Async callback: use mbedtls_pk_check_pair to compare keys
In the current test code, the object that is used as a public key in
the certificate also contains a private key. However this is because
of the way the stest code is built and does not demonstrate the API in
a useful way. Use mbedtls_pk_check_pair, which is not what real-world
code would do (since the private key would typically be in an external
cryptoprocessor) but is a more representative placeholder.
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 876f815..d550b7c 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -963,11 +963,14 @@
mbedtls_printf( "Async %s callback: looking for DN=%s\n", op_name, dn );
}
+ /* Look for a private key that matches the public key in cert.
+ * Since this test code has the private key inside Mbed TLS,
+ * we call mbedtls_pk_check_pair to match a private key with the
+ * public key. */
for( slot = 0; slot < config_data->slots_used; slot++ )
{
- if( memcmp( &config_data->slots[slot].cert->pk,
- &cert->pk,
- sizeof( cert->pk ) ) == 0 )
+ if( mbedtls_pk_check_pair( &cert->pk,
+ config_data->slots[slot].pk ) == 0 )
break;
}
if( slot == config_data->slots_used )