Fix handshake failure in suite B

Fix handshake failure where PK key is translated as `MBEDTLS_ECKEY` instead of `MBEDTLS_ECDSA`
2025-10-22 08:27:09 +00:00 · 2018-02-06 15:59:38 +02:00 · 2018-02-06 15:59:38 +02:00 · 85e1dcff6a
parent 32605dc830
commit 85e1dcff6a
2 changed files with 8 additions and 1 deletions
--- a/6
+++ b/6
@ -1,5 +1,11 @@
 mbed TLS ChangeLog (Sorted per branch, date)

+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Bugfix
+   * Fix handshake failure in NIST suite b, where the key was determined as
+     MBEDTLS_ECKEY instead of MBEDTLS_ECDSA.
+
 = mbed TLS 2.7.0 branch released 2018-02-03

 Security
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -133,7 +133,8 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ),
    /* Only ECDSA */
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ),
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) |
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ),
 #if defined(MBEDTLS_ECP_C)
    /* Only NIST P-256 and P-384 */
    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |