From 3dae1cfa3ab0e4c163b5a0f76e2708c000b7bdcb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 30 Apr 2018 12:07:56 +0200 Subject: [PATCH] Async callback: use mbedtls_pk_check_pair to compare keys In the current test code, the object that is used as a public key in the certificate also contains a private key. However this is because of the way the stest code is built and does not demonstrate the API in a useful way. Use mbedtls_pk_check_pair, which is not what real-world code would do (since the private key would typically be in an external cryptoprocessor) but is a more representative placeholder. --- programs/ssl/ssl_server2.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 876f8156c..d550b7c4c 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -963,11 +963,14 @@ static int ssl_async_start( mbedtls_ssl_context *ssl, mbedtls_printf( "Async %s callback: looking for DN=%s\n", op_name, dn ); } + /* Look for a private key that matches the public key in cert. + * Since this test code has the private key inside Mbed TLS, + * we call mbedtls_pk_check_pair to match a private key with the + * public key. */ for( slot = 0; slot < config_data->slots_used; slot++ ) { - if( memcmp( &config_data->slots[slot].cert->pk, - &cert->pk, - sizeof( cert->pk ) ) == 0 ) + if( mbedtls_pk_check_pair( &cert->pk, + config_data->slots[slot].pk ) == 0 ) break; } if( slot == config_data->slots_used )