Add mbedtls_ssl_check_curve_tls_id() (internal) This can be used to validate the server's choice of group in the PSA case (this will be done in the next commit). Note that new function doesn't depend on ECP_C, as it only requires mbedtls_ssl_get_groups(), which is always available. As a general rule, functions for defining and enforcing policy in the TLS module should not depend on low-level modules but work with TLS-level identifiers are much as possible, and this new function follows that principle. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

commit: 0d63b84fa49ecb758dbec4fd7a94df59fe8367ab [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Jan 18 13:10:56 2022 +0100
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Feb 03 11:08:15 2022 +0100
tree: 2ae0a55cabb3b8def573c3b7742d08cdbc179e3a
parent: 3caa0edb9ba026d41dd4f323767af175d44d3307 [diff] [blame]
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index ad358b3..f86e3c6 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h

@@ -1288,6 +1288,7 @@
 unsigned char mbedtls_ssl_hash_from_md_alg( int md );
 int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
 
+int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id );
 #if defined(MBEDTLS_ECP_C)
 int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
 #endif
commit	0d63b84fa49ecb758dbec4fd7a94df59fe8367ab	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Tue Jan 18 13:10:56 2022 +0100
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu Feb 03 11:08:15 2022 +0100
tree	2ae0a55cabb3b8def573c3b7742d08cdbc179e3a
parent	3caa0edb9ba026d41dd4f323767af175d44d3307 [diff] [blame]