Fix missing check on server-chosen curve We had this check in the non-PSA case, but it was missing in the PSA case. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

commit: 141be6cc7faeb68296625670b851670542481ab6 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Jan 25 11:46:19 2022 +0100
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Feb 03 11:08:15 2022 +0100
tree: 4923b64c9ffe27f6e4b67e1df90f042733989903
parent: 0d63b84fa49ecb758dbec4fd7a94df59fe8367ab [diff] [blame]
diff --git a/ChangeLog.d/use-psa-ecdhe-curve.txt b/ChangeLog.d/use-psa-ecdhe-curve.txt
new file mode 100644
index 0000000..cc432bd
--- /dev/null
+++ b/ChangeLog.d/use-psa-ecdhe-curve.txt

@@ -0,0 +1,7 @@
+Bugfix
+   * Fix a bug in (D)TLS curve negotiation: when MBEDTLS_USE_PSA_CRYPTO was
+     enabled and an ECDHE-ECDSA or ECDHE-RSA key exchange was used, the
+     client would fail to check that the curve selected by the server for
+     ECDHE was indeed one that was offered. As a result, the client would
+     accept any curve that it supported, even if that curve was not allowed
+     according to its configuration.
commit	141be6cc7faeb68296625670b851670542481ab6	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Tue Jan 25 11:46:19 2022 +0100
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu Feb 03 11:08:15 2022 +0100
tree	4923b64c9ffe27f6e4b67e1df90f042733989903
parent	0d63b84fa49ecb758dbec4fd7a94df59fe8367ab [diff] [blame]