Fix define for ssl_conf_curves()
This is a security feature, it shouldn't be optional.
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 72ce76f..3d3f3d1 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -255,7 +255,7 @@
unsigned char *elliptic_curve_list = p + 6;
size_t elliptic_curve_len = 0;
const mbedtls_ecp_curve_info *info;
-#if defined(MBEDTLS_SSL_SET_CURVES)
+#if defined(MBEDTLS_ECP_C)
const mbedtls_ecp_group_id *grp_id;
#else
((void) ssl);
@@ -265,7 +265,7 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );
-#if defined(MBEDTLS_SSL_SET_CURVES)
+#if defined(MBEDTLS_ECP_C)
for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
{
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
@@ -1683,7 +1683,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
-#if defined(MBEDTLS_SSL_SET_CURVES)
+#if defined(MBEDTLS_ECP_C)
if( ! mbedtls_ssl_curve_is_acceptable( ssl, ssl->handshake->ecdh_ctx.grp.id ) )
#else
if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 7db5a3c..554a552 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2641,7 +2641,7 @@
* } ServerECDHParams;
*/
const mbedtls_ecp_curve_info **curve = NULL;
-#if defined(MBEDTLS_SSL_SET_CURVES)
+#if defined(MBEDTLS_ECP_C)
const mbedtls_ecp_group_id *gid;
/* Match our preference list against the offered curves */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 9ce9739..7a1284a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4081,7 +4081,7 @@
* Secondary checks: always done, but change 'ret' only if it was 0
*/
-#if defined(MBEDTLS_SSL_SET_CURVES)
+#if defined(MBEDTLS_ECP_C)
{
const mbedtls_pk_context *pk = &ssl->session_negotiate->peer_cert->pk;
@@ -4094,7 +4094,7 @@
ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
}
}
-#endif /* MBEDTLS_SSL_SET_CURVES */
+#endif /* MBEDTLS_ECP_C */
if( mbedtls_ssl_check_cert_usage( ssl->session_negotiate->peer_cert,
ciphersuite_info,
@@ -5478,7 +5478,7 @@
}
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
-#if defined(MBEDTLS_SSL_SET_CURVES)
+#if defined(MBEDTLS_ECP_C)
/*
* Set the allowed elliptic curves
*/
@@ -6665,7 +6665,7 @@
conf->cbc_record_splitting = MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED;
#endif
-#if defined(MBEDTLS_SSL_SET_CURVES)
+#if defined(MBEDTLS_ECP_C)
conf->curve_list = mbedtls_ecp_grp_id_list( );
#endif
@@ -6804,7 +6804,7 @@
}
}
-#if defined(MBEDTLS_SSL_SET_CURVES)
+#if defined(MBEDTLS_ECP_C)
/*
* Check is a curve proposed by the peer is in our list.
* Return 1 if we're willing to use it, 0 otherwise.
@@ -6819,7 +6819,7 @@
return( 0 );
}
-#endif /* MBEDTLS_SSL_SET_CURVES */
+#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
diff --git a/library/version_features.c b/library/version_features.c
index e534b32..7ad0f02 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -385,9 +385,6 @@
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
"MBEDTLS_SSL_TRUNCATED_HMAC",
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-#if defined(MBEDTLS_SSL_SET_CURVES)
- "MBEDTLS_SSL_SET_CURVES",
-#endif /* MBEDTLS_SSL_SET_CURVES */
#if defined(MBEDTLS_THREADING_ALT)
"MBEDTLS_THREADING_ALT",
#endif /* MBEDTLS_THREADING_ALT */