From 74860ddec2486ea63316d77cd4a3f3146c127bda Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 Feb 2024 14:25:18 +0100 Subject: [PATCH] Don't define pk_sign_verify in configurations where it's unused MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In some configurations (e.g. ECDH but no ECDSA or RSA), the PK module is useful but cannot perform any signatures. Then modern GCC complains: ``` ../source/tests/suites/test_suite_pk.function: In function ‘test_pk_sign_verify’: ../source/tests/suites/test_suite_pk.function:1136:12: error: array subscript 0 is outside array bounds of ‘unsigned char[0]’ [-Werror=array-bounds] ../source/tests/suites/test_suite_pk.function:1094:19: note: while referencing sig’ … ``` This fixes test-ref-configs.pl with a modern GCC (specifically with config-thread.h). Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.function | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 8e51aaa8d..5d0ee1a46 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -25,6 +25,13 @@ #define RSA_KEY_SIZE MBEDTLS_RSA_GEN_KEY_MIN_BITS #define RSA_KEY_LEN (MBEDTLS_RSA_GEN_KEY_MIN_BITS/8) +#if defined(MBEDTLS_RSA_C) || \ + defined(MBEDTLS_PK_RSA_ALT_SUPPORT) || \ + defined(MBEDTLS_ECDSA_C) || \ + defined(MBEDTLS_USE_PSA_CRYPTO) +#define PK_CAN_SIGN_SOME +#endif + /* MBEDTLS_TEST_PK_PSA_SIGN is enabled when: * - The build has PK_[PARSE/WRITE]_C for RSA or ECDSA signature. * - The build has built-in ECC and ECDSA signature. @@ -1082,7 +1089,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256 */ +/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256:PK_CAN_SIGN_SOME */ void pk_sign_verify(int type, int curve_or_keybits, int sign_ret, int verify_ret) { mbedtls_pk_context pk;