diff --git a/ChangeLog.d/psa_rsa_needs_pk.txt b/ChangeLog.d/psa_rsa_needs_pk.txt index 3421affc7..995963d7e 100644 --- a/ChangeLog.d/psa_rsa_needs_pk.txt +++ b/ChangeLog.d/psa_rsa_needs_pk.txt @@ -1,3 +1,5 @@ Bugfix * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not MBEDTLS_USE_PSA_CRYPTO or MBEDTLS_PK_WRITE_C. Fixes #6408. + * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not + MBEDTLS_PK_PARSE_C. Fixes #6409. diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 21e63f125..b04378929 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -79,11 +79,12 @@ * and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext(). * PSA crypto also needs pk_write to export RSA keys (otherwise the build * goes through but psa_export_key() and psa_export_public_key() fail on - * RSA keys). + * RSA keys), and pk_parse to work with RSA keys in almost any way. */ #if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C) #define MBEDTLS_PK_C #define MBEDTLS_PK_WRITE_C +#define MBEDTLS_PK_PARSE_C #endif /* Under MBEDTLS_USE_PSA_CRYPTO, the pk module needs pk_write functions diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fa4160415..30ab9ba63 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1572,11 +1572,11 @@ component_build_crypto_light () { scripts/config.py unset MBEDTLS_PEM_WRITE_C scripts/config.py unset MBEDTLS_PKCS12_C scripts/config.py unset MBEDTLS_PKCS5_C - # MBEDTLS_PK_WRITE_C is actually currently needed for RSA key export, - # but build_info.h will reenable it. + # MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C are actually currently needed + # in PSA code to work with RSA keys. We don't require users to set those: + # they will be reenabled in build_info.h. + scripts/config.py unset MBEDTLS_PK_PARSE_C scripts/config.py unset MBEDTLS_PK_WRITE_C - # At this time, we can't unset MBEDTLS_PK_PARSE_C, because it's needed - # for RSA in PSA (see https://github.com/Mbed-TLS/mbedtls/issues/6408). make CFLAGS='-O1 -Werror' all test are_empty_libraries library/libmbedx509.* library/libmbedtls.* }