Merge pull request #9479 from gilles-peskine-arm/psa-keystore-static-release-update-3.6
Backport 3.6: Key store spec: update release target for the static key store
diff --git a/ChangeLog.d/psa_util_in_builds_without_psa.txt b/ChangeLog.d/psa_util_in_builds_without_psa.txt
new file mode 100644
index 0000000..7c0866d
--- /dev/null
+++ b/ChangeLog.d/psa_util_in_builds_without_psa.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * When MBEDTLS_PSA_CRYPTO_C was disabled and MBEDTLS_ECDSA_C enabled,
+ some code was defining 0-size arrays, resulting in compilation errors.
+ Fixed by disabling the offending code in configurations without PSA
+ Crypto, where it never worked. Fixes #9311.
diff --git a/framework b/framework
index 6a1dc7d..94599c0 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 6a1dc7daa9e861fb873dd4b9f13ebfbd6f82f6dc
+Subproject commit 94599c0e3b5036e086446a51a3f79640f70f22f6
diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h
index 7a375d8..3ba987e 100644
--- a/include/mbedtls/config_adjust_legacy_crypto.h
+++ b/include/mbedtls/config_adjust_legacy_crypto.h
@@ -428,7 +428,7 @@
/* psa_util file features some ECDSA conversion functions, to convert between
* legacy's ASN.1 DER format and PSA's raw one. */
-#if defined(MBEDTLS_ECDSA_C) || (defined(MBEDTLS_PSA_CRYPTO_C) && \
+#if (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \
(defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)))
#define MBEDTLS_PSA_UTIL_HAVE_ECDSA
#endif