Merge pull request #10533 from bjwtaylor/remove-pk_get_name

Replace mbedtls_pk_get_name with pk_key_type_to_string
2026-03-20 11:11:08 +01:00 · 2026-01-13 10:11:51 +00:00
parent fef622c2d0 095fe073c3
commit 1919ee4bb4
9 changed files with 55 additions and 28 deletions
--- a/2
+++ b/2
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -315,6 +315,16 @@ mbedtls_x509_san_list;
 */
 int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn);

+
+/**
+ * \brief            Return the key's type as a string.
+ *
+ * \param[in] pk     A mbedtls_pk_context struct containing the pk_key_type to
+                     convert
+ * \return           Returns a string describing the key type.
+ */
+const char *mbedtls_x509_pk_type_as_string(const mbedtls_pk_context *pk);
+
 /**
 * \brief            Convert the certificate DN string \p name into
 *                   a linked list of mbedtls_x509_name (equivalent to
--- a/library/x509.c
+++ b/library/x509.c
@@ -122,6 +122,23 @@ int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end,
    return 0;
 }

+/*
+ * Convert the key type to a string
+ */
+const char *mbedtls_x509_pk_type_as_string(const mbedtls_pk_context *pk)
+{
+    psa_key_type_t key_type;
+
+    key_type = mbedtls_pk_get_key_type(pk);
+    if (PSA_KEY_TYPE_IS_RSA(key_type)) {
+        return "RSA";
+    } else if (PSA_KEY_TYPE_IS_ECC(key_type)) {
+        return "EC";
+    } else {
+        return "NONE";
+    }
+}
+
 /*
 * Convert md type to string
 */
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1806,7 +1806,7 @@ int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix,

    /* Key size */
    if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON,
-                                            mbedtls_pk_get_name(&crt->pk))) != 0) {
+                                            mbedtls_x509_pk_type_as_string(&crt->pk))) != 0) {
        return ret;
    }

--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -551,7 +551,7 @@ int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix,
    MBEDTLS_X509_SAFE_SNPRINTF;

    if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON,
-                                            mbedtls_pk_get_name(&csr->pk))) != 0) {
+                                            mbedtls_x509_pk_type_as_string(&csr->pk))) != 0) {
        return ret;
    }

--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1770,7 +1770,7 @@ usage:

    mbedtls_printf(" ok (key type: %s)\n",
                   strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ?
-                   mbedtls_pk_get_name(&pkey) : "none");
+                   mbedtls_x509_pk_type_as_string(&pkey) : "none");
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */

    /*
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2723,8 +2723,8 @@ usage:
    }

    mbedtls_printf(" ok (key types: %s, %s)\n",
-                   key_cert_init ? mbedtls_pk_get_name(&pkey) : "none",
-                   key_cert_init2 ? mbedtls_pk_get_name(&pkey2) : "none");
+                   key_cert_init ? mbedtls_x509_pk_type_as_string(&pkey) : "none",
+                   key_cert_init2 ? mbedtls_x509_pk_type_as_string(&pkey2) : "none");
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */

 #if defined(SNI_OPTION)
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2266,7 +2266,7 @@ run_test    "Opaque key for client authentication: ECDHE-ECDSA" \
            "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \
             key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \
            0 \
-            -c "key type: Opaque" \
+            -c "key type: EC" \
            -c "Ciphersuite is TLS-ECDHE-ECDSA" \
            -s "Verifying peer X.509 certificate... ok" \
            -s "Ciphersuite is TLS-ECDHE-ECDSA" \
@@ -2284,7 +2284,7 @@ run_test    "Opaque key for client authentication: ECDHE-RSA" \
            "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
             key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
            0 \
-            -c "key type: Opaque" \
+            -c "key type: RSA" \
            -c "Ciphersuite is TLS-ECDHE-RSA" \
            -s "Verifying peer X.509 certificate... ok" \
            -s "Ciphersuite is TLS-ECDHE-RSA" \
@@ -2302,7 +2302,7 @@ run_test    "Opaque key for server authentication: ECDHE-ECDSA" \
            0 \
            -c "Verifying peer X.509 certificate... ok" \
            -c "Ciphersuite is TLS-ECDHE-ECDSA" \
-            -s "key types: Opaque, none" \
+            -s "key types: EC, none" \
            -s "Ciphersuite is TLS-ECDHE-ECDSA" \
            -S "error" \
            -C "error"
@@ -2315,7 +2315,7 @@ run_test    "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with
             debug_level=1" \
            "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \
            1 \
-            -s "key types: Opaque, none" \
+            -s "key types: EC, none" \
            -s "got ciphersuites in common, but none of them usable" \
            -s "error" \
            -c "error"
@@ -2334,7 +2334,7 @@ run_test    "Opaque keys for server authentication: EC keys with different algs,
            -c "Verifying peer X.509 certificate... ok" \
            -c "Ciphersuite is TLS-ECDHE-ECDSA" \
            -c "CN=Polarssl Test EC CA" \
-            -s "key types: Opaque, Opaque" \
+            -s "key types: EC, EC" \
            -s "Ciphersuite is TLS-ECDHE-ECDSA" \
            -S "error" \
            -C "error"
@@ -2352,7 +2352,7 @@ run_test    "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA"
            -c "Verifying peer X.509 certificate... ok" \
            -c "Ciphersuite is TLS-ECDHE-ECDSA" \
            -c "CN=Polarssl Test EC CA" \
-            -s "key types: Opaque, Opaque" \
+            -s "key types: EC, RSA" \
            -s "Ciphersuite is TLS-ECDHE-ECDSA" \
            -S "error" \
            -C "error"
@@ -2365,8 +2365,8 @@ run_test    "TLS 1.3 opaque key: no suitable algorithm found" \
            "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,none" \
            "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \
            1 \
-            -c "key type: Opaque" \
-            -s "key types: Opaque, Opaque" \
+            -c "key type: RSA" \
+            -s "key types: RSA, EC" \
            -c "error" \
            -s "no suitable signature algorithm"

@@ -2378,8 +2378,8 @@ run_test    "TLS 1.3 opaque key: suitable algorithm found" \
            "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \
            "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \
            0 \
-            -c "key type: Opaque" \
-            -s "key types: Opaque, Opaque" \
+            -c "key type: RSA" \
+            -s "key types: RSA, EC" \
            -C "error" \
            -S "error"

@@ -2391,7 +2391,7 @@ run_test    "TLS 1.3 opaque key: first client sig alg not suitable" \
            "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pss-sha512,none" \
            "$P_CLI debug_level=4 sig_algs=rsa_pss_rsae_sha256,rsa_pss_rsae_sha512" \
            0 \
-            -s "key types: Opaque, Opaque" \
+            -s "key types: RSA, EC" \
            -s "CertificateVerify signature failed with rsa_pss_rsae_sha256" \
            -s "CertificateVerify signature with rsa_pss_rsae_sha512" \
            -C "error" \
@@ -2405,8 +2405,8 @@ run_test    "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \
            "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \
            "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \
            0 \
-            -c "key type: Opaque" \
-            -s "key types: Opaque, Opaque" \
+            -c "key type: RSA" \
+            -s "key types: RSA, EC" \
            -C "error" \
            -S "error" \

@@ -2422,7 +2422,7 @@ run_test    "Opaque key for server authentication: ECDHE-RSA" \
            0 \
            -c "Verifying peer X.509 certificate... ok" \
            -c "Ciphersuite is TLS-ECDHE-RSA" \
-            -s "key types: Opaque, none" \
+            -s "key types: RSA, none" \
            -s "Ciphersuite is TLS-ECDHE-RSA" \
            -S "error" \
            -C "error"
@@ -2437,7 +2437,7 @@ run_test    "Opaque key for server authentication: ECDHE-RSA, PSS instead of PKC
            "$P_CLI crt_file=$DATA_FILES_PATH/server2-sha256.crt \
             key_file=$DATA_FILES_PATH/server2.key force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \
            1 \
-            -s "key types: Opaque, none" \
+            -s "key types: RSA, none" \
            -s "got ciphersuites in common, but none of them usable" \
            -s "error" \
            -c "error"
@@ -2457,7 +2457,7 @@ run_test    "Opaque keys for server authentication: RSA keys with different algs
            -c "Verifying peer X.509 certificate... ok" \
            -c "Ciphersuite is TLS-ECDHE-RSA" \
            -c "CN=Polarssl Test EC CA" \
-            -s "key types: Opaque, Opaque" \
+            -s "key types: RSA, RSA" \
            -s "Ciphersuite is TLS-ECDHE-RSA" \
            -S "error" \
            -C "error"
@@ -2477,7 +2477,7 @@ run_test    "Opaque keys for server authentication: EC + RSA, force ECDHE-RSA" \
            -c "Verifying peer X.509 certificate... ok" \
            -c "Ciphersuite is TLS-ECDHE-RSA" \
            -c "CN=Polarssl Test EC CA" \
-            -s "key types: Opaque, Opaque" \
+            -s "key types: EC, RSA" \
            -s "Ciphersuite is TLS-ECDHE-RSA" \
            -S "error" \
            -C "error"
@@ -2492,10 +2492,10 @@ run_test    "Opaque key for client/server authentication: ECDHE-ECDSA" \
            "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \
             key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \
            0 \
-            -c "key type: Opaque" \
+            -c "key type: EC" \
            -c "Verifying peer X.509 certificate... ok" \
            -c "Ciphersuite is TLS-ECDHE-ECDSA" \
-            -s "key types: Opaque, none" \
+            -s "key types: EC, none" \
            -s "Verifying peer X.509 certificate... ok" \
            -s "Ciphersuite is TLS-ECDHE-ECDSA" \
            -S "error" \
@@ -2512,10 +2512,10 @@ run_test    "Opaque key for client/server authentication: ECDHE-RSA" \
            "$P_CLI force_version=tls12 key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
             key_file=$DATA_FILES_PATH/server2.key  key_opaque_algs=rsa-sign-pkcs1,none" \
            0 \
-            -c "key type: Opaque" \
+            -c "key type: RSA" \
            -c "Verifying peer X.509 certificate... ok" \
            -c "Ciphersuite is TLS-ECDHE-RSA" \
-            -s "key types: Opaque, none" \
+            -s "key types: RSA, none" \
            -s "Verifying peer X.509 certificate... ok" \
            -s "Ciphersuite is TLS-ECDHE-RSA" \
            -S "error" \
--- a/2
+++ b/2