Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enabling the use of EC keys when doing TLS with mbedTLS backend. #3892

Closed
wants to merge 1 commit into from

Conversation

@DeuxVis
Copy link

commented May 16, 2019

No description provided.

@bagder bagder added the SSL/TLS label May 16, 2019
@@ -343,7 +343,8 @@ mbed_connect_step1(struct connectdata *conn,
if(SSL_SET_OPTION(key)) {
ret = mbedtls_pk_parse_keyfile(&BACKEND->pk, SSL_SET_OPTION(key),
SSL_SET_OPTION(key_passwd));
if(ret == 0 && !mbedtls_pk_can_do(&BACKEND->pk, MBEDTLS_PK_RSA))
if(ret == 0 && !( mbedtls_pk_can_do(&BACKEND->pk, MBEDTLS_PK_RSA)
|| mbedtls_pk_can_do(&BACKEND->pk, MBEDTLS_PK_ECKEY)))

This comment has been minimized.

Copy link
@bagder

bagder May 16, 2019

Member

Is this MBEDTLS_PK_ECKEY flag supported on all mbedtls versions or is there a risk that this will break the build for some?

This comment has been minimized.

Copy link
@danielgustafsson

danielgustafsson May 19, 2019

Member

A quick skim of the code seems to imply that usage of MBEDTLS_PK_ECKEY depends on MBEDTLS_ECP_C.

This comment has been minimized.

Copy link
@DeuxVis

DeuxVis May 20, 2019

Author

Is this MBEDTLS_PK_ECKEY flag supported on all mbedtls versions or is there a risk that this will break the build for some?

If you mean historically, I think it dates back from the polarssl days : ARMmbed/mbedtls@211a64c

So it probably have been available in all mbedtls versions.

This comment has been minimized.

Copy link
@DeuxVis

DeuxVis May 20, 2019

Author

Yes confirmed, It then have been renamed to the actual name - without polarssl reference - in mbedtls release 2.0 : https://github.com/ARMmbed/mbedtls/blob/4cb87f409df0ddd878ea50cfca7dc8735ee574f2/include/mbedtls/pk.h#L74

@bagder

This comment has been minimized.

Copy link
Member

commented May 20, 2019

Thanks!

@bagder bagder closed this in 0da8441 May 20, 2019
@lock lock bot locked as resolved and limited conversation to collaborators Aug 18, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
3 participants
You can’t perform that action at this time.