diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index d6083daf19..debb1cc2c1 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1503,7 +1503,7 @@ struct mbedtls_ssl_config { const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */ #endif @@ -3651,7 +3651,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf, unsigned int bitlen); #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(MBEDTLS_ECP_C) #if !defined(MBEDTLS_DEPRECATED_REMOVED) /** * \brief Set the allowed curves in order of preference. @@ -3697,7 +3697,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf, void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf, const mbedtls_ecp_group_id *curves); #endif /* MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* MBEDTLS_ECP_C */ /** * \brief Set the allowed groups in order of preference. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6bc4aaa4a9..fc3fb85d75 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1150,7 +1150,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) * mbedtls_ssl_conf_curves returns void and so can't return * any error codes. */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(MBEDTLS_ECP_C) #if !defined(MBEDTLS_DEPRECATED_REMOVED) /* Heap allocate and translate curve_list from internal to IANA group ids */ if (ssl->conf->curve_list != NULL) { @@ -1185,7 +1185,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) ssl->handshake->group_list_heap_allocated = 0; } #endif /* MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) @@ -2921,7 +2921,7 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(MBEDTLS_ECP_C) #if !defined(MBEDTLS_DEPRECATED_REMOVED) /* * Set the allowed elliptic curves @@ -2938,7 +2938,7 @@ void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf, conf->group_list = NULL; } #endif /* MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* MBEDTLS_ECP_C */ /* * Set the allowed groups @@ -2946,7 +2946,7 @@ void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf, void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, const uint16_t *group_list) { -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) conf->curve_list = NULL; #endif conf->group_list = group_list; @@ -5321,7 +5321,7 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, conf->sig_algs = ssl_preset_suiteb_sig_algs; #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) conf->curve_list = NULL; #endif conf->group_list = ssl_preset_suiteb_groups; @@ -5347,7 +5347,7 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, conf->sig_algs = ssl_preset_default_sig_algs; #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) conf->curve_list = NULL; #endif conf->group_list = ssl_preset_default_groups; diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 3e2f3a9ae8..81adb7190f 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -271,6 +271,9 @@ TASKS = { 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0', 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1', ], + 'test_suite_ssl': [ + 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()', + ], } } }, @@ -330,6 +333,9 @@ TASKS = { 'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)', 'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)', ], + 'test_suite_ssl': [ + 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()', + ], } } }, @@ -423,6 +429,9 @@ TASKS = { 'Debug print mbedtls_mpi: 764 bits #1', 'Debug print mbedtls_mpi: 764 bits #2', ], + 'test_suite_ssl': [ + 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()', + ], } } }, @@ -517,6 +526,9 @@ TASKS = { 'Debug print mbedtls_mpi: 764 bits #1', 'Debug print mbedtls_mpi: 764 bits #2', ], + 'test_suite_ssl': [ + 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()', + ], } } }, diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 5ccfdaaca9..3ad1e19ace 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3059,7 +3059,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_HAVE_SECP192R1:MBEDTLS_ECP_HAVE_SECP224R1:MBEDTLS_ECP_HAVE_SECP256R1 */ +/* BEGIN_CASE depends_on:MBEDTLS_ECP_C:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_HAVE_SECP192R1:MBEDTLS_ECP_HAVE_SECP224R1:MBEDTLS_ECP_HAVE_SECP256R1 */ void conf_curve() {