Intermittent failure of "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" #10479
Description
Summary
Output from ssl-opt.sh
15:43:01 keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK ..................... PASS
15:43:02 keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft) ................ FAIL
15:43:02 ! pattern '! Usage does not match the keyUsage extension' MUST be present in the Server output
15:43:02 ! outputs saved to o-XXX-472.log
15:43:04 keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (hard) ................ PASS
15:43:06 extKeyUsage srv: serverAuth -> OK ...................................... PASS
15:43:07 extKeyUsage srv: serverAuth,clientAuth -> OK ........................... PASS
Logs as follows:
tls-all_u16-test_psa_crypto_config_accel_ecc_no_ecp_at_all-o-srv-472.log
tls-all_u16-test_psa_crypto_config_accel_ecc_no_ecp_at_all-o-cli-472.log
Problematic section of logs:
ssl_tls13_generic.c:0381: |1| 0x7fff451bfec0: mbedtls_ssl_tls13_process_certificate_verify() returned -69 (-0x0045)
ssl_tls.c:4229: |2| 0x7fff451bfec0: <= handshake
failed
! mbedtls_ssl_handshake returned -0x45
interrupted by SIGTERM (not in net_accept())
. Cleaning up...ssl_tls.c:5096: |2| 0x7fff451bfec0: => free
ssl_tls.c:5156: |2| 0x7fff451bfec0: <= free
done.
System information
Mbed TLS version (number or commit id): Mbed-TLS/TF-PSA-Crypto@d071d6f
Operating system and version: Newci
Configuration (if not default, please attach mbedtls_config.h):
Compiler and options (if you used a pre-built binary, please indicate how you obtained it):
Additional environment information:
Expected behavior
ssl_msg.c:4008: |2| => read record
ssl_msg.c:1864: |2| => fetch input
ssl_msg.c:2004: |2| in_left: 0, nb_want: 5
ssl_msg.c:2024: |2| in_left: 0, nb_want: 5
ssl_msg.c:2027: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_msg.c:2049: |2| <= fetch input
ssl_msg.c:3675: |3| input record: msgtype = 22, version = [0x301], msglen = 288
ssl_msg.c:1864: |2| => fetch input
ssl_msg.c:2004: |2| in_left: 5, nb_want: 293
ssl_msg.c:2024: |2| in_left: 5, nb_want: 293
ssl_msg.c:2027: |2| ssl->f_recv(_timeout)() returned 288 (-0xfffffee0)
ssl_msg.c:2049: |2| <= fetch input
ssl_msg.c:2946: |3| handshake message: msglen = 288, type = 1, hslen = 288
ssl_msg.c:3035: |3| sole handshake fragment: 288, 0..288 of 288
ssl_msg.c:4080: |2| <= read record
Actual behavior
ssl_msg.c:4008: |2| => read record
ssl_msg.c:1864: |2| => fetch input
ssl_msg.c:2004: |2| in_left: 0, nb_want: 5
ssl_msg.c:2024: |2| in_left: 0, nb_want: 5
ssl_msg.c:2027: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_msg.c:2049: |2| <= fetch input
ssl_msg.c:3675: |3| input record: msgtype = 22, version = [0x301], msglen = 288
ssl_msg.c:1864: |2| => fetch input
ssl_msg.c:2004: |2| in_left: 5, nb_want: 293
ssl_msg.c:2024: |2| in_left: 5, nb_want: 293
ssl_msg.c:2027: |2| ssl->f_recv(_timeout)() returned 288 (-0xfffffee0)
ssl_msg.c:2049: |2| <= fetch input
ssl_msg.c:2946: |3| handshake message: msglen = 288, type = 1, hslen = 288
ssl_msg.c:3035: |3| sole handshake fragment: 288, 0..288 of 288
ssl_msg.c:4080: |2| <= read record
Steps to reproduce
Intermittently occurs on the CI