From fd94304f9d547f826e2cbc044e9cfb725f539a95 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Oct 2022 20:59:29 +0200 Subject: [PATCH] PSA RSA needs pk_write The PSA crypto code needs mbedtls_pk_write_key_der() and mbedtls_pk_write_pubkey() when using RSA without drivers. We were already forcing MBEDTLS_PK_WRITE_C when MBEDTLS_USE_PSA_CRYPTO is enabled. Do so also when MBEDTLS_PSA_CRYPTO_C is enabled as well as MBEDTLS_RSA_C, even without MBEDTLS_USE_PSA_CRYPTO. Fixes #6408. Signed-off-by: Gilles Peskine --- ChangeLog.d/psa_rsa_needs_pk.txt | 3 +++ include/mbedtls/build_info.h | 17 ++++++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/psa_rsa_needs_pk.txt diff --git a/ChangeLog.d/psa_rsa_needs_pk.txt b/ChangeLog.d/psa_rsa_needs_pk.txt new file mode 100644 index 0000000000..3421affc7a --- /dev/null +++ b/ChangeLog.d/psa_rsa_needs_pk.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not + MBEDTLS_USE_PSA_CRYPTO or MBEDTLS_PK_WRITE_C. Fixes #6408. diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 6195ac979b..21e63f125f 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -74,7 +74,22 @@ #include MBEDTLS_USER_CONFIG_FILE #endif -#if defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO) +/* The PK wrappers need pk_write functions to format RSA key objects + * when they are dispatching to the PSA API. This happens under USE_PSA_CRYPTO, + * and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext(). + * PSA crypto also needs pk_write to export RSA keys (otherwise the build + * goes through but psa_export_key() and psa_export_public_key() fail on + * RSA keys). + */ +#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C) +#define MBEDTLS_PK_C +#define MBEDTLS_PK_WRITE_C +#endif + +/* Under MBEDTLS_USE_PSA_CRYPTO, the pk module needs pk_write functions + * to pass ECC keys to PSA. */ +#if defined(MBEDTLS_PK_C) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECP_C) #define MBEDTLS_PK_WRITE_C #endif