A | |
| #define MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 0x8B | |
| @@ -89,6 +99,9 @@ | |
| #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E /**< TLS 1.2 */ | |
| #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F /**< TLS 1.2 */ | |
| +#define MBEDTLS_TLS_DH_anon_WITH_AES_128_GCM_SHA256 0xA6 | |
| +#define MBEDTLS_TLS_DH_anon_WITH_AES_256_GCM_SHA384 0xA7 | |
| + | |
| #define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8 /**< TLS 1.2 */ | |
| #define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 /**< TLS 1.2 */ | |
| #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA /**< TLS 1.2 */ | |
| @@ -113,9 +126,11 @@ | |
| #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */ | |
| #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /**< TLS 1.2 */ | |
| +#define MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 0xBF | |
| #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */ | |
| #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */ | |
| +#define MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 0xC5 | |
| #define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */ | |
| #define MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002 /**< Not in SSL3! */ | |
| @@ -182,6 +197,8 @@ | |
| #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */ | |
| #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C /**< TLS 1.2 */ | |
| #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D /**< TLS 1.2 */ | |
| +#define MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 0xC084 | |
| +#define MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 0xC085 | |
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */ | |
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */ | |
| #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088 /**< TLS 1.2 */ | |
| @@ -232,6 +249,9 @@ | |
| #define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF /**< experimental */ | |
| + | |
| + | |
| + | |
| /* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange. | |
| * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below | |
| */ | |
| @@ -248,6 +268,7 @@ | |
| MBEDTLS_KEY_EXCHANGE_ECDH_RSA, | |
| MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, | |
| MBEDTLS_KEY_EXCHANGE_ECJPAKE, | |
| + MBEDTLS_KEY_EXCHANGE_DH_ANON, | |
| } mbedtls_key_exchange_type_t; | |
| /* Key exchanges using a certificate */ | |
| @@ -295,6 +316,7 @@ | |
| /* Key exchanges that involve ephemeral keys */ | |
| #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ | |
| defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ | |
| + defined(MBEDTLS_KEY_EXCHANGE_DH_ANON_ENABLED) || \ | |
| defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ | |
| defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ | |
| defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ | |
| @@ -312,7 +334,8 @@ | |
| /* Key exchanges using DHE */ | |
| #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ | |
| - defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) | |
| + defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ | |
| + defined(MBEDTLS_KEY_EXCHANGE_DH_ANON_ENABLED) | |
| #define MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED | |
| #endif | |
| @@ -370,6 +393,7 @@ | |
| { | |
| case MBEDTLS_KEY_EXCHANGE_DHE_RSA: | |
| case MBEDTLS_KEY_EXCHANGE_DHE_PSK: | |
| + case MBEDTLS_KEY_EXCHANGE_DH_ANON: | |
| case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: | |
| case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: | |
| case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: | |
| @@ -439,6 +463,7 @@ | |
| { | |
| case MBEDTLS_KEY_EXCHANGE_DHE_RSA: | |
| case MBEDTLS_KEY_EXCHANGE_DHE_PSK: | |
| + case MBEDTLS_KEY_EXCHANGE_DH_ANON: | |
| return( 1 ); | |
| default: | |
| diff -Naur mbedtls/include/mbedtls/ssl.h mbedtls-dh-anon/include/mbedtls/ssl.h | |
| --- mbedtls/include/mbedtls/ssl.h 2018-04-10 11:30:33.726503879 +0200 | |
| +++ mbedtls-dh-anon/include/mbedtls/ssl.h 2018-04-10 11:30:05.375258706 +0200 | |
| @@ -366,7 +366,8 @@ | |
| #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) | |
| unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */ | |
| #endif | |
| -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) | |
| +#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ | |
| + defined(MBEDTLS_KEY_EXCHANGE_DH_ANON_ENABLED) | |
| unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE]; /* RFC 5246 8.1.2 */ | |
| #endif | |
| #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ | |
| diff -Naur mbedtls/library/ssl_ciphersuites.c mbedtls-dh-anon/library/ssl_ciphersuites.c | |
| --- mbedtls/library/ssl_ciphersuites.c 2018-04-10 11:30:33.765504214 +0200 | |
| +++ mbedtls-dh-anon/library/ssl_ciphersuites.c 2018-04-10 11:30:05.379258742 +0200 | |
| @@ -221,6 +221,22 @@ | |
| MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, | |
| MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, | |
| + | |
| + MBEDTLS_TLS_DH_anon_WITH_AES_256_GCM_SHA384, | |
| + MBEDTLS_TLS_DH_anon_WITH_AES_256_CBC_SHA256, | |
| + MBEDTLS_TLS_DH_anon_WITH_AES_256_CBC_SHA, | |
| + MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384, | |
| + MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256, | |
| + MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA, | |
| + MBEDTLS_TLS_DH_anon_WITH_AES_128_GCM_SHA256, | |
| + MBEDTLS_TLS_DH_anon_WITH_AES_128_CBC_SHA256, | |
| + MBEDTLS_TLS_DH_anon_WITH_AES_128_CBC_SHA, | |
| + MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256, | |
| + MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256, | |
| + MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA, | |
| + MBEDTLS_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, | |
| + MBEDTLS_TLS_DH_anon_WITH_DES_CBC_SHA, | |
| + MBEDTLS_TLS_DH_anon_WITH_RC4_128_MD5, | |
| /* RC4 suites */ | |
| MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, | |
| @@ -1530,6 +1546,133 @@ | |
| #endif /* MBEDTLS_AES_C */ | |
| #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ | |
| +#if defined(MBEDTLS_KEY_EXCHANGE_DH_ANON_ENABLED) | |
| +#if defined(MBEDTLS_AES_C) | |
| +#if defined(MBEDTLS_GCM_C) | |
| +#if defined(MBEDTLS_SHA256_C) | |
| + { MBEDTLS_TLS_DH_anon_WITH_AES_128_GCM_SHA256, "TLS-ANON-DH-WITH-AES-128-GCM-SHA256", | |
| + MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DH_ANON, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, | |
| + 0 }, | |
| +#endif /* MBEDTLS_SHA256_C */ | |
| + | |
| +#if defined(MBEDTLS_SHA512_C) | |
| + { MBEDTLS_TLS_DH_anon_WITH_AES_256_GCM_SHA384, "TLS-ANON-DH-WITH-AES-256-GCM-SHA384", | |
| + MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DH_ANON, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, | |
| + 0 }, | |
| +#endif /* MBEDTLS_SHA512_C */ | |
| +#endif /* MBEDTLS_GCM_C */ | |
| + | |
| +#if defined(MBEDTLS_CIPHER_MODE_CBC) | |
| +#if defined(MBEDTLS_SHA256_C) | |
| + { MBEDTLS_TLS_DH_anon_WITH_AES_128_CBC_SHA256, "TLS-ANON-DH-WITH-AES-128-CBC-SHA256", | |
| + MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DH_ANON, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, | |
| + 0 }, | |
| + { MBEDTLS_TLS_DH_anon_WITH_AES_256_CBC_SHA256, "TLS-ANON-DH-WITH-AES-256-CBC-SHA256", | |
| + MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DH_ANON, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, | |
| + 0 }, | |
| +#endif /* MBEDTLS_SHA256_C */ | |
| + | |
| +#if defined(MBEDTLS_SHA1_C) | |
| + { MBEDTLS_TLS_DH_anon_WITH_AES_128_CBC_SHA, "TLS-ANON-DH-WITH-AES-128-CBC-SHA", | |
| + MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DH_ANON, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, | |
| + 0 }, | |
| + | |
| + { MBEDTLS_TLS_DH_anon_WITH_AES_256_CBC_SHA, "TLS-ANON-DH-WITH-AES-256-CBC-SHA", | |
| + MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DH_ANON, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, | |
| + 0 }, | |
| +#endif /* MBEDTLS_SHA1_C */ | |
| +#endif /* MBEDTLS_CIPHER_MODE_CBC */ | |
| +#endif /* MBEDTLS_AES_C */ | |
| + | |
| +#if defined(MBEDTLS_CAMELLIA_C) | |
| +#if defined(MBEDTLS_CIPHER_MODE_CBC) | |
| +#if defined(MBEDTLS_SHA1_C) | |
| + { MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA, "TLS-ANON-DH-WITH-CAMELLIA-128-CBC-SHA", | |
| + MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DH_ANON, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, | |
| + 0 }, | |
| + { MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA, "TLS-ANON-DH-WITH-CAMELLIA-256-CBC-SHA", | |
| + MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DH_ANON, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, | |
| + 0 }, | |
| +#endif /* MBEDTLS_SHA1_C */ | |
| +#if defined(MBEDTLS_SHA256_C) | |
| + { MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ANON-DH-WITH-CAMELLIA-128-CBC-SHA256", | |
| + MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DH_ANON, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, | |
| + 0 }, | |
| + { MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256, "TLS-ANON-DH-WITH-CAMELLIA-256-CBC-SHA256", | |
| + MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DH_ANON, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, | |
| + 0 }, | |
| +#endif /* MBEDTLS_SHA256_C */ | |
| +#endif /* MBEDTLS_CIPHER_MODE_CBC */ | |
| + | |
| +#if defined(MBEDTLS_GCM_C) | |
| +#if defined(MBEDTLS_SHA256_C) | |
| + { MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ANON-DH-WITH-CAMELLIA-128-GCM-SHA256", | |
| + MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DH_ANON, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, | |
| + 0 }, | |
| +#endif /* MBEDTLS_SHA256_C */ | |
| + | |
| +#if defined(MBEDTLS_SHA512_C) | |
| + { MBEDTLS_TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ANON-DH-WITH-CAMELLIA-256-GCM-SHA384", | |
| + MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DH_ANON, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, | |
| + 0 }, | |
| +#endif /* MBEDTLS_SHA512_C */ | |
| +#endif /* MBEDTLS_GCM_C */ | |
| +#endif /* MBEDTLS_CAMELLIA_C */ | |
| + | |
| +#if defined(MBEDTLS_DES_C) | |
| +#if defined(MBEDTLS_CIPHER_MODE_CBC) | |
| +#if defined(MBEDTLS_SHA1_C) | |
| + { MBEDTLS_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, "TLS-ANON-DH-WITH-3DES-EDE-CBC-SHA", | |
| + MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DH_ANON, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, | |
| + 0 }, | |
| + { MBEDTLS_TLS_DH_anon_WITH_DES_CBC_SHA, "TLS-ANON-DH-WITH-DES-CBC-SHA", | |
| + MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DH_ANON, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, | |
| + MBEDTLS_CIPHERSUITE_WEAK }, | |
| +#endif /* MBEDTLS_SHA1_C */ | |
| +#endif /* MBEDTLS_CIPHER_MODE_CBC */ | |
| +#endif /* MBEDTLS_DES_C */ | |
| + | |
| +#if defined(MBEDTLS_ARC4_C) | |
| +#if defined(MBEDTLS_MD5_C) | |
| + { MBEDTLS_TLS_DH_anon_WITH_RC4_128_MD5, "TLS-ANON-DH-WITH-RC4-128-MD5", | |
| + MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_DH_ANON, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, | |
| + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, | |
| + MBEDTLS_CIPHERSUITE_NODTLS }, | |
| +#endif /* MBEDTLS_MD5_C */ | |
| +#endif /* MBEDTLS_ARC4_C */ | |
| + | |
| +#endif /* MBEDTLS_KEY_EXCHANGE_DH_ANON_ENABLED */ | |
| + | |
| + | |
| #if defined(MBEDTLS_ENABLE_WEAK_CIPHERSUITES) | |
| #if defined(MBEDTLS_CIPHER_NULL_CIPHER) | |
| #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) | |
| diff -Naur mbedtls/library/ssl_cli.c mbedtls-dh-anon/library/ssl_cli.c | |
| --- mbedtls/library/ssl_cli.c 2018-04-10 11:30:33.767504231 +0200 | |
| +++ mbedtls-dh-anon/library/ssl_cli.c 2018-04-10 11:30:05.381258759 +0200 | |
| @@ -1934,7 +1934,8 @@ | |
| } | |
| #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ | |
| - defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) | |
| + defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ | |
| + defined(MBEDTLS_KEY_EXCHANGE_DH_ANON_ENABLED) | |
| static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, unsigned char **p, | |
| unsigned char *end ) | |
| { | |
| @@ -1970,7 +1971,8 @@ | |
| return( ret ); | |
| } | |
| #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || | |
| - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ | |
| + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED || | |
| + MBEDTLS_KEY_EXCHANGE_DH_ANON_ENABLED */ | |
| #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ | |
| defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ | |
| @@ -2375,10 +2377,12 @@ | |
| else | |
| #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED || | |
| MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ | |
| -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ | |
| - defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) | |
| +#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ | |
| + defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ | |
| + defined(MBEDTLS_KEY_EXCHANGE_DH_ANON_ENABLED) | |
| if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA || | |
| - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) | |
| + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || | |
| + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DH_ANON ) | |
| { | |
| if( ssl_parse_server_dh_params( ssl, &p, end ) != 0 ) | |
| { | |
| @@ -2390,7 +2394,8 @@ | |
| } | |
| else | |
| #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || | |
| - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ | |
| + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED || | |
| + MBEDTLS_KEY_EXCHANGE_DH_ANON_ENABLED */ | |
| #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ | |
| defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ | |
| defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) | |
| @@ -2781,8 +2786,10 @@ | |
| MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) ); | |
| -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) | |
| - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ) | |
| +#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ | |
| + defined(MBEDTLS_KEY_EXCHANGE_DH_ANON_ENABLED) | |
| + if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA || | |
| + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DH_ANON ) | |
| { | |
| /* | |
| * DHM key exchange -- send G^X mod P | |
| @@ -2819,7 +2826,8 @@ | |
| MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); | |
| } | |
| else | |
| -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ | |
| +#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || | |
| + MBEDTLS_KEY_EXCHANGE_DH_ANON_ENABLED */ | |
| #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ | |
| defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ | |
| defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ | |
| @@ -3050,7 +3058,8 @@ | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || | |
| - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) | |
| + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE || | |
| + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DH_ANON ) | |
| { | |
| MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); | |
| ssl->state++; | |
| @@ -3084,7 +3093,8 @@ | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || | |
| - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) | |
| + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE || | |
| + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DH_ANON ) | |
| { | |
| MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); | |
| ssl->state++; | |
| diff -Naur mbedtls/library/ssl_srv.c mbedtls-dh-anon/library/ssl_srv.c | |
| --- mbedtls/library/ssl_srv.c 2018-04-10 11:30:33.770504257 +0200 | |
| +++ mbedtls-dh-anon/library/ssl_srv.c 2018-04-10 11:30:05.384258785 +0200 | |
| @@ -2625,7 +2625,8 @@ | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || | |
| - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) | |
| + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE || | |
| + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DH_ANON ) | |
| { | |
| MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) ); | |
| ssl->state++; | |
| @@ -2664,6 +2665,7 @@ | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE || | |
| + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DH_ANON || | |
| authmode == MBEDTLS_SSL_VERIFY_NONE ) | |
| { | |
| MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) ); | |
| @@ -3236,7 +3238,8 @@ | |
| } | |
| #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ | |
| - defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) | |
| + defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ | |
| + defined(MBEDTLS_KEY_EXCHANGE_DH_ANON_ENABLED) | |
| static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char **p, | |
| const unsigned char *end ) | |
| { | |
| @@ -3274,7 +3277,8 @@ | |
| return( ret ); | |
| } | |
| #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || | |
| - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ | |
| + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED || | |
| + MBEDTLS_KEY_EXCHANGE_DH_ANON_ENABLED */ | |
| #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ | |
| defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) | |
| @@ -3472,8 +3476,10 @@ | |
| return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); | |
| } | |
| -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) | |
| - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ) | |
| +#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ | |
| + defined(MBEDTLS_KEY_EXCHANGE_DH_ANON_ENABLED) | |
| + if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA || | |
| + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DH_ANON ) | |
| { | |
| if( ( ret = ssl_parse_client_dh_public( ssl, &p, end ) ) != 0 ) | |
| { | |
| @@ -3500,7 +3506,8 @@ | |
| MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); | |
| } | |
| else | |
| -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ | |
| +#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || | |
| + MBEDTLS_KEY_EXCHANGE_DH_ANON_ENABLED */ | |
| #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ | |
| defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ | |
| defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ | |
| @@ -3708,7 +3715,8 @@ | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || | |
| - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) | |
| + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE || | |
| + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DH_ANON ) | |
| { | |
| MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); | |
| ssl->state++; | |
| @@ -3740,6 +3748,7 @@ | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE || | |
| + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DH_ANON || | |
| ssl->session_negotiate->peer_cert == NULL ) | |
| { | |
| MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); | |
| diff -Naur mbedtls/library/ssl_tls.c mbedtls-dh-anon/library/ssl_tls.c | |
| --- mbedtls/library/ssl_tls.c 2018-04-10 11:30:33.775504300 +0200 | |
| +++ mbedtls-dh-anon/library/ssl_tls.c 2018-04-10 11:30:05.388258821 +0200 | |
| @@ -4214,7 +4214,8 @@ | |
| if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || | |
| - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) | |
| + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE || | |
| + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DH_ANON ) | |
| { | |
| MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); | |
| ssl->state++; | |
| @@ -4234,7 +4235,8 @@ | |
| if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || | |
| - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) | |
| + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE || | |
| + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DH_ANON ) | |
| { | |
| MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); | |
| ssl->state++; | |
| @@ -4260,7 +4262,8 @@ | |
| if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || | |
| - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) | |
| + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE || | |
| + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DH_ANON ) | |
| { | |
| MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); | |
| ssl->state++; | |
| @@ -4377,7 +4380,8 @@ | |
| if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || | |
| ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || | |
| - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) | |
| + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE || | |
| + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DH_ANON ) | |
| { | |
| MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); | |
| ssl->state++; | |
| @@ -8085,6 +8089,7 @@ | |
| case MBEDTLS_KEY_EXCHANGE_DHE_PSK: | |
| case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: | |
| case MBEDTLS_KEY_EXCHANGE_ECJPAKE: | |
| + case MBEDTLS_KEY_EXCHANGE_DH_ANON: | |
| usage = 0; | |
| } | |
| } | |
| diff -Naur mbedtls/library/version_features.c mbedtls-dh-anon/library/version_features.c | |
| --- mbedtls/library/version_features.c 2018-04-10 11:30:33.776504309 +0200 | |
| +++ mbedtls-dh-anon/library/version_features.c 2018-04-10 11:30:05.390258838 +0200 | |
| @@ -321,6 +321,9 @@ | |
| #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) | |
| "MBEDTLS_KEY_EXCHANGE_PSK_ENABLED", | |
| #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ | |
| +#if defined(MBEDTLS_KEY_EXCHANGE_DH_ANON_ENABLED) | |
| + "MBEDTLS_KEY_EXCHANGE_DH_ANON_ENABLED", | |
| +#endif /* MBEDTLS_KEY_EXCHANGE_DH_ANON_ENABLED */ | |
| #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) | |
| "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED", | |
| #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ | |
| diff -Naur mbedtls/yotta/data/adjust-config.sh mbedtls-dh-anon/yotta/data/adjust-config.sh | |
| --- mbedtls/yotta/data/adjust-config.sh 2018-04-10 11:30:34.062506763 +0200 | |
| +++ mbedtls-dh-anon/yotta/data/adjust-config.sh 2018-04-10 11:30:05.391258847 +0200 | |
| @@ -64,6 +64,7 @@ | |
| conf unset MBEDTLS_X509_CRT_WRITE_C | |
| conf unset MBEDTLS_X509_CSR_WRITE_C | |
| +conf unset MBEDTLS_KEY_EXCHANGE_DH_ANON_ENABLED | |
| conf unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED | |
| conf unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED | |
| conf unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This patch contains no real code, because ADH is an "intersection" of
DHE-RSAandDHE-PSKwhich were already supported