24 Jun
2024
24 Jun
'24
5:51 p.m.
Hi Almut,
Thanks for the bug report! I've filed it as https://github.com/Mbed-TLS/mbedtls/issues/9311.
We do not intend to use 0-length arrays. When max-size macros end up being 0, the intent is that the macro is not used at all. (To avoid 0-length arrays, we actually have a few max-size macros that are always at least 1 due to the difficulty of completely excluding code that uses them in all configurations.)
As you suspect, it's a bug that this code is included at all. In a build without PSA APIs, we shouldn't include PSA utility functions.
Best regards,
--
Gilles Peskine
Mbed TLS developer
On 24/06/2024 14:38, Almut Herzog via mbed-tls wrote:
>
> Hi all,
>
> I have a custom configuration where *MBEDTLS_ECDSA_C is defined but
> MBEDTLS_PSA_CRYPTO_C and MBEDTLS_PSA_CRYPTO_CONFIG* *are not*.
>
> This leads to a *compiler warning* in e.g. psa_util.c because a
> *zero-sized array* is declared
>
> (because PSA_VENDOR_ECC_MAX_CURVE_BITS is defined as 0).
>
> As of C99, §6.7.5.2 Array declarators: "If the expression is a
> constant expression, it shall have a value greater than zero."
>
> psa_util.c:
>
> #if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) // Line 368
>
> int mbedtls_ecdsa_raw_to_der(...) // Line 433
>
> unsigned char r[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; //
> Line 436 --> becomes in my config: unsigned char r[0];
>
> MBEDTLS_PSA_UTIL_HAVE_ECDSA is automatically defined in my
> configuration due to the following code in config_adjust_legacy_crypto.h:
>
> #if defined(MBEDTLS_ECDSA_C) || (defined(MBEDTLS_PSA_CRYPTO_C) && \
>
> (defined(PSA_WANT_ALG_ECDSA) ||
> defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)))
>
> #define MBEDTLS_PSA_UTIL_HAVE_ECDSA
>
> #endif
>
> PSA_VENDOR_ECC_MAX_CURVE_BITS only receives a non-zero value if a
> PSA_WANT_<CURVE>, e.g. PSA_WANT_ECC_BRAINPOOL_P_R1_256, is defined.
>
> PSA_WANT_<CURVE> only gets defined in crypto_config.h if
> MBEDTLS_PSA_CRYPTO_CONFIG is defined (which it is not in my
> configuration).
>
> I have worked around it by explicitly defining e.g.
> PSA_WANT_ECC_BRAINPOOL_P_R1_256 in my configuration.
>
> But I believe there is some mismatch in the defines, at least in this
> example case, because mbedtls_ecdsa_raw_to_der() is only used in
> pk_wrap.c if MBEDTLS_USE_PSA_CRYPTO is defined.
>
> *Impact:*
>
> * In general, zero-sized arrays have undefined behavior in C (but
> are allowed by some compiler extensions) and thus behave
> differently for different compilers
> --> you might want to review PSA_VENDOR_ECC_MAX_CURVE_BITS and
> PSA_VENDOR_FFDH_MAX_KEY_BITS (and possibly more definitions) that
> fall through to 0 and are used as array sizes.
> * In my particular case, I believe code is compiled that is not
> needed (defines in psa_util.c and pk_wrap.c do not seem to match)
>
>