Add mbedtls_ssl_check_curve_tls_id() (internal)

This can be used to validate the server's choice of group in the PSA case (this will be done in the next commit). Backport of 0d63b84fa4 with a very different implementation, as 2.28 still stores the list of allowed groups with their mbedtls_ecp group IDs, not the IANA/TLS group IDs (changed by https://github.com/ARMmbed/mbedtls/pull/4859/ in 3.x). Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2025-07-30 22:43:08 +03:00 · 2022-02-14 11:34:47 +01:00
parent 97f188289d
commit 298d6cc397
2 changed files with 13 additions and 0 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -7326,6 +7326,18 @@ int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_i

    return( -1 );
 }
+
+/*
+ * Same as mbedtls_ssl_check_curve() but takes a TLS ID for the curve.
+ */
+int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id )
+{
+    const mbedtls_ecp_curve_info *curve_info =
+        mbedtls_ecp_curve_info_from_tls_id( tls_id );
+    if( curve_info == NULL )
+        return( -1 );
+    return( mbedtls_ssl_check_curve( ssl, curve_info->grp_id ) );
+}
 #endif /* MBEDTLS_ECP_C */

 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)