From 2481daa309da5d51ffeae42ccf7dcd587dda721f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 9 Dec 2025 08:11:28 +0000 Subject: [PATCH 1/9] Replace mbedtls_pk_get_name with pk_key_type_to_string Signed-off-by: Ben Taylor --- include/mbedtls/x509.h | 10 ++++++++++ library/x509.c | 17 +++++++++++++++++ library/x509_crt.c | 2 +- library/x509_csr.c | 2 +- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 4 ++-- 6 files changed, 32 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 8b6a1daee5..17890f892b 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -315,6 +315,16 @@ mbedtls_x509_san_list; */ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn); + +/** + * \brief Convert the pk_key_type to a string. + * + * \param[in] pk A mbedtls_pk_context struct containing the pk_key_type to + convert + * \return A pointer to a string containing the pk_key_type. + */ +const char *pk_key_type_to_string(const mbedtls_pk_context *pk); + /** * \brief Convert the certificate DN string \p name into * a linked list of mbedtls_x509_name (equivalent to diff --git a/library/x509.c b/library/x509.c index 1adff8fafc..6b7868dfc7 100644 --- a/library/x509.c +++ b/library/x509.c @@ -122,6 +122,23 @@ int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end, return 0; } +/* + * Convert pk_key_type to a string + */ +const char *pk_key_type_to_string(const mbedtls_pk_context *pk) +{ + psa_key_type_t key_type; + + key_type = mbedtls_pk_get_key_type(pk); + if(PSA_KEY_TYPE_IS_RSA(key_type)){ + return "RSA"; + } else if(PSA_KEY_TYPE_IS_ECC(key_type)){ + return "EC"; + } else { + return "NONE"; + } +} + /* * Convert md type to string */ diff --git a/library/x509_crt.c b/library/x509_crt.c index 61dca746a3..d6411c6fe1 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1806,7 +1806,7 @@ int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, /* Key size */ if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON, - mbedtls_pk_get_name(&crt->pk))) != 0) { + pk_key_type_to_string(&crt->pk))) != 0) { return ret; } diff --git a/library/x509_csr.c b/library/x509_csr.c index 32a3bb2e78..781d73804b 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -551,7 +551,7 @@ int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix, MBEDTLS_X509_SAFE_SNPRINTF; if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON, - mbedtls_pk_get_name(&csr->pk))) != 0) { + pk_key_type_to_string(&csr->pk))) != 0) { return ret; } diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index b099fded5a..c359d16586 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1770,7 +1770,7 @@ usage: mbedtls_printf(" ok (key type: %s)\n", strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ? - mbedtls_pk_get_name(&pkey) : "none"); + pk_key_type_to_string(&pkey) : "none"); #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ /* diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 64fd45952f..ec5c0413f9 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2723,8 +2723,8 @@ usage: } mbedtls_printf(" ok (key types: %s, %s)\n", - key_cert_init ? mbedtls_pk_get_name(&pkey) : "none", - key_cert_init2 ? mbedtls_pk_get_name(&pkey2) : "none"); + key_cert_init ? pk_key_type_to_string(&pkey) : "none", + key_cert_init2 ? pk_key_type_to_string(&pkey2) : "none"); #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(SNI_OPTION) From f9b95cedaa95f8efdb5da5c6a1c8f7dece2c4801 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 9 Dec 2025 08:22:42 +0000 Subject: [PATCH 2/9] Fix style issues Signed-off-by: Ben Taylor --- include/mbedtls/x509.h | 2 +- library/x509.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 17890f892b..0fedd3ffa7 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -319,7 +319,7 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn); /** * \brief Convert the pk_key_type to a string. * - * \param[in] pk A mbedtls_pk_context struct containing the pk_key_type to + * \param[in] pk A mbedtls_pk_context struct containing the pk_key_type to convert * \return A pointer to a string containing the pk_key_type. */ diff --git a/library/x509.c b/library/x509.c index 6b7868dfc7..b55214f076 100644 --- a/library/x509.c +++ b/library/x509.c @@ -130,9 +130,9 @@ const char *pk_key_type_to_string(const mbedtls_pk_context *pk) psa_key_type_t key_type; key_type = mbedtls_pk_get_key_type(pk); - if(PSA_KEY_TYPE_IS_RSA(key_type)){ + if (PSA_KEY_TYPE_IS_RSA(key_type)) { return "RSA"; - } else if(PSA_KEY_TYPE_IS_ECC(key_type)){ + } else if (PSA_KEY_TYPE_IS_ECC(key_type)) { return "EC"; } else { return "NONE"; From 837a3cec4049a8f1e328125f3404188043f9d843 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 9 Dec 2025 14:51:42 +0000 Subject: [PATCH 3/9] rename function Signed-off-by: Ben Taylor --- include/mbedtls/x509.h | 2 +- library/x509.c | 2 +- library/x509_crt.c | 2 +- library/x509_csr.c | 2 +- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 4 ++-- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 0fedd3ffa7..fca706f13b 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -323,7 +323,7 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn); convert * \return A pointer to a string containing the pk_key_type. */ -const char *pk_key_type_to_string(const mbedtls_pk_context *pk); +const char *mbedtls_pk_key_type_to_string(const mbedtls_pk_context *pk); /** * \brief Convert the certificate DN string \p name into diff --git a/library/x509.c b/library/x509.c index b55214f076..6ec1bb13df 100644 --- a/library/x509.c +++ b/library/x509.c @@ -125,7 +125,7 @@ int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end, /* * Convert pk_key_type to a string */ -const char *pk_key_type_to_string(const mbedtls_pk_context *pk) +const char *mbedtls_pk_key_type_to_string(const mbedtls_pk_context *pk) { psa_key_type_t key_type; diff --git a/library/x509_crt.c b/library/x509_crt.c index d6411c6fe1..48ebb12bab 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1806,7 +1806,7 @@ int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, /* Key size */ if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON, - pk_key_type_to_string(&crt->pk))) != 0) { + mbedtls_pk_key_type_to_string(&crt->pk))) != 0) { return ret; } diff --git a/library/x509_csr.c b/library/x509_csr.c index 781d73804b..94b22372ed 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -551,7 +551,7 @@ int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix, MBEDTLS_X509_SAFE_SNPRINTF; if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON, - pk_key_type_to_string(&csr->pk))) != 0) { + mbedtls_pk_key_type_to_string(&csr->pk))) != 0) { return ret; } diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index c359d16586..b2db36f676 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1770,7 +1770,7 @@ usage: mbedtls_printf(" ok (key type: %s)\n", strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ? - pk_key_type_to_string(&pkey) : "none"); + mbedtls_pk_key_type_to_string(&pkey) : "none"); #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ /* diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index ec5c0413f9..a44c38c436 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2723,8 +2723,8 @@ usage: } mbedtls_printf(" ok (key types: %s, %s)\n", - key_cert_init ? pk_key_type_to_string(&pkey) : "none", - key_cert_init2 ? pk_key_type_to_string(&pkey2) : "none"); + key_cert_init ? mbedtls_pk_key_type_to_string(&pkey) : "none", + key_cert_init2 ? mbedtls_pk_key_type_to_string(&pkey2) : "none"); #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(SNI_OPTION) From 81deeb8a5a1da1d2795222113fca717e403263b7 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 11 Dec 2025 10:46:40 +0000 Subject: [PATCH 4/9] Update ssl-opt to remove Opaque key types Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 22377b8d04..5d077d7c48 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2365,8 +2365,8 @@ run_test "TLS 1.3 opaque key: no suitable algorithm found" \ "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,none" \ "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ 1 \ - -c "key type: Opaque" \ - -s "key types: Opaque, Opaque" \ + -c "key type: RSA" \ + -s "key types: RSA, EC" \ -c "error" \ -s "no suitable signature algorithm" @@ -2378,8 +2378,8 @@ run_test "TLS 1.3 opaque key: suitable algorithm found" \ "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ 0 \ - -c "key type: Opaque" \ - -s "key types: Opaque, Opaque" \ + -c "key type: RSA" \ + -s "key types: RSA, EC" \ -C "error" \ -S "error" @@ -2391,7 +2391,7 @@ run_test "TLS 1.3 opaque key: first client sig alg not suitable" \ "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pss-sha512,none" \ "$P_CLI debug_level=4 sig_algs=rsa_pss_rsae_sha256,rsa_pss_rsae_sha512" \ 0 \ - -s "key types: Opaque, Opaque" \ + -s "key types: RSA, EC" \ -s "CertificateVerify signature failed with rsa_pss_rsae_sha256" \ -s "CertificateVerify signature with rsa_pss_rsae_sha512" \ -C "error" \ @@ -2405,8 +2405,8 @@ run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \ "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ 0 \ - -c "key type: Opaque" \ - -s "key types: Opaque, Opaque" \ + -c "key type: RSA" \ + -s "key types: RSA, EC" \ -C "error" \ -S "error" \ From 98e958c91e97a5dde7796052b64ab3abbb9e4197 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 22 Dec 2025 15:31:22 +0000 Subject: [PATCH 5/9] Update ssl-opt tests as wrapped keys now expose the underlying type Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5d077d7c48..d183ad1a4f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2266,7 +2266,7 @@ run_test "Opaque key for client authentication: ECDHE-ECDSA" \ "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \ 0 \ - -c "key type: Opaque" \ + -c "key type: RSA" \ -c "Ciphersuite is TLS-ECDHE-ECDSA" \ -s "Verifying peer X.509 certificate... ok" \ -s "Ciphersuite is TLS-ECDHE-ECDSA" \ @@ -2284,7 +2284,7 @@ run_test "Opaque key for client authentication: ECDHE-RSA" \ "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ 0 \ - -c "key type: Opaque" \ + -c "key type: RSA" \ -c "Ciphersuite is TLS-ECDHE-RSA" \ -s "Verifying peer X.509 certificate... ok" \ -s "Ciphersuite is TLS-ECDHE-RSA" \ @@ -2302,7 +2302,7 @@ run_test "Opaque key for server authentication: ECDHE-ECDSA" \ 0 \ -c "Verifying peer X.509 certificate... ok" \ -c "Ciphersuite is TLS-ECDHE-ECDSA" \ - -s "key types: Opaque, none" \ + -s "key types: EC, none" \ -s "Ciphersuite is TLS-ECDHE-ECDSA" \ -S "error" \ -C "error" @@ -2315,7 +2315,7 @@ run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with debug_level=1" \ "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ 1 \ - -s "key types: Opaque, none" \ + -s "key types: EC, none" \ -s "got ciphersuites in common, but none of them usable" \ -s "error" \ -c "error" @@ -2334,7 +2334,7 @@ run_test "Opaque keys for server authentication: EC keys with different algs, -c "Verifying peer X.509 certificate... ok" \ -c "Ciphersuite is TLS-ECDHE-ECDSA" \ -c "CN=Polarssl Test EC CA" \ - -s "key types: Opaque, Opaque" \ + -s "key types: EC, EC" \ -s "Ciphersuite is TLS-ECDHE-ECDSA" \ -S "error" \ -C "error" @@ -2352,7 +2352,7 @@ run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" -c "Verifying peer X.509 certificate... ok" \ -c "Ciphersuite is TLS-ECDHE-ECDSA" \ -c "CN=Polarssl Test EC CA" \ - -s "key types: Opaque, Opaque" \ + -s "key types: EC, RSA" \ -s "Ciphersuite is TLS-ECDHE-ECDSA" \ -S "error" \ -C "error" @@ -2422,7 +2422,7 @@ run_test "Opaque key for server authentication: ECDHE-RSA" \ 0 \ -c "Verifying peer X.509 certificate... ok" \ -c "Ciphersuite is TLS-ECDHE-RSA" \ - -s "key types: Opaque, none" \ + -s "key types: RSA, none" \ -s "Ciphersuite is TLS-ECDHE-RSA" \ -S "error" \ -C "error" @@ -2437,7 +2437,7 @@ run_test "Opaque key for server authentication: ECDHE-RSA, PSS instead of PKC "$P_CLI crt_file=$DATA_FILES_PATH/server2-sha256.crt \ key_file=$DATA_FILES_PATH/server2.key force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 1 \ - -s "key types: Opaque, none" \ + -s "key types: RSA, none" \ -s "got ciphersuites in common, but none of them usable" \ -s "error" \ -c "error" @@ -2457,7 +2457,7 @@ run_test "Opaque keys for server authentication: RSA keys with different algs -c "Verifying peer X.509 certificate... ok" \ -c "Ciphersuite is TLS-ECDHE-RSA" \ -c "CN=Polarssl Test EC CA" \ - -s "key types: Opaque, Opaque" \ + -s "key types: RSA, RSA" \ -s "Ciphersuite is TLS-ECDHE-RSA" \ -S "error" \ -C "error" @@ -2477,7 +2477,7 @@ run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-RSA" \ -c "Verifying peer X.509 certificate... ok" \ -c "Ciphersuite is TLS-ECDHE-RSA" \ -c "CN=Polarssl Test EC CA" \ - -s "key types: Opaque, Opaque" \ + -s "key types: EC, RSA" \ -s "Ciphersuite is TLS-ECDHE-RSA" \ -S "error" \ -C "error" @@ -2495,7 +2495,7 @@ run_test "Opaque key for client/server authentication: ECDHE-ECDSA" \ -c "key type: Opaque" \ -c "Verifying peer X.509 certificate... ok" \ -c "Ciphersuite is TLS-ECDHE-ECDSA" \ - -s "key types: Opaque, none" \ + -s "key types: EC, none" \ -s "Verifying peer X.509 certificate... ok" \ -s "Ciphersuite is TLS-ECDHE-ECDSA" \ -S "error" \ @@ -2512,10 +2512,10 @@ run_test "Opaque key for client/server authentication: ECDHE-RSA" \ "$P_CLI force_version=tls12 key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ 0 \ - -c "key type: Opaque" \ + -c "key type: EC" \ -c "Verifying peer X.509 certificate... ok" \ -c "Ciphersuite is TLS-ECDHE-RSA" \ - -s "key types: Opaque, none" \ + -s "key types: RSA, none" \ -s "Verifying peer X.509 certificate... ok" \ -s "Ciphersuite is TLS-ECDHE-RSA" \ -S "error" \ From f77d7491270797919ba3aa7d265222c3a4f7df8d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 23 Dec 2025 08:25:21 +0000 Subject: [PATCH 6/9] Further updates to ssl-opt tests as wrapped keys now expose the underlying type Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d183ad1a4f..ab727e6a48 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2266,7 +2266,7 @@ run_test "Opaque key for client authentication: ECDHE-ECDSA" \ "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \ 0 \ - -c "key type: RSA" \ + -c "key type: EC" \ -c "Ciphersuite is TLS-ECDHE-ECDSA" \ -s "Verifying peer X.509 certificate... ok" \ -s "Ciphersuite is TLS-ECDHE-ECDSA" \ @@ -2492,7 +2492,7 @@ run_test "Opaque key for client/server authentication: ECDHE-ECDSA" \ "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \ 0 \ - -c "key type: Opaque" \ + -c "key type: EC" \ -c "Verifying peer X.509 certificate... ok" \ -c "Ciphersuite is TLS-ECDHE-ECDSA" \ -s "key types: EC, none" \ @@ -2512,7 +2512,7 @@ run_test "Opaque key for client/server authentication: ECDHE-RSA" \ "$P_CLI force_version=tls12 key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ 0 \ - -c "key type: EC" \ + -c "key type: RSA" \ -c "Verifying peer X.509 certificate... ok" \ -c "Ciphersuite is TLS-ECDHE-RSA" \ -s "key types: RSA, none" \ From 085aef59ca1201416e04df71d93ef12dc96f910b Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 2 Jan 2026 09:34:36 +0000 Subject: [PATCH 7/9] Change function name from mbedtls_pk_key_type_to_string to mbedtls_x509_pk_type_as_string Signed-off-by: Ben Taylor --- include/mbedtls/x509.h | 4 ++-- library/x509.c | 2 +- library/x509_crt.c | 2 +- library/x509_csr.c | 2 +- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 4 ++-- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index fca706f13b..fb0c314668 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -321,9 +321,9 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn); * * \param[in] pk A mbedtls_pk_context struct containing the pk_key_type to convert - * \return A pointer to a string containing the pk_key_type. + * \return Returns a string describing the key type. */ -const char *mbedtls_pk_key_type_to_string(const mbedtls_pk_context *pk); +const char *mbedtls_x509_pk_type_as_string(const mbedtls_pk_context *pk); /** * \brief Convert the certificate DN string \p name into diff --git a/library/x509.c b/library/x509.c index 6ec1bb13df..67a6baa4c8 100644 --- a/library/x509.c +++ b/library/x509.c @@ -125,7 +125,7 @@ int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end, /* * Convert pk_key_type to a string */ -const char *mbedtls_pk_key_type_to_string(const mbedtls_pk_context *pk) +const char *mbedtls_x509_pk_type_as_string(const mbedtls_pk_context *pk) { psa_key_type_t key_type; diff --git a/library/x509_crt.c b/library/x509_crt.c index 48ebb12bab..59c3204467 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1806,7 +1806,7 @@ int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, /* Key size */ if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON, - mbedtls_pk_key_type_to_string(&crt->pk))) != 0) { + mbedtls_x509_pk_type_as_string(&crt->pk))) != 0) { return ret; } diff --git a/library/x509_csr.c b/library/x509_csr.c index 94b22372ed..3e8e407b26 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -551,7 +551,7 @@ int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix, MBEDTLS_X509_SAFE_SNPRINTF; if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON, - mbedtls_pk_key_type_to_string(&csr->pk))) != 0) { + mbedtls_x509_pk_type_as_string(&csr->pk))) != 0) { return ret; } diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index b2db36f676..a7ef41aa15 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1770,7 +1770,7 @@ usage: mbedtls_printf(" ok (key type: %s)\n", strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ? - mbedtls_pk_key_type_to_string(&pkey) : "none"); + mbedtls_x509_pk_type_as_string(&pkey) : "none"); #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ /* diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a44c38c436..805b4ef1c8 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2723,8 +2723,8 @@ usage: } mbedtls_printf(" ok (key types: %s, %s)\n", - key_cert_init ? mbedtls_pk_key_type_to_string(&pkey) : "none", - key_cert_init2 ? mbedtls_pk_key_type_to_string(&pkey2) : "none"); + key_cert_init ? mbedtls_x509_pk_type_as_string(&pkey) : "none", + key_cert_init2 ? mbedtls_x509_pk_type_as_string(&pkey2) : "none"); #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(SNI_OPTION) From c23592d7ee51b0ae385200cbdfde7e15aba045d0 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 5 Jan 2026 13:48:10 +0000 Subject: [PATCH 8/9] Add improvements to code comments and docs Signed-off-by: Ben Taylor --- include/mbedtls/x509.h | 2 +- library/x509.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index fb0c314668..130c427c4f 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -317,7 +317,7 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn); /** - * \brief Convert the pk_key_type to a string. + * \brief Return the key's type as a string. * * \param[in] pk A mbedtls_pk_context struct containing the pk_key_type to convert diff --git a/library/x509.c b/library/x509.c index 67a6baa4c8..d7bc5d2dfb 100644 --- a/library/x509.c +++ b/library/x509.c @@ -123,7 +123,7 @@ int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end, } /* - * Convert pk_key_type to a string + * Convert the key type to a string */ const char *mbedtls_x509_pk_type_as_string(const mbedtls_pk_context *pk) { From 095fe073c35cadd9b287847268a1ce6ad6478c3f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 12 Jan 2026 08:10:45 +0000 Subject: [PATCH 9/9] Update tf-psa-crypto and framework modules to resolve merge conflict and config_macros import error Signed-off-by: Ben Taylor --- framework | 2 +- tf-psa-crypto | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/framework b/framework index 77f707a557..ee399cc257 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 77f707a5576c5bdd1ff9463c7b25d2488497f57e +Subproject commit ee399cc257e84c2c5328d866335053d05b3b169c diff --git a/tf-psa-crypto b/tf-psa-crypto index 2025c77606..f7ad6b6931 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 2025c776064a418406cb83d66fff06624d0e3734 +Subproject commit f7ad6b6931e179c2e40b3d04f3e6d207a7e3c36e