Remove deprecated function mbedtls_ssl_conf_curves()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index fff5339..2922f37 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -3813,54 +3813,6 @@
unsigned int bitlen);
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
-#if defined(MBEDTLS_ECP_C)
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-/**
- * \brief Set the allowed curves in order of preference.
- *
- * On server: this only affects selection of the ECDHE curve;
- * the curves used for ECDH and ECDSA are determined by the
- * list of available certificates instead.
- *
- * On client: this affects the list of curves offered for any
- * use. The server can override our preference order.
- *
- * Both sides: limits the set of curves accepted for use in
- * ECDHE and in the peer's end-entity certificate.
- *
- * \deprecated Superseded by mbedtls_ssl_conf_groups().
- *
- * \note This has no influence on which curves are allowed inside the
- * certificate chains, see \c mbedtls_ssl_conf_cert_profile()
- * for that. For the end-entity certificate however, the key
- * will be accepted only if it is allowed both by this list
- * and by the cert profile.
- *
- * \note This list should be ordered by decreasing preference
- * (preferred curve first).
- *
- * \note The default list is the same set of curves that
- * #mbedtls_x509_crt_profile_default allows, plus
- * ECDHE-only curves selected according to the same criteria.
- * The order favors curves with the lowest resource usage.
- *
- * \note New minor versions of Mbed TLS may extend this list,
- * for example if new curves are added to the library.
- * New minor versions of Mbed TLS will not remove items
- * from this list unless serious security concerns require it.
- * New minor versions of Mbed TLS may change the order in
- * keeping with the general principle of favoring the lowest
- * resource usage.
- *
- * \param conf SSL configuration
- * \param curves Ordered list of allowed curves,
- * terminated by MBEDTLS_ECP_DP_NONE.
- */
-void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf,
- const mbedtls_ecp_group_id *curves);
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_ECP_C */
-
/**
* \brief Set the allowed groups in order of preference.
*
@@ -3872,13 +3824,6 @@
* Both sides: limits the set of groups accepted for use in
* key sharing.
*
- * \note This function replaces the deprecated mbedtls_ssl_conf_curves(),
- * which only allows ECP curves to be configured.
- *
- * \note The most recent invocation of either mbedtls_ssl_conf_curves()
- * or mbedtls_ssl_conf_groups() nullifies all previous invocations
- * of both.
- *
* \note This list should be ordered by decreasing preference
* (preferred group first).
*
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5031c77..ad2edae 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2735,25 +2735,6 @@
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_ECP_C)
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-/*
- * Set the allowed elliptic curves
- *
- * mbedtls_ssl_setup() takes the provided list
- * and translates it to a list of IANA TLS group identifiers,
- * stored in ssl->handshake->group_list.
- *
- */
-void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf,
- const mbedtls_ecp_group_id *curve_list)
-{
- conf->curve_list = curve_list;
- conf->group_list = NULL;
-}
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_ECP_C */
-
/*
* Set the allowed groups
*/
@@ -5594,7 +5575,7 @@
/* The selection should be the same as mbedtls_x509_crt_profile_default in
* x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters:
* curves with a lower resource usage come first.
- * See the documentation of mbedtls_ssl_conf_curves() for what we promise
+ * See the documentation of mbedtls_ssl_conf_groups() for what we promise
* about this list.
*/
static const uint16_t ssl_preset_default_groups[] = {
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 721ac4a..a3b18c6 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -429,10 +429,6 @@
re.compile(r'ECP point multiplication .*'),
re.compile(r'ECP test vectors .*'),
],
- 'test_suite_ssl': [
- # This deprecated function is only present when ECP_C is On.
- 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
- ],
}
class DriverVSReference_no_ecp_at_all(outcome_analysis.DriverVSReference):
@@ -469,10 +465,6 @@
re.compile(r'Parse EC Key .*compressed\)'),
re.compile(r'Parse Public EC Key .*compressed\)'),
],
- # See ecp_light_only
- 'test_suite_ssl': [
- 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
- ],
}
class DriverVSReference_ecc_no_bignum(outcome_analysis.DriverVSReference):
@@ -516,10 +508,6 @@
'test_suite_debug': [
re.compile(r'Debug print mbedtls_mpi.*'),
],
- # See ecp_light_only
- 'test_suite_ssl': [
- 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
- ],
}
class DriverVSReference_ecc_ffdh_no_bignum(outcome_analysis.DriverVSReference):
@@ -571,10 +559,6 @@
'test_suite_debug': [
re.compile(r'Debug print mbedtls_mpi.*'),
],
- # See ecp_light_only
- 'test_suite_ssl': [
- 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
- ],
}
class DriverVSReference_ffdh_alg(outcome_analysis.DriverVSReference):
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 8135ef1..2eeb172 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -3086,9 +3086,6 @@
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_SRV_C
ssl_serialize_session_load_buf_size:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3
-Test configuration of groups for DHE through mbedtls_ssl_conf_curves()
-conf_curve:
-
Test configuration of groups for DHE through mbedtls_ssl_conf_groups()
conf_group:
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 3a2d61b..121c6ea 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3009,56 +3009,6 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_ECP_C:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ECC_SECP_R1_224:PSA_WANT_ECC_SECP_R1_256 */
-void conf_curve()
-{
-
- mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP192R1,
- MBEDTLS_ECP_DP_SECP224R1,
- MBEDTLS_ECP_DP_SECP256R1,
- MBEDTLS_ECP_DP_NONE };
- uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1,
- MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1,
- MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
- MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
-
- mbedtls_ssl_config conf;
- mbedtls_ssl_config_init(&conf);
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2);
- mbedtls_ssl_conf_min_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2);
-#else
- mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_3);
- mbedtls_ssl_conf_min_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_3);
-#endif
- mbedtls_ssl_conf_curves(&conf, curve_list);
-
- mbedtls_ssl_context ssl;
- mbedtls_ssl_init(&ssl);
- MD_OR_USE_PSA_INIT();
-
- mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
-
- TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
-
- TEST_ASSERT(ssl.handshake != NULL && ssl.handshake->group_list != NULL);
- TEST_ASSERT(ssl.conf != NULL && ssl.conf->group_list == NULL);
-
- TEST_EQUAL(ssl.handshake->
- group_list[ARRAY_LENGTH(iana_tls_group_list) - 1],
- MBEDTLS_SSL_IANA_TLS_GROUP_NONE);
-
- for (size_t i = 0; i < ARRAY_LENGTH(iana_tls_group_list); i++) {
- TEST_EQUAL(iana_tls_group_list[i], ssl.handshake->group_list[i]);
- }
-
-exit:
- mbedtls_ssl_free(&ssl);
- mbedtls_ssl_config_free(&conf);
- MD_OR_USE_PSA_DONE();
-}
-/* END_CASE */
-
/* BEGIN_CASE depends_on:MBEDTLS_DEPRECATED_REMOVED */
void conf_group()
{