diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 2922f378aa..c0ec6fb4c2 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1567,10 +1567,6 @@ struct mbedtls_ssl_config { const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) - const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */ -#endif - const uint16_t *MBEDTLS_PRIVATE(group_list); /*!< allowed IANA NamedGroups */ #if defined(MBEDTLS_DHM_C) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 5bda91a281..4d6ac2b6ec 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2270,25 +2270,11 @@ int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl, /* * Return supported groups. * - * In future, invocations can be changed to ssl->conf->group_list - * when mbedtls_ssl_conf_curves() is deleted. - * - * ssl->handshake->group_list is either a translation of curve_list to IANA TLS group - * identifiers when mbedtls_ssl_conf_curves() has been used, or a pointer to - * ssl->conf->group_list when mbedtls_ssl_conf_groups() has been more recently invoked. - * + * In future, invocations can be changed to ssl->conf->group_list. */ static inline const void *mbedtls_ssl_get_groups(const mbedtls_ssl_context *ssl) { - #if defined(MBEDTLS_DEPRECATED_REMOVED) || !defined(MBEDTLS_ECP_C) return ssl->conf->group_list; - #else - if ((ssl->handshake != NULL) && (ssl->handshake->group_list != NULL)) { - return ssl->handshake->group_list; - } else { - return ssl->conf->group_list; - } - #endif } /* diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ad2edae308..9ea58330be 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1154,48 +1154,6 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) } #endif -/* - * curve_list is translated to IANA TLS group identifiers here because - * mbedtls_ssl_conf_curves returns void and so can't return - * any error codes. - */ -#if defined(MBEDTLS_ECP_C) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - /* Heap allocate and translate curve_list from internal to IANA group ids */ - if (ssl->conf->curve_list != NULL) { - size_t length; - const mbedtls_ecp_group_id *curve_list = ssl->conf->curve_list; - - for (length = 0; (curve_list[length] != MBEDTLS_ECP_DP_NONE); length++) { - } - - /* Leave room for zero termination */ - uint16_t *group_list = mbedtls_calloc(length + 1, sizeof(uint16_t)); - if (group_list == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - for (size_t i = 0; i < length; i++) { - uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id( - curve_list[i]); - if (tls_id == 0) { - mbedtls_free(group_list); - return MBEDTLS_ERR_SSL_BAD_CONFIG; - } - group_list[i] = tls_id; - } - - group_list[length] = 0; - - ssl->handshake->group_list = group_list; - ssl->handshake->group_list_heap_allocated = 1; - } else { - ssl->handshake->group_list = ssl->conf->group_list; - ssl->handshake->group_list_heap_allocated = 0; - } -#endif /* MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_ECP_C */ - #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) @@ -2741,9 +2699,6 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, const uint16_t *group_list) { -#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) - conf->curve_list = NULL; -#endif conf->group_list = group_list; } @@ -5964,9 +5919,6 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, conf->sig_algs = ssl_preset_suiteb_sig_algs; #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) - conf->curve_list = NULL; -#endif conf->group_list = ssl_preset_suiteb_groups; break; @@ -5990,9 +5942,6 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, conf->sig_algs = ssl_preset_default_sig_algs; #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) - conf->curve_list = NULL; -#endif conf->group_list = ssl_preset_default_groups; #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)