Remove secp256k1 from the default X.509 and TLS profiles For TLS, secp256k1 is deprecated by RFC 8422 §5.1.1. For X.509, secp256k1 is not deprecated, but it isn't used in practice, especially in the context of TLS where there isn't much point in having an X.509 certificate which most peers do not support. So remove it from the default profile. We can add it back later if there is demand. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: 39957503c56a1f1e8a7d76c64ec6ef25e30d561a [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Thu Jun 17 23:17:52 2021 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Thu Jun 17 23:17:52 2021 +0200
tree: e6cca9448226ffb8c3037a426add6c0b6ac026a6
parent: a03fb29666317a397fa76db9f0d826162b3225cb [diff] [blame]
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 6500445..f12ac6b 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c

@@ -114,7 +114,7 @@
     MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP256R1 ) |
     MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP384R1 ) |
     MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP512R1 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256K1 ),
+    0,
 #else
     0,
 #endif
commit	39957503c56a1f1e8a7d76c64ec6ef25e30d561a	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Jun 17 23:17:52 2021 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Jun 17 23:17:52 2021 +0200
tree	e6cca9448226ffb8c3037a426add6c0b6ac026a6
parent	a03fb29666317a397fa76db9f0d826162b3225cb [diff] [blame]