remove secp224[k|r]1 curves
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 7ea0174..aa1590f 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -231,8 +231,6 @@
#define MBEDTLS_SSL_IANA_TLS_GROUP_NONE 0
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 0x0012
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 0x0013
-#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 0x0014
-#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 0x0015
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 0x0016
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 0x0017
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 0x0018
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 72dc941..66e348c 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2245,8 +2245,6 @@
/* Below deprecated curves should be removed with notice to users */
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 ||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 ||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 ||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index dee8029..5709ab7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5893,9 +5893,6 @@
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
{ 26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256 },
#endif
-#if defined(PSA_WANT_ECC_SECP_R1_224)
- { 21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224 },
-#endif
#if defined(PSA_WANT_ECC_SECP_R1_192)
{ 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192 },
#endif
@@ -5966,8 +5963,6 @@
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1" },
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1" },
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1" },
- { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1" },
- { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1" },
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1" },
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1" },
{ MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519" },
diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c
index ad3feb6..d14ff66 100644
--- a/programs/ssl/ssl_test_lib.c
+++ b/programs/ssl/ssl_test_lib.c
@@ -505,11 +505,6 @@
#else
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 0 },
#endif
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
- { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 1 },
-#else
- { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 0 },
-#endif
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 1 },
#else
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 679f05a..940c661 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -263,7 +263,6 @@
'PSA_WANT_ECC_MONTGOMERY_255': ['MBEDTLS_ECP_DP_CURVE25519_ENABLED'],
'PSA_WANT_ECC_MONTGOMERY_448': ['MBEDTLS_ECP_DP_CURVE448_ENABLED'],
'PSA_WANT_ECC_SECP_R1_192': ['MBEDTLS_ECP_DP_SECP192R1_ENABLED'],
- 'PSA_WANT_ECC_SECP_R1_224': ['MBEDTLS_ECP_DP_SECP224R1_ENABLED'],
'PSA_WANT_ECC_SECP_R1_256': ['PSA_WANT_ALG_JPAKE',
'MBEDTLS_ECP_DP_SECP256R1_ENABLED'],
'PSA_WANT_ECC_SECP_R1_384': ['MBEDTLS_ECP_DP_SECP384R1_ENABLED'],
@@ -482,9 +481,7 @@
if alg.can_do(crypto_knowledge.AlgorithmCategory.HASH)}
# Find elliptic curve enabling macros by name.
- # MBEDTLS_ECP_DP_SECP224K1_ENABLED added to disable it for all curves
- curve_symbols = self.config_symbols_matching(r'PSA_WANT_ECC_\w+\Z|'
- r'MBEDTLS_ECP_DP_SECP224K1_ENABLED')
+ curve_symbols = self.config_symbols_matching(r'PSA_WANT_ECC_\w+\Z|')
# Find key exchange enabling macros by name.
key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z')
diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py
index 2267311..411cf0c 100755
--- a/tests/scripts/set_psa_test_dependencies.py
+++ b/tests/scripts/set_psa_test_dependencies.py
@@ -28,12 +28,10 @@
'MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN',
'MBEDTLS_CIPHER_PADDING_ZEROS',
#curve#'MBEDTLS_ECP_DP_SECP192R1_ENABLED',
- #curve#'MBEDTLS_ECP_DP_SECP224R1_ENABLED',
#curve#'MBEDTLS_ECP_DP_SECP256R1_ENABLED',
#curve#'MBEDTLS_ECP_DP_SECP384R1_ENABLED',
#curve#'MBEDTLS_ECP_DP_SECP521R1_ENABLED',
#curve#'MBEDTLS_ECP_DP_SECP192K1_ENABLED',
- #curve#'MBEDTLS_ECP_DP_SECP224K1_ENABLED',
#curve#'MBEDTLS_ECP_DP_SECP256K1_ENABLED',
#curve#'MBEDTLS_ECP_DP_BP256R1_ENABLED',
#curve#'MBEDTLS_ECP_DP_BP384R1_ENABLED',
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 60b970a..8d26cec 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2659,8 +2659,6 @@
run_test_psa_force_curve "secp256k1"
requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_256
run_test_psa_force_curve "brainpoolP256r1"
-requires_config_enabled PSA_WANT_ECC_SECP_R1_224
-run_test_psa_force_curve "secp224r1"
requires_config_enabled PSA_WANT_ECC_SECP_R1_192
run_test_psa_force_curve "secp192r1"
requires_config_enabled PSA_WANT_ECC_SECP_K1_192
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index c700803..ad274da 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3538,7 +3538,6 @@
void conf_group()
{
uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1,
- MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1,
MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
@@ -4050,11 +4049,6 @@
#else
TEST_UNAVAILABLE_ECC(26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256);
#endif
-#if defined(PSA_WANT_ECC_SECP_R1_224)
- TEST_AVAILABLE_ECC(21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224);
-#else
- TEST_UNAVAILABLE_ECC(21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224);
-#endif
#if defined(PSA_WANT_ECC_SECP_R1_192)
TEST_AVAILABLE_ECC(19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192);
#else