Add mbedtls_ssl_check_curve_tls_id() (internal) This can be used to validate the server's choice of group in the PSA case (this will be done in the next commit). Backport of 0d63b84fa49ecb758dbec4fd7a94df59fe8367ab with a very different implementation, as 2.28 still stores the list of allowed groups with their mbedtls_ecp group IDs, not the IANA/TLS group IDs (changed by https://github.com/ARMmbed/mbedtls/pull/4859/ in 3.x). Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

commit: 298d6cc397b38e1ec641bdc13977c8a1ababb009 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Feb 14 11:34:47 2022 +0100
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Feb 14 13:00:32 2022 +0100
tree: 15ff4bb6f600e0b81fffef853dcd863b11c8ec5d
parent: 97f188289dd8991b7b7b69db4e9b333ebc4bdd74 [diff] [blame]
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 6913dc0..f50cf9f 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h

@@ -1112,6 +1112,7 @@
 
 #if defined(MBEDTLS_ECP_C)
 int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
+int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id );
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
commit	298d6cc397b38e1ec641bdc13977c8a1ababb009	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Mon Feb 14 11:34:47 2022 +0100
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Mon Feb 14 13:00:32 2022 +0100
tree	15ff4bb6f600e0b81fffef853dcd863b11c8ec5d
parent	97f188289dd8991b7b7b69db4e9b333ebc4bdd74 [diff] [blame]