Merge pull request #9906 from mpg/rm-conf-curves

[dev] Remove deprecated function mbedtls_ssl_conf_curves()

library/ssl_client.c

@@ -222,7 +222,7 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl,
     unsigned char *p = buf;
     unsigned char *named_group_list; /* Start of named_group_list */
     size_t named_group_list_len;     /* Length of named_group_list */
-    const uint16_t *group_list = mbedtls_ssl_get_groups(ssl);
+    const uint16_t *group_list = ssl->conf->group_list;
 
     *out_len = 0;
 

library/ssl_misc.h

@@ -2267,30 +2267,6 @@ int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl,
                                          size_t dst_len,
                                          size_t *olen);
 
-/*
- * Return supported groups.
- *
- * In future, invocations can be changed to ssl->conf->group_list
- * when mbedtls_ssl_conf_curves() is deleted.
- *
- * ssl->handshake->group_list is either a translation of curve_list to IANA TLS group
- * identifiers when mbedtls_ssl_conf_curves() has been used, or a pointer to
- * ssl->conf->group_list when mbedtls_ssl_conf_groups() has been more recently invoked.
- *
- */
-static inline const void *mbedtls_ssl_get_groups(const mbedtls_ssl_context *ssl)
-{
-    #if defined(MBEDTLS_DEPRECATED_REMOVED) || !defined(MBEDTLS_ECP_C)
-    return ssl->conf->group_list;
-    #else
-    if ((ssl->handshake != NULL) && (ssl->handshake->group_list != NULL)) {
-        return ssl->handshake->group_list;
-    } else {
-        return ssl->conf->group_list;
-    }
-    #endif
-}
-
 /*
  * Helper functions for NamedGroup.
  */
@@ -2333,7 +2309,7 @@ static inline int mbedtls_ssl_tls13_named_group_is_ffdh(uint16_t named_group)
 static inline int mbedtls_ssl_named_group_is_offered(
     const mbedtls_ssl_context *ssl, uint16_t named_group)
 {
-    const uint16_t *group_list = mbedtls_ssl_get_groups(ssl);
+    const uint16_t *group_list = ssl->conf->group_list;
 
     if (group_list == NULL) {
         return 0;

library/ssl_tls.c

@@ -1154,48 +1154,6 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl)
     }
 #endif
 
-/*
- * curve_list is translated to IANA TLS group identifiers here because
- * mbedtls_ssl_conf_curves returns void and so can't return
- * any error codes.
- */
-#if defined(MBEDTLS_ECP_C)
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-    /* Heap allocate and translate curve_list from internal to IANA group ids */
-    if (ssl->conf->curve_list != NULL) {
-        size_t length;
-        const mbedtls_ecp_group_id *curve_list = ssl->conf->curve_list;
-
-        for (length = 0;  (curve_list[length] != MBEDTLS_ECP_DP_NONE); length++) {
-        }
-
-        /* Leave room for zero termination */
-        uint16_t *group_list = mbedtls_calloc(length + 1, sizeof(uint16_t));
-        if (group_list == NULL) {
-            return MBEDTLS_ERR_SSL_ALLOC_FAILED;
-        }
-
-        for (size_t i = 0; i < length; i++) {
-            uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(
-                curve_list[i]);
-            if (tls_id == 0) {
-                mbedtls_free(group_list);
-                return MBEDTLS_ERR_SSL_BAD_CONFIG;
-            }
-            group_list[i] = tls_id;
-        }
-
-        group_list[length] = 0;
-
-        ssl->handshake->group_list = group_list;
-        ssl->handshake->group_list_heap_allocated = 1;
-    } else {
-        ssl->handshake->group_list = ssl->conf->group_list;
-        ssl->handshake->group_list_heap_allocated = 0;
-    }
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_ECP_C */
-
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
@@ -2735,34 +2693,12 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf,
 }
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 
-#if defined(MBEDTLS_ECP_C)
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-/*
- * Set the allowed elliptic curves
- *
- * mbedtls_ssl_setup() takes the provided list
- * and translates it to a list of IANA TLS group identifiers,
- * stored in ssl->handshake->group_list.
- *
- */
-void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf,
-                             const mbedtls_ecp_group_id *curve_list)
-{
-    conf->curve_list = curve_list;
-    conf->group_list = NULL;
-}
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_ECP_C */
-
 /*
  * Set the allowed groups
  */
 void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf,
                              const uint16_t *group_list)
 {
-#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
-    conf->curve_list = NULL;
-#endif
     conf->group_list = group_list;
 }
 
@@ -5594,7 +5530,7 @@ void mbedtls_ssl_config_init(mbedtls_ssl_config *conf)
 /* The selection should be the same as mbedtls_x509_crt_profile_default in
  * x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters:
  * curves with a lower resource usage come first.
- * See the documentation of mbedtls_ssl_conf_curves() for what we promise
+ * See the documentation of mbedtls_ssl_conf_groups() for what we promise
  * about this list.
  */
 static const uint16_t ssl_preset_default_groups[] = {
@@ -5983,9 +5919,6 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf,
             conf->sig_algs = ssl_preset_suiteb_sig_algs;
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 
-#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
-            conf->curve_list = NULL;
-#endif
             conf->group_list = ssl_preset_suiteb_groups;
             break;
 
@@ -6009,9 +5942,6 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf,
             conf->sig_algs = ssl_preset_default_sig_algs;
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 
-#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
-            conf->curve_list = NULL;
-#endif
             conf->group_list = ssl_preset_default_groups;
 
 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
@@ -6189,7 +6119,7 @@ unsigned char mbedtls_ssl_hash_from_md_alg(int md)
  */
 int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_id)
 {
-    const uint16_t *group_list = mbedtls_ssl_get_groups(ssl);
+    const uint16_t *group_list = ssl->conf->group_list;
 
     if (group_list == NULL) {
         return -1;

library/ssl_tls12_server.c

@@ -2966,7 +2966,7 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl,
          * } ServerECDHParams;
          */
         uint16_t *curr_tls_id = ssl->handshake->curves_tls_id;
-        const uint16_t *group_list = mbedtls_ssl_get_groups(ssl);
+        const uint16_t *group_list = ssl->conf->group_list;
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
         size_t len = 0;
 

library/ssl_tls13_client.c

@@ -216,7 +216,7 @@ static int ssl_tls13_get_default_group_id(mbedtls_ssl_context *ssl,
 
 
 #if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
-    const uint16_t *group_list = mbedtls_ssl_get_groups(ssl);
+    const uint16_t *group_list = ssl->conf->group_list;
     /* Pick first available ECDHE group compatible with TLS 1.3 */
     if (group_list == NULL) {
         return MBEDTLS_ERR_SSL_BAD_CONFIG;
@@ -382,7 +382,7 @@ static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl,
     int selected_group;
     int found = 0;
 
-    const uint16_t *group_list = mbedtls_ssl_get_groups(ssl);
+    const uint16_t *group_list = ssl->conf->group_list;
     if (group_list == NULL) {
         return MBEDTLS_ERR_SSL_BAD_CONFIG;
     }