commit 19ae6f62c7a4e6cf14bf61fcb6ea070d34e70f2a
author Jerry Yu <jerry.h.yu@arm.com> Fri Sep 30 09:22:21 2022 +0800
committer Jerry Yu <jerry.h.yu@arm.com> Fri Oct 07 10:11:05 2022 +0800
tree 07efe251ead3f1dfc75503b6e6324e1bbae0ac10
parent 25ab65478123884ab9222fe3a3949929bbbfb7a2

move ciphersuite validation to set_session

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

library/ssl_tls13_generic.c

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index abb7a14..56841c4 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1485,4 +1485,36 @@
 }
 #endif /* MBEDTLS_ECDH_C */
 
+int mbedtls_ssl_tls13_ciphersuite_to_alg( mbedtls_ssl_context *ssl,
+                                          int ciphersuite,
+                                          psa_algorithm_t *psa_alg )
+{
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL;
+    psa_algorithm_t alg;
+
+    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite );
+    if( psa_alg )
+        *psa_alg = PSA_ALG_NONE;
+
+    if( mbedtls_ssl_validate_ciphersuite(
+                        ssl, ciphersuite_info,
+                        MBEDTLS_SSL_VERSION_TLS1_3,
+                        MBEDTLS_SSL_VERSION_TLS1_3 ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 4, ( "%d is not valid.", ciphersuite ) );
+        return( MBEDTLS_ERR_SSL_INVALID_MAC );
+    }
+
+    alg = mbedtls_psa_translate_md( ciphersuite_info->mac );
+    if( alg == PSA_ALG_NONE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 4, ( "%d is not valid.", ciphersuite ) );
+        return( MBEDTLS_ERR_SSL_INVALID_MAC );
+    }
+
+    if( psa_alg )
+        *psa_alg = alg;
+    return( 0 );
+}
+
 #endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */