From ee2c3e819ff961f74c0aa04c6b891ef012ef3eb9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 23 Feb 2026 09:34:49 +0100
Subject: [PATCH] Adjust guard for 3.6
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

In all.sh component test_psa_crypto_config_accel_rsa_crypto, where RSA
is provided only by a drivers, we were using a stack buffer. However
that was not correct, as "opaque" (PSA-held) RSA keys are still
possible. This was pointed by failing test cases in test_suite_pk, such
as "PSA import into PSA: opaque RSA, EXPORT (ok)".

As usual with 3.6, we need more complicated pre-processor conditions.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 library/pk_internal.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/library/pk_internal.h b/library/pk_internal.h
index 4d6081cbe2..202f011ea3 100644
--- a/library/pk_internal.h
+++ b/library/pk_internal.h
@@ -51,8 +51,11 @@
  *
  * The current compromise is that if ECC is the only key type supported in PK,
  * then we export keys on the stack, and otherwise we use the heap.
+ *
+ * RSA can either be used directly or indirectly via opaque keys if enabled.
  */
-#if !defined(MBEDTLS_RSA_C)
+#if !defined(MBEDTLS_RSA_C) && \
+    !(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY))
 #define PK_EXPORT_KEYS_ON_THE_STACK
 #endif