Hi all,

I have a custom configuration where MBEDTLS_ECDSA_C is defined but MBEDTLS_PSA_CRYPTO_C and MBEDTLS_PSA_CRYPTO_CONFIG are not.

This leads to a compiler warning in e.g. psa_util.c because a zero-sized array is declared

(because PSA_VENDOR_ECC_MAX_CURVE_BITS is defined as 0).

As of C99, §6.7.5.2 Array declarators: "If the expression is a constant expression, it shall have a value greater than zero."

psa_util.c:

#if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) // Line 368

int mbedtls_ecdsa_raw_to_der(...) // Line 433

unsigned char r[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; // Line 436 --> becomes in my config: unsigned char r[0];

MBEDTLS_PSA_UTIL_HAVE_ECDSA is automatically defined in my configuration due to the following code in config_adjust_legacy_crypto.h:

#if defined(MBEDTLS_ECDSA_C) || (defined(MBEDTLS_PSA_CRYPTO_C) && \

(defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)))

#define MBEDTLS_PSA_UTIL_HAVE_ECDSA

#endif

PSA_VENDOR_ECC_MAX_CURVE_BITS only receives a non-zero value if a PSA_WANT_<CURVE>, e.g. PSA_WANT_ECC_BRAINPOOL_P_R1_256, is defined.

PSA_WANT_<CURVE> only gets defined in crypto_config.h if MBEDTLS_PSA_CRYPTO_CONFIG is defined (which it is not in my configuration).

I have worked around it by explicitly defining e.g. PSA_WANT_ECC_BRAINPOOL_P_R1_256 in my configuration.

But I believe there is some mismatch in the defines, at least in this example case, because mbedtls_ecdsa_raw_to_der() is only used in pk_wrap.c if MBEDTLS_USE_PSA_CRYPTO is defined.

Impact:

In general, zero-sized arrays have undefined behavior in C (but are allowed by some compiler extensions) and thus behave differently for different compilers
--> you might want to review PSA_VENDOR_ECC_MAX_CURVE_BITS and PSA_VENDOR_FFDH_MAX_KEY_BITS (and possibly more definitions) that fall through to 0 and are used as array sizes.
In my particular case, I believe code is compiled that is not needed (defines in psa_util.c and pk_wrap.c do not seem to match)