Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upEnabling the use of EC keys when doing TLS with mbedTLS backend. #3892
Conversation
| @@ -343,7 +343,8 @@ mbed_connect_step1(struct connectdata *conn, | |||
| if(SSL_SET_OPTION(key)) { | |||
| ret = mbedtls_pk_parse_keyfile(&BACKEND->pk, SSL_SET_OPTION(key), | |||
| SSL_SET_OPTION(key_passwd)); | |||
| if(ret == 0 && !mbedtls_pk_can_do(&BACKEND->pk, MBEDTLS_PK_RSA)) | |||
| if(ret == 0 && !( mbedtls_pk_can_do(&BACKEND->pk, MBEDTLS_PK_RSA) | |||
| || mbedtls_pk_can_do(&BACKEND->pk, MBEDTLS_PK_ECKEY))) | |||
This comment has been minimized.
This comment has been minimized.
bagder
May 16, 2019
Member
Is this MBEDTLS_PK_ECKEY flag supported on all mbedtls versions or is there a risk that this will break the build for some?
This comment has been minimized.
This comment has been minimized.
danielgustafsson
May 19, 2019
Member
A quick skim of the code seems to imply that usage of MBEDTLS_PK_ECKEY depends on MBEDTLS_ECP_C.
This comment has been minimized.
This comment has been minimized.
DeuxVis
May 20, 2019
•
Author
Is this
MBEDTLS_PK_ECKEYflag supported on all mbedtls versions or is there a risk that this will break the build for some?
If you mean historically, I think it dates back from the polarssl days : ARMmbed/mbedtls@211a64c
So it probably have been available in all mbedtls versions.
This comment has been minimized.
This comment has been minimized.
DeuxVis
May 20, 2019
Author
Yes confirmed, It then have been renamed to the actual name - without polarssl reference - in mbedtls release 2.0 : https://github.com/ARMmbed/mbedtls/blob/4cb87f409df0ddd878ea50cfca7dc8735ee574f2/include/mbedtls/pk.h#L74
|
Thanks! |
DeuxVis commentedMay 16, 2019
No description provided.