Skip to content

Remove use of pk_can_do() #10505

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
valeriosetti wants to merge 8 commits into
base: development
Choose a base branch
from
Open

Remove use of pk_can_do() #10505

valeriosetti wants to merge 8 commits into from
+57 −23

Conversation

@valeriosetti
Copy link
Contributor

@valeriosetti valeriosetti commented Nov 12, 2025
edited
Loading

Description

Resolves #10453

PR checklist

  • changelog not required because: no visible change for the end user
  • development PR not required because: it's this one
  • TF-PSA-Crypto PR not required because: no change there
  • framework PR not required
  • 3.6 PR not required because: no backport
  • tests not required because: code behavior is expected to remain the same so already existing tests should be enough to prove that this change is OK.

@valeriosetti valeriosetti added needs-ci Needs to pass CI tests needs-preceding-pr Requires another PR to be merged first needs-reviewer This PR needs someone to pick it up for review size-s Estimated task size: small (~2d) priority-high High priority - will be reviewed soon labels Nov 12, 2025
@valeriosetti valeriosetti added needs-review Every commit must be reviewed by at least two team members, and removed needs-preceding-pr Requires another PR to be merged first labels Dec 2, 2025
@valeriosetti valeriosetti force-pushed the issue10453 branch 3 times, most recently from c8b2c7e to 0a6589e Compare December 3, 2025 12:24
@valeriosetti valeriosetti removed the needs-ci Needs to pass CI tests label Dec 4, 2025
@valeriosetti
library: ssl: remove duplicate check in ssl_parse_server_key_exchange()
024c3ae 
The check being removed is already done few lines above so there is no
need to repeat it twice.

Signed-off-by: Valerio Setti <[email protected]>
@valeriosetti
library: common: add helper to get PSA algorithm from PK sigalg
92926ff 
Add a simple helper to convert from PK sigalg to PSA algorithm. This is
handy when calling mbedtls_pk_can_do_psa() knowing the PK sigalg and the
used MD type.

This is being added in a separate file because it's meant to be consumed
by both ssl and x509 modules. It was not added to tf-psa-crypto because
this is only needed on the mbedtls repo and doing so reduce interdependencies
between the repos.

Signed-off-by: Valerio Setti <[email protected]>
@valeriosetti
library: ssl: replace mbedtls_pk_can_do() with mbedtls_pk_can_do_psa()
81a5a09 
Signed-off-by: Valerio Setti <[email protected]>
@valeriosetti
library: x509: change order of checks in x509_crt_check_signature()
9d1fa1a 
Checking that parent PK type is OK is definitely faster than computing
an hash, so invert the checks.

Signed-off-by: Valerio Setti <[email protected]>
@valeriosetti
library: x509: replace mbedtls_pk_can_do() with mbedtls_pk_can_do_psa()
1de094f 
Signed-off-by: Valerio Setti <[email protected]>
@valeriosetti
ssl: replace usage of mbedtls_pk_can_do() with mbedtls_pk_get_key_type()
902467d 
Signed-off-by: Valerio Setti <[email protected]>
@valeriosetti
x509: replace usage of mbedtls_pk_can_do() with mbedtls_pk_get_key_ty…
9eb5b2a 
…pe()

Signed-off-by: Valerio Setti <[email protected]>
@bjwtaylor bjwtaylor self-requested a review December 5, 2025 14:46
bjwtaylor
bjwtaylor reviewed Dec 5, 2025
View reviewed changes
library/ssl_tls.c Outdated
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
mbedtls_pk_can_do(&chain->pk, MBEDTLS_PK_ECKEY)) {
Copy link

@bjwtaylor bjwtaylor Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason we still need this usage?

Copy link
Contributor Author

@valeriosetti valeriosetti Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops, nope, that completely missed my checks :(

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bjwtaylor bjwtaylor Awaiting requested review from bjwtaylor

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

needs-review Every commit must be reviewed by at least two team members, needs-reviewer This PR needs someone to pick it up for review priority-high High priority - will be reviewed soon size-s Estimated task size: small (~2d)

Projects

Roadmap pull requests (new board)
Status: In Development

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Remove use of pk_can_do()

2 participants

@valeriosetti @bjwtaylor