Allow hardcoding single supported elliptic curve
This commit introduces the option MBEDTLS_SSL_CONF_SINGLE_EC
which can be used to register a single supported elliptic curve
at compile time. It replaces the runtime configuration API
mbedtls_ssl_conf_curves() which allows to register a _list_
of supported elliptic curves.
In contrast to other options used to hardcode configuration options,
MBEDTLS_SSL_CONF_SINGLE_EC isn't a numeric option, but instead it's
only relevant if it's defined or not. To actually set the single
elliptic curve that should be supported, numeric options
MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID
MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID
must both be defined and provide the TLS ID and the Mbed TLS internal
ID and the chosen curve, respectively.
diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c
index 574d4d7..b9271ea 100644
--- a/programs/ssl/query_config.c
+++ b/programs/ssl/query_config.c
@@ -2778,6 +2778,30 @@
}
#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */
+#if defined(MBEDTLS_SSL_CONF_SINGLE_EC)
+ if( strcmp( "MBEDTLS_SSL_CONF_SINGLE_EC", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_SINGLE_EC );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CONF_SINGLE_EC */
+
+#if defined(MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID)
+ if( strcmp( "MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID */
+
+#if defined(MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID)
+ if( strcmp( "MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID */
+
/* If the symbol is not found, return an error */
return( 1 );
}