commit dd1fb9e37eae2c53d42dd78bfed9f5f2766ba4eb
author Jerry Yu <jerry.h.yu@arm.com> Wed Sep 15 11:10:15 2021 +0800
committer Jerry Yu <jerry.h.yu@arm.com> Wed Sep 15 11:10:15 2021 +0800
tree c0f9221794e3d310bb54602012bb507e64945519
parent bdc71888fcedae2d85b367452bc618c63c138a88

add mbedtls_ecdh_setup_no_everest

Setup ecdh without everest for TLS1.3

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

library/ecdh.c

diff --git a/library/ecdh.c b/library/ecdh.c
index b931947..4d73da0 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -787,6 +787,25 @@
 #endif
 }
 
+/*
+ * Setup context without everst
+ */
+int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx,
+                                   mbedtls_ecp_group_id grp_id )
+{
+    ECDH_VALIDATE_RET( ctx != NULL );
+
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+    return( ecdh_setup_internal( ctx, grp_id ) );
+#else
+    ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
+    ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
+    ctx->grp_id = grp_id;
+    ecdh_init_internal( &ctx->ctx.mbed_ecdh );
+    return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) );
+#endif
+}
+
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #endif /* MBEDTLS_ECDH_C */

library/ecdh_misc.h

diff --git a/library/ecdh_misc.h b/library/ecdh_misc.h
index 3d75b0f..c377e70 100644
--- a/library/ecdh_misc.h
+++ b/library/ecdh_misc.h
@@ -22,11 +22,20 @@
 #if !defined(MBEDTLS_ECDH_MISC_H)
 #define MBEDTLS_ECDH_MISC_H
 
+#include "mbedtls/ecdh.h"
+#include "mbedtls/ecp.h"
+
 #if defined(MBEDTLS_ECDH_C)
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 
 /*
+ * Setup context without everst
+ */
+int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx,
+                                   mbedtls_ecp_group_id grp_id );
+
+/*
  * TLS 1.3 version of mbedtls_ecdh_make_params in ecdh.h
  */
 int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
@@ -34,6 +43,7 @@
                                     int ( *f_rng )( void *, unsigned char *, size_t ),
                                     void *p_rng );
 
+
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #endif /* MBEDTLS_ECDH_C */

library/ssl_tls13_client.c

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 0190ee5..91f1b0c 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -272,8 +272,8 @@
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "offer curve %s", curve_info->name ) );
 
-    if( ( ret = mbedtls_ecdh_setup( &ssl->handshake->ecdh_ctx,
-                                    curve_info->grp_id ) ) != 0 )
+    if( ( ret = mbedtls_ecdh_setup_no_everest( &ssl->handshake->ecdh_ctx,
+                                               curve_info->grp_id ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecp_group_load", ret );
         return( ret );