commit 298d6cc397b38e1ec641bdc13977c8a1ababb009
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Feb 14 11:34:47 2022 +0100
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Feb 14 13:00:32 2022 +0100
tree 15ff4bb6f600e0b81fffef853dcd863b11c8ec5d
parent 97f188289dd8991b7b7b69db4e9b333ebc4bdd74

Add mbedtls_ssl_check_curve_tls_id() (internal)

This can be used to validate the server's choice of group in the PSA
case (this will be done in the next commit).

Backport of 0d63b84fa49ecb758dbec4fd7a94df59fe8367ab with a very
different implementation, as 2.28 still stores the list of allowed
groups with their mbedtls_ecp group IDs, not the IANA/TLS group IDs
(changed by https://github.com/ARMmbed/mbedtls/pull/4859/ in 3.x).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c7265f1..bd0eb10 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7326,6 +7326,18 @@
 
     return( -1 );
 }
+
+/*
+ * Same as mbedtls_ssl_check_curve() but takes a TLS ID for the curve.
+ */
+int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id )
+{
+    const mbedtls_ecp_curve_info *curve_info =
+        mbedtls_ecp_curve_info_from_tls_id( tls_id );
+    if( curve_info == NULL )
+        return( -1 );
+    return( mbedtls_ssl_check_curve( ssl, curve_info->grp_id ) );
+}
 #endif /* MBEDTLS_ECP_C */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)