Hi all,
I have a custom
configuration where MBEDTLS_ECDSA_C is defined but
MBEDTLS_PSA_CRYPTO_C and MBEDTLS_PSA_CRYPTO_CONFIG
are not.
This leads to a compiler
warning in e.g. psa_util.c because a
zero-sized array is declared
(because
PSA_VENDOR_ECC_MAX_CURVE_BITS is defined as 0).
As of C99, ยง6.7.5.2
Array declarators: "If the expression is a constant
expression, it shall have a value greater than zero."
psa_util.c:
#if
defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) // Line 368
int
mbedtls_ecdsa_raw_to_der(...) // Line 433
unsigned char
r[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; // Line
436 --> becomes in my config: unsigned char r[0];
MBEDTLS_PSA_UTIL_HAVE_ECDSA
is automatically defined in my configuration due to the
following code in config_adjust_legacy_crypto.h:
#if
defined(MBEDTLS_ECDSA_C) || (defined(MBEDTLS_PSA_CRYPTO_C)
&& \
(defined(PSA_WANT_ALG_ECDSA) ||
defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)))
#define
MBEDTLS_PSA_UTIL_HAVE_ECDSA
#endif
PSA_VENDOR_ECC_MAX_CURVE_BITS
only receives a non-zero value if a PSA_WANT_<CURVE>,
e.g. PSA_WANT_ECC_BRAINPOOL_P_R1_256, is defined.
PSA_WANT_<CURVE>
only gets defined in crypto_config.h if
MBEDTLS_PSA_CRYPTO_CONFIG is defined (which it is not in my
configuration).
I have worked around it
by explicitly defining e.g. PSA_WANT_ECC_BRAINPOOL_P_R1_256
in my configuration.
But I believe there is
some mismatch in the defines, at least in this example case,
because mbedtls_ecdsa_raw_to_der() is only used in pk_wrap.c
if MBEDTLS_USE_PSA_CRYPTO is defined.
Impact:
- In general, zero-sized arrays have undefined
behavior in C (but are allowed by some compiler
extensions) and thus behave differently for different
compilers
--> you might want to review
PSA_VENDOR_ECC_MAX_CURVE_BITS and
PSA_VENDOR_FFDH_MAX_KEY_BITS (and possibly more
definitions) that fall through to 0 and are used as array
sizes.
- In my particular case, I believe code is
compiled that is not needed (defines in psa_util.c and
pk_wrap.c do not seem to match)