ssl: replace PSA_ALG_ECDSA with MBEDTLS_PK_ALG_ECDSA
When the key is parsed from PK it is assigned the pseudo-alg
MBEDTLS_PK_ALG_ECDSA. Trying to run "mbedtls_pk_can_do_psa" with an hardcoded
deterministc/randomized ECDSA can make the function to fail if the proper
variant is not the one also used by PK.
This commit fixes this problem.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 39826ee..f7aaac2 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -924,7 +924,7 @@
mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
+ return MBEDTLS_PK_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
default:
return PSA_ALG_NONE;
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c6a119f..37e4259 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -8148,7 +8148,7 @@
if (sig_alg_received == MBEDTLS_SSL_SIG_ECDSA &&
!mbedtls_pk_can_do_psa(ssl->handshake->key_cert->key,
- PSA_ALG_ECDSA(psa_hash_alg),
+ MBEDTLS_PK_ALG_ECDSA(psa_hash_alg),
PSA_KEY_USAGE_SIGN_HASH)) {
continue;
}
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 2ca42f2..8b60a7b 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1076,11 +1076,11 @@
{
switch (sig_alg) {
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
- return PSA_ALG_ECDSA(PSA_ALG_SHA_256);
+ return MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_256);
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
- return PSA_ALG_ECDSA(PSA_ALG_SHA_384);
+ return MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_384);
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
- return PSA_ALG_ECDSA(PSA_ALG_SHA_512);
+ return MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_512);
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
return PSA_ALG_RSA_PSS(PSA_ALG_SHA_256);
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: