commit 7e9c2e0d81fe893c645d0bb5f48c5e777db0d1f8
author Hanno Becker <hanno.becker@arm.com> Wed Aug 21 17:05:20 2019 +0100
committer Hanno Becker <hanno.becker@arm.com> Wed Sep 04 16:17:45 2019 +0100
tree b22e8b6f061a449cbb8213d1a1f27d081ab9a468
parent 461fa723a1a1e9feb9db5e9bd77c34cb34caef29

TinyCrypt SSL: Adapt ssl_parse_certificate_verify() to TinyCrypt

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8e1c374..400d61f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7177,9 +7177,12 @@
      * Secondary checks: always done, but change 'ret' only if it was 0
      */
 
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT)
     {
         int ret;
+#if defined(MBEDTLS_USE_TINYCRYPT)
+        ret = mbedtls_ssl_check_curve( ssl, MBEDTLS_UECC_DP_SECP256R1 );
+#else /* MBEDTLS_USE_TINYCRYPT */
         mbedtls_pk_context *pk;
         ret = mbedtls_x509_crt_pk_acquire( chain, &pk );
         if( ret != 0 )
@@ -7190,9 +7193,12 @@
 
         /* If certificate uses an EC key, make sure the curve is OK */
         if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) )
+        {
             ret = mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id );
+        }
 
         mbedtls_x509_crt_pk_release( chain );
+#endif /* MBEDTLS_USE_TINYCRYPT */
 
         if( ret != 0 )
         {
@@ -7203,7 +7209,7 @@
                 verify_ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
         }
     }
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_C || MEDTLS_USE_TINYCRYPT */
 
     if( mbedtls_ssl_check_cert_usage( chain,
                                       ciphersuite_info,