From 0009b042ac876e05092643125fec0189d6d66e1f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 30 Jul 2025 22:51:53 +0200 Subject: [PATCH 1/5] library: ssl: replace mbedtls_pk_can_do_ext with mbedtls_pk_can_do_psa Signed-off-by: Valerio Setti --- library/ssl_tls.c | 4 ++-- library/ssl_tls12_server.c | 6 +++--- library/ssl_tls13_server.c | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 38db9cd10398..c6a119fcd2a0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8147,14 +8147,14 @@ unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( mbedtls_md_psa_alg_from_type(md_alg); if (sig_alg_received == MBEDTLS_SSL_SIG_ECDSA && - !mbedtls_pk_can_do_ext(ssl->handshake->key_cert->key, + !mbedtls_pk_can_do_psa(ssl->handshake->key_cert->key, PSA_ALG_ECDSA(psa_hash_alg), PSA_KEY_USAGE_SIGN_HASH)) { continue; } if (sig_alg_received == MBEDTLS_SSL_SIG_RSA && - !mbedtls_pk_can_do_ext(ssl->handshake->key_cert->key, + !mbedtls_pk_can_do_psa(ssl->handshake->key_cert->key, PSA_ALG_RSA_PKCS1V15_SIGN( psa_hash_alg), PSA_KEY_USAGE_SIGN_HASH)) { diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 256f1b1583e6..b8ee41a42342 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -693,11 +693,11 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl, int key_type_matches = 0; #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) key_type_matches = ((ssl->conf->f_async_sign_start != NULL || - mbedtls_pk_can_do_ext(cur->key, pk_alg, pk_usage)) && - mbedtls_pk_can_do_ext(&cur->cert->pk, pk_alg, pk_usage)); + mbedtls_pk_can_do_psa(cur->key, pk_alg, pk_usage)) && + mbedtls_pk_can_do_psa(&cur->cert->pk, pk_alg, pk_usage)); #else key_type_matches = ( - mbedtls_pk_can_do_ext(cur->key, pk_alg, pk_usage)); + mbedtls_pk_can_do_psa(cur->key, pk_alg, pk_usage)); #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ if (!key_type_matches) { MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: key type")); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index dc50bee868b9..2ca42f2444ad 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1160,7 +1160,7 @@ static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl) if (mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, &key_cert->cert->pk) && psa_alg != PSA_ALG_NONE && - mbedtls_pk_can_do_ext(&key_cert->cert->pk, psa_alg, + mbedtls_pk_can_do_psa(&key_cert->cert->pk, psa_alg, PSA_KEY_USAGE_SIGN_HASH) == 1 ) { ssl->handshake->key_cert = key_cert; From 7b2d72aaf078810436be7617817e87cadc36ce87 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 8 Sep 2025 13:36:08 +0200 Subject: [PATCH 2/5] ssl: replace PSA_ALG_ECDSA with MBEDTLS_PK_ALG_ECDSA When the key is parsed from PK it is assigned the pseudo-alg MBEDTLS_PK_ALG_ECDSA. Trying to run "mbedtls_pk_can_do_psa" with an hardcoded deterministc/randomized ECDSA can make the function to fail if the proper variant is not the one also used by PK. This commit fixes this problem. Signed-off-by: Valerio Setti --- library/ssl_ciphersuites.c | 2 +- library/ssl_tls.c | 2 +- library/ssl_tls13_server.c | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 39826eee6602..f7aaac29eed1 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -924,7 +924,7 @@ psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_cip mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); + return MBEDTLS_PK_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); default: return PSA_ALG_NONE; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c6a119fcd2a0..37e4259e55d4 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8148,7 +8148,7 @@ unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( if (sig_alg_received == MBEDTLS_SSL_SIG_ECDSA && !mbedtls_pk_can_do_psa(ssl->handshake->key_cert->key, - PSA_ALG_ECDSA(psa_hash_alg), + MBEDTLS_PK_ALG_ECDSA(psa_hash_alg), PSA_KEY_USAGE_SIGN_HASH)) { continue; } diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 2ca42f2444ad..8b60a7b30eb5 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1076,11 +1076,11 @@ static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg(uint16_t sig_alg) { switch (sig_alg) { case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: - return PSA_ALG_ECDSA(PSA_ALG_SHA_256); + return MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_256); case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: - return PSA_ALG_ECDSA(PSA_ALG_SHA_384); + return MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_384); case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: - return PSA_ALG_ECDSA(PSA_ALG_SHA_512); + return MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_512); case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: return PSA_ALG_RSA_PSS(PSA_ALG_SHA_256); case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: From bc611fe44c8fd262359220ad8d838b57c05327fc Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 8 Sep 2025 13:41:58 +0200 Subject: [PATCH 3/5] [tls12|tls13]_server: fix usage being checked on the certificate key Signed-off-by: Valerio Setti --- library/ssl_tls12_server.c | 3 ++- library/ssl_tls13_server.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index b8ee41a42342..07641cb3e8fa 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -694,7 +694,8 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) key_type_matches = ((ssl->conf->f_async_sign_start != NULL || mbedtls_pk_can_do_psa(cur->key, pk_alg, pk_usage)) && - mbedtls_pk_can_do_psa(&cur->cert->pk, pk_alg, pk_usage)); + mbedtls_pk_can_do_psa(&cur->cert->pk, pk_alg, + PSA_KEY_USAGE_VERIFY_HASH)); #else key_type_matches = ( mbedtls_pk_can_do_psa(cur->key, pk_alg, pk_usage)); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 8b60a7b30eb5..982e6f8c3b85 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1161,7 +1161,7 @@ static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl) *sig_alg, &key_cert->cert->pk) && psa_alg != PSA_ALG_NONE && mbedtls_pk_can_do_psa(&key_cert->cert->pk, psa_alg, - PSA_KEY_USAGE_SIGN_HASH) == 1 + PSA_KEY_USAGE_VERIFY_HASH) == 1 ) { ssl->handshake->key_cert = key_cert; MBEDTLS_SSL_DEBUG_MSG(3, From 91c0945def55514d6930bd4d255405796c2134e6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 8 Sep 2025 13:45:28 +0200 Subject: [PATCH 4/5] tests: fix alg and usage for some ECDHE-ECDSA opaque key tests Signed-off-by: Valerio Setti --- programs/ssl/ssl_test_lib.c | 4 ++-- tests/suites/test_suite_ssl.data | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 79d30593066f..a84bf24dc12a 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -242,7 +242,7 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2, *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_512); *usage |= PSA_KEY_USAGE_SIGN_HASH; } else if (strcmp(algs[i], "ecdsa-sign") == 0) { - *psa_algs[i] = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH); + *psa_algs[i] = MBEDTLS_PK_ALG_ECDSA(PSA_ALG_ANY_HASH); *usage |= PSA_KEY_USAGE_SIGN_HASH; } else if (strcmp(algs[i], "ecdh") == 0) { *psa_algs[i] = PSA_ALG_ECDH; @@ -253,7 +253,7 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2, } } else { if (key_type == MBEDTLS_PK_ECKEY) { - *psa_alg1 = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH); + *psa_alg1 = MBEDTLS_PK_ALG_ECDSA(PSA_ALG_ANY_HASH); *psa_alg2 = PSA_ALG_ECDH; *usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE; } else if (key_type == MBEDTLS_PK_RSA) { diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 6c5e718c60da..41416a67c4b9 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -457,11 +457,11 @@ handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM +handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":MBEDTLS_PK_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256 depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM +handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad alg depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH From e2aed3a6dfec889fcdf708c08e69a88e68e7c1dc Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 16 Sep 2025 10:27:03 +0200 Subject: [PATCH 5/5] tests: revert changes to test_suite_ssl.data Revert changes previously done at following test cases: - Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH - Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256 Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 41416a67c4b9..42542089468a 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -457,11 +457,11 @@ handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":MBEDTLS_PK_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM +handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":MBEDTLS_PK_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256 depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM +handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad alg depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH