Async callback: use mbedtls_pk_check_pair to compare keys

In the current test code, the object that is used as a public key in
the certificate also contains a private key. However this is because
of the way the stest code is built and does not demonstrate the API in
a useful way. Use mbedtls_pk_check_pair, which is not what real-world
code would do (since the private key would typically be in an external
cryptoprocessor) but is a more representative placeholder.
This commit is contained in:
Gilles Peskine 2018-04-30 12:07:56 +02:00
parent a668c60186
commit 3dae1cfa3a

View file

@ -963,11 +963,14 @@ static int ssl_async_start( mbedtls_ssl_context *ssl,
mbedtls_printf( "Async %s callback: looking for DN=%s\n", op_name, dn );
}
/* Look for a private key that matches the public key in cert.
* Since this test code has the private key inside Mbed TLS,
* we call mbedtls_pk_check_pair to match a private key with the
* public key. */
for( slot = 0; slot < config_data->slots_used; slot++ )
{
if( memcmp( &config_data->slots[slot].cert->pk,
&cert->pk,
sizeof( cert->pk ) ) == 0 )
if( mbedtls_pk_check_pair( &cert->pk,
config_data->slots[slot].pk ) == 0 )
break;
}
if( slot == config_data->slots_used )