From b1626fb619874a79f11c0e9f04ff426890e7623e Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 24 Jul 2019 11:54:54 +0100
Subject: [PATCH] tinyCrypt: Remove check for Secp256r1 in SrvKeyExch writing

The use of tinyCrypt is restricted Secp256r1-only, and a check in
ssl_ciphersuite_is_match() ensures that an EC ciphersuite is chosen
only if the client advertised support for Secp256r1, too.
---
 library/ssl_srv.c | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 319859611..435588ef2 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3398,14 +3398,6 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
                 0x04 /* Uncompressed */
             };
 
-            if( ssl->handshake->curve_tls_id != secp256r1_tls_id )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unsupported curve %u (expected %u)",
-                                            (unsigned) ssl->handshake->curve_tls_id,
-                                            secp256r1_tls_id ) );
-                return( MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN );
-            }
-
             if( !uECC_make_key( ssl->handshake->ecdh_ownpubkey,
                                 ssl->handshake->ecdh_privkey,
                                 uecc_curve ) )