mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-31 10:20:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Switch handshake->ecdh_bits to size_t and remove now useless cast & limit checks

Browse Source 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This commit is contained in:
Neil Armstrong 2022-03-25 15:42:20 +01:00
parent 98f6f78a70
commit 91477a7964
4 changed files with 6 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
library/ssl_misc.h
View File

@ -630,7 +630,7 @@ struct mbedtls_ssl_handshake_params
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
psa_key_type_t ecdh_psa_type; psa_key_type_t ecdh_psa_type;
uint16_t ecdh_bits; size_t ecdh_bits;
mbedtls_svc_key_id_t ecdh_psa_privkey; mbedtls_svc_key_id_t ecdh_psa_privkey;
uint8_t ecdh_psa_shared_key; uint8_t ecdh_psa_shared_key;
unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];

4
library/ssl_tls12_client.c
View File

@ -2352,9 +2352,7 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl,
{ {
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
} }
if( ecdh_bits > 0xffff ) handshake->ecdh_bits = ecdh_bits;
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
handshake->ecdh_bits = (uint16_t) ecdh_bits;
/* Keep a copy of the peer's public key */ /* Keep a copy of the peer's public key */
ecpoint_len = *(*p)++; ecpoint_len = *(*p)++;

9
library/ssl_tls12_server.c
View File

@ -2913,10 +2913,7 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
} }
if( ecdh_bits > 0xffff ) ssl->handshake->ecdh_bits = ecdh_bits;
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
ssl->handshake->ecdh_bits = (uint16_t) ecdh_bits;
key_attributes = psa_key_attributes_init(); key_attributes = psa_key_attributes_init();
psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE ); psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
@ -3186,12 +3183,12 @@ curve_matching_done:
handshake->ecdh_psa_type = mbedtls_psa_parse_tls_ecc_group( handshake->ecdh_psa_type = mbedtls_psa_parse_tls_ecc_group(
(*curve)->tls_id, &ecdh_bits ); (*curve)->tls_id, &ecdh_bits );
if( handshake->ecdh_psa_type == 0 || ecdh_bits > 0xffff ) if( handshake->ecdh_psa_type == 0 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid ecc group parse." ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid ecc group parse." ) );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
} }
handshake->ecdh_bits = (uint16_t) ecdh_bits; handshake->ecdh_bits = ecdh_bits;
key_attributes = psa_key_attributes_init(); key_attributes = psa_key_attributes_init();
psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE ); psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );

4
library/ssl_tls13_client.c
View File

@ -288,9 +288,7 @@ static int ssl_tls13_generate_and_write_ecdh_key_exchange(
mbedtls_psa_parse_tls_ecc_group( named_group, &ecdh_bits ) ) == 0 ) mbedtls_psa_parse_tls_ecc_group( named_group, &ecdh_bits ) ) == 0 )
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
if( ecdh_bits > 0xffff ) ssl->handshake->ecdh_bits = ecdh_bits;
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
ssl->handshake->ecdh_bits = (uint16_t) ecdh_bits;
key_attributes = psa_key_attributes_init(); key_attributes = psa_key_attributes_init();
psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE ); psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );