Async callback: use mbedtls_pk_check_pair to compare keys

In the current test code, the object that is used as a public key in the certificate also contains a private key. However this is because of the way the stest code is built and does not demonstrate the API in a useful way. Use mbedtls_pk_check_pair, which is not what real-world code would do (since the private key would typically be in an external cryptoprocessor) but is a more representative placeholder.
2025-11-03 12:11:27 -05:00 · 2018-04-30 12:07:56 +02:00 · 2018-04-30 12:07:56 +02:00 · 26d01bcb5c
commit 26d01bcb5c
parent 1febfef561
1 changed files with 6 additions and 3 deletions
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -963,11 +963,14 @@ static int ssl_async_start( mbedtls_ssl_context *ssl,
        mbedtls_printf( "Async %s callback: looking for DN=%s\n", op_name, dn );
    }

+    /* Look for a private key that matches the public key in cert.
+     * Since this test code has the private key inside Mbed TLS,
+     * we call mbedtls_pk_check_pair to match a private key with the
+     * public key. */
    for( slot = 0; slot < config_data->slots_used; slot++ )
    {
-        if( memcmp( &config_data->slots[slot].cert->pk,
-                    &cert->pk,
-                    sizeof( cert->pk ) ) == 0 )
+        if( mbedtls_pk_check_pair( &cert->pk,
+                                   config_data->slots[slot].pk ) == 0 )
            break;
    }
    if( slot == config_data->slots_used )