TinyCrypt SSL: Adapt ssl_parse_certificate_verify() to TinyCrypt
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8e1c374..400d61f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7177,9 +7177,12 @@
* Secondary checks: always done, but change 'ret' only if it was 0
*/
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT)
{
int ret;
+#if defined(MBEDTLS_USE_TINYCRYPT)
+ ret = mbedtls_ssl_check_curve( ssl, MBEDTLS_UECC_DP_SECP256R1 );
+#else /* MBEDTLS_USE_TINYCRYPT */
mbedtls_pk_context *pk;
ret = mbedtls_x509_crt_pk_acquire( chain, &pk );
if( ret != 0 )
@@ -7190,9 +7193,12 @@
/* If certificate uses an EC key, make sure the curve is OK */
if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) )
+ {
ret = mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id );
+ }
mbedtls_x509_crt_pk_release( chain );
+#endif /* MBEDTLS_USE_TINYCRYPT */
if( ret != 0 )
{
@@ -7203,7 +7209,7 @@
verify_ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
}
}
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_C || MEDTLS_USE_TINYCRYPT */
if( mbedtls_ssl_check_cert_usage( chain,
ciphersuite_info,