From 85e1dcff6a90d7aa3bbf3abce64ac97b775fda64 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Tue, 6 Feb 2018 15:59:38 +0200
Subject: [PATCH] Fix handshake failure in suite B

Fix handshake failure where PK key is translated as `MBEDTLS_ECKEY`
instead of `MBEDTLS_ECDSA`
---
 ChangeLog          | 6 ++++++
 library/x509_crt.c | 3 ++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 8db0215914..48529f3092 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Bugfix
+   * Fix handshake failure in NIST suite b, where the key was determined as
+     MBEDTLS_ECKEY instead of MBEDTLS_ECDSA.
+
 = mbed TLS 2.7.0 branch released 2018-02-03
 
 Security
diff --git a/library/x509_crt.c b/library/x509_crt.c
index c6209fb40d..0e28dac01c 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -133,7 +133,8 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
     MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
     MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ),
     /* Only ECDSA */
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ),
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) |
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ),
 #if defined(MBEDTLS_ECP_C)
     /* Only NIST P-256 and P-384 */
     MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |