commit d0405093d93959dcc0167fd9990a1180d51e3326
author Valerio Setti <valerio.setti@nordicsemi.no> Wed May 24 13:16:40 2023 +0200
committer Valerio Setti <valerio.setti@nordicsemi.no> Wed May 24 16:02:32 2023 +0200
tree b1437a28fccdf32d5ea3079759225d074765773a
parent 1194ffa82fc1a541e6fbb39e9d19b86238c7ab89

tls: use pk_get_group_id() instead of directly accessing PK's structure

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 2babb04..036b5a7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7388,17 +7388,11 @@
             /* and in the unlikely case the above assumption no longer holds
              * we are making sure that pk_ec() here does not return a NULL
              */
-            mbedtls_ecp_group_id grp_id;
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
-            grp_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0);
-#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
-            const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk);
-            if (ec == NULL) {
-                MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_pk_ec_ro() returned NULL"));
+            mbedtls_ecp_group_id grp_id = mbedtls_pk_get_group_id(pk);
+            if (grp_id == MBEDTLS_ECP_DP_NONE) {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("invalid group ID"));
                 return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
             }
-            grp_id = ec->grp.id;
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
             if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) {
                 ssl->session_negotiate->verify_result |=
                     MBEDTLS_X509_BADCERT_BAD_KEY;

library/ssl_tls12_server.c

diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index a442b37..b0a4fdf 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -2601,9 +2601,6 @@
     size_t key_len;
     mbedtls_pk_context *pk;
     mbedtls_ecp_group_id grp_id;
-#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
-    mbedtls_ecp_keypair *key;
-#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
 
     pk = mbedtls_ssl_own_key(ssl);
 
@@ -2611,6 +2608,10 @@
         return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
     }
 
+#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+    mbedtls_ecp_keypair *key = mbedtls_pk_ec_rw(*pk);
+#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
+
     switch (mbedtls_pk_get_type(pk)) {
         case MBEDTLS_PK_OPAQUE:
             if (!mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY)) {
@@ -2639,15 +2640,10 @@
         case MBEDTLS_PK_ECKEY:
         case MBEDTLS_PK_ECKEY_DH:
         case MBEDTLS_PK_ECDSA:
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
-            grp_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0);
-#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
-            key = mbedtls_pk_ec_rw(*pk);
-            if (key == NULL) {
+            grp_id = mbedtls_pk_get_group_id(pk);
+            if (grp_id == MBEDTLS_ECP_DP_NONE) {
                 return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
             }
-            grp_id = key->grp.id;
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
             tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id);
             if (tls_id == 0) {
                 /* This elliptic curve is not supported */