Hi Almut,

Thanks for the bug report! I've filed it as https://github.com/Mbed-TLS/mbedtls/issues/9311.

We do not intend to use 0-length arrays. When max-size macros end up being 0, the intent is that the macro is not used at all. (To avoid 0-length arrays, we actually have a few max-size macros that are always at least 1 due to the difficulty of completely excluding code that uses them in all configurations.)

As you suspect, it's a bug that this code is included at all. In a build without PSA APIs, we shouldn't include PSA utility functions.

Best regards,

--
Gilles Peskine
Mbed TLS developer

On 24/06/2024 14:38, Almut Herzog via mbed-tls wrote:

Hi all,

 

I have a custom configuration where MBEDTLS_ECDSA_C is defined but MBEDTLS_PSA_CRYPTO_C and MBEDTLS_PSA_CRYPTO_CONFIG are not.

This leads to a compiler warning in e.g. psa_util.c because a zero-sized array is declared

(because PSA_VENDOR_ECC_MAX_CURVE_BITS is defined as 0).

 

As of C99, ยง6.7.5.2 Array declarators: "If the expression is a constant expression, it shall have a value greater than zero."

 

psa_util.c:

#if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA)  // Line 368

int mbedtls_ecdsa_raw_to_der(...)  // Line 433

    unsigned char r[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; // Line 436 --> becomes in my config: unsigned char r[0];

                            

MBEDTLS_PSA_UTIL_HAVE_ECDSA is automatically defined in my configuration due to the following code in config_adjust_legacy_crypto.h:

#if defined(MBEDTLS_ECDSA_C) || (defined(MBEDTLS_PSA_CRYPTO_C) && \

    (defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)))

#define MBEDTLS_PSA_UTIL_HAVE_ECDSA

#endif

 

PSA_VENDOR_ECC_MAX_CURVE_BITS only receives a non-zero value if a PSA_WANT_<CURVE>, e.g. PSA_WANT_ECC_BRAINPOOL_P_R1_256, is defined.

PSA_WANT_<CURVE> only gets defined in crypto_config.h if MBEDTLS_PSA_CRYPTO_CONFIG is defined (which it is not in my configuration).

 

I have worked around it by explicitly defining e.g. PSA_WANT_ECC_BRAINPOOL_P_R1_256 in my configuration.

But I believe there is some mismatch in the defines, at least in this example case, because mbedtls_ecdsa_raw_to_der() is only used in pk_wrap.c if MBEDTLS_USE_PSA_CRYPTO is defined.

 

Impact: