Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enabling the use of EC keys when doing TLS with mbedTLS backend. #3892

Closed
wants to merge 1 commit into from
Closed

Enabling the use of EC keys when doing TLS with mbedTLS backend. #3892

wants to merge 1 commit into from

Conversation

DeuxVis
Copy link

@DeuxVis DeuxVis commented May 16, 2019

No description provided.

@bagder bagder added the TLS label May 16, 2019
bagder
bagder reviewed May 16, 2019
View changes
lib/vtls/mbedtls.c
@@ -343,7 +343,8 @@ mbed_connect_step1(struct connectdata *conn,
if(SSL_SET_OPTION(key)) {
ret = mbedtls_pk_parse_keyfile(&BACKEND->pk, SSL_SET_OPTION(key),
SSL_SET_OPTION(key_passwd));
if(ret == 0 && !mbedtls_pk_can_do(&BACKEND->pk, MBEDTLS_PK_RSA))
if(ret == 0 && !( mbedtls_pk_can_do(&BACKEND->pk, MBEDTLS_PK_RSA)
|| mbedtls_pk_can_do(&BACKEND->pk, MBEDTLS_PK_ECKEY)))
Copy link
Member

@bagder bagder May 16, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this MBEDTLS_PK_ECKEY flag supported on all mbedtls versions or is there a risk that this will break the build for some?

Copy link
Member

@danielgustafsson danielgustafsson May 19, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A quick skim of the code seems to imply that usage of MBEDTLS_PK_ECKEY depends on MBEDTLS_ECP_C.

Copy link
Author

@DeuxVis DeuxVis May 20, 2019
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this MBEDTLS_PK_ECKEY flag supported on all mbedtls versions or is there a risk that this will break the build for some?

If you mean historically, I think it dates back from the polarssl days : Mbed-TLS/mbedtls@211a64c

So it probably have been available in all mbedtls versions.

Copy link
Author

@DeuxVis DeuxVis May 20, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes confirmed, It then have been renamed to the actual name - without polarssl reference - in mbedtls release 2.0 : https://github.com/ARMmbed/mbedtls/blob/4cb87f409df0ddd878ea50cfca7dc8735ee574f2/include/mbedtls/pk.h#L74

@bagder
Copy link
Member

@bagder bagder commented May 20, 2019

Thanks!

@lock lock bot locked as resolved and limited conversation to collaborators Aug 18, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bagder bagder

@danielgustafsson danielgustafsson

Assignees
No one assigned
Labels
TLS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@DeuxVis @bagder @danielgustafsson @zapoig