mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-02 07:20:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Automatically enable PK_PARSE for RSA in PSA

Browse Source 
PSA crypto currently needs MBEDTLS_PK_PARSE_C to parse RSA keys to do almost
anything with them (import, get attributes, export public from private, any
cryptographic operations). Force it on, for symmetry with what we're doing
for MBEDTLS_PK_WRITE_C. Fixes #6409.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2022-10-11 21:15:24 +02:00
parent aef1ba679d
commit fcee740b83
3 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog.d/psa_rsa_needs_pk.txt
View File

@ -1,3 +1,5 @@
Bugfix
* Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not
MBEDTLS_USE_PSA_CRYPTO or MBEDTLS_PK_WRITE_C. Fixes #6408.
* Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not
MBEDTLS_PK_PARSE_C. Fixes #6409.

3
include/mbedtls/build_info.h
View File

@ -79,11 +79,12 @@
* and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext().
* PSA crypto also needs pk_write to export RSA keys (otherwise the build
* goes through but psa_export_key() and psa_export_public_key() fail on
* RSA keys).
* RSA keys), and pk_parse to work with RSA keys in almost any way.
*/
#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C)
#define MBEDTLS_PK_C
#define MBEDTLS_PK_WRITE_C
#define MBEDTLS_PK_PARSE_C
#endif
/* Under MBEDTLS_USE_PSA_CRYPTO, the pk module needs pk_write functions

8
tests/scripts/all.sh
View File

@ -1572,11 +1572,11 @@ component_build_crypto_light () {
scripts/config.py unset MBEDTLS_PEM_WRITE_C
scripts/config.py unset MBEDTLS_PKCS12_C
scripts/config.py unset MBEDTLS_PKCS5_C
# MBEDTLS_PK_WRITE_C is actually currently needed for RSA key export,
# but build_info.h will reenable it.
# MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C are actually currently needed
# in PSA code to work with RSA keys. We don't require users to set those:
# they will be reenabled in build_info.h.
scripts/config.py unset MBEDTLS_PK_PARSE_C
scripts/config.py unset MBEDTLS_PK_WRITE_C
# At this time, we can't unset MBEDTLS_PK_PARSE_C, because it's needed
# for RSA in PSA (see https://github.com/Mbed-TLS/mbedtls/issues/6408).
make CFLAGS='-O1 -Werror' all test
are_empty_libraries library/libmbedx509.* library/libmbedtls.*
}