Enabling the use of EC keys when doing TLS with mbedTLS backend. #3892
Conversation
@@ -343,7 +343,8 @@ mbed_connect_step1(struct connectdata *conn, | |||
if(SSL_SET_OPTION(key)) { | |||
ret = mbedtls_pk_parse_keyfile(&BACKEND->pk, SSL_SET_OPTION(key), | |||
SSL_SET_OPTION(key_passwd)); | |||
if(ret == 0 && !mbedtls_pk_can_do(&BACKEND->pk, MBEDTLS_PK_RSA)) | |||
if(ret == 0 && !( mbedtls_pk_can_do(&BACKEND->pk, MBEDTLS_PK_RSA) | |||
|| mbedtls_pk_can_do(&BACKEND->pk, MBEDTLS_PK_ECKEY))) |
bagder
May 16, 2019
Member
Is this MBEDTLS_PK_ECKEY
flag supported on all mbedtls versions or is there a risk that this will break the build for some?
Is this MBEDTLS_PK_ECKEY
flag supported on all mbedtls versions or is there a risk that this will break the build for some?
danielgustafsson
May 19, 2019
Member
A quick skim of the code seems to imply that usage of MBEDTLS_PK_ECKEY
depends on MBEDTLS_ECP_C
.
A quick skim of the code seems to imply that usage of MBEDTLS_PK_ECKEY
depends on MBEDTLS_ECP_C
.
DeuxVis
May 20, 2019
•
Author
Is this MBEDTLS_PK_ECKEY
flag supported on all mbedtls versions or is there a risk that this will break the build for some?
If you mean historically, I think it dates back from the polarssl days : ARMmbed/mbedtls@211a64c
So it probably have been available in all mbedtls versions.
Is this
MBEDTLS_PK_ECKEY
flag supported on all mbedtls versions or is there a risk that this will break the build for some?
If you mean historically, I think it dates back from the polarssl days : ARMmbed/mbedtls@211a64c
So it probably have been available in all mbedtls versions.
DeuxVis
May 20, 2019
Author
Yes confirmed, It then have been renamed to the actual name - without polarssl reference - in mbedtls release 2.0 : https://github.com/ARMmbed/mbedtls/blob/4cb87f409df0ddd878ea50cfca7dc8735ee574f2/include/mbedtls/pk.h#L74
Yes confirmed, It then have been renamed to the actual name - without polarssl reference - in mbedtls release 2.0 : https://github.com/ARMmbed/mbedtls/blob/4cb87f409df0ddd878ea50cfca7dc8735ee574f2/include/mbedtls/pk.h#L74
Thanks! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
No description provided.