An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
When building mbedTLS v3.6.0 with this configuration, I got errors like this:
rsa.c:301:16: error: call to undeclared function 'mbedtls_asn1_write_mpi'; ISO C99 and later do not support implicit function
declarations [-Wimplicit-function-declaration]
301 | (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) {
| ^
rsa.c:362:31: error: call to undeclared function 'mbedtls_asn1_write_int'; ISO C99 and later do not support implicit function
declarations [-Wimplicit-function-declaration]
362 | MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, start, 0));
| ^
... and so on ...
Apparently these build errors happen because our minimal config misses these two dependencies:
MBEDTLS_ASN1_PARSE_C
MBEDTLS_ASN1_WRITE_C
Indeed, I observe that rsa.c uses those functions that are hidden behind checks like this:
Our particular config doesn't use X.509 certificates and doesn't use PSA ECDSA. So our config is supposed to include MBEDTLS_ASN1_PARSE_C. (Similar story for MBEDTLS_ASN1_WRITE_C.)
Here are the relevant code snippets for more context:
Summary
In Gramine, we use a minimal configuration of mbedTLS: https://github.com/gramineproject/gramine/blob/master/subprojects/packagefiles/mbedtls/include/mbedtls/config-pal.h
When building mbedTLS v3.6.0 with this configuration, I got errors like this:
Apparently these build errors happen because our minimal config misses these two dependencies:
MBEDTLS_ASN1_PARSE_C
MBEDTLS_ASN1_WRITE_C
Indeed, I observe that
rsa.c
uses those functions that are hidden behind checks like this:Our particular config doesn't use X.509 certificates and doesn't use PSA ECDSA. So our config is supposed to include
MBEDTLS_ASN1_PARSE_C
. (Similar story forMBEDTLS_ASN1_WRITE_C
.)Here are the relevant code snippets for more context:
System information
Mbed TLS version (number or commit id):
v3.6.0
, but same is observed ondevelopment
Operating system and version: Ubuntu 24.04, Linux v6.8 (should be irrelevant) Configuration (if not default, please attachmbedtls_config.h
): https://github.com/gramineproject/gramine/blob/a11ae6ad21844bad9725d165137fe6e346d33218/subprojects/packagefiles/mbedtls/include/mbedtls/config-pal.h Compiler and options (if you used a pre-built binary, please indicate how you obtained it): Ubuntu clang version 18.1.3 Additional environment information:Expected behavior
https://github.com/Mbed-TLS/mbedtls/blob/v3.6.0/include/mbedtls/mbedtls_config.h#L3280 must contain something like this:
Actual behavior
https://github.com/Mbed-TLS/mbedtls/blob/v3.6.0/include/mbedtls/mbedtls_config.h#L3280 contains this: