Don't directly access key_bitlen

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2025-03-23 16:20:49 +00:00 · 2023-06-24 11:03:04 +01:00 · 2023-06-24 11:03:04 +01:00 · 9282d4f13a
commit 9282d4f13a
parent 3319ae9679
5 changed files with 8 additions and 8 deletions
--- a/library/cipher.c
+++ b/library/cipher.c
@ -129,7 +129,7 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values(

    for (def = mbedtls_cipher_definitions; def->info != NULL; def++) {
        if (def->info->base->cipher == cipher_id &&
-            def->info->key_bitlen == (unsigned) key_bitlen &&
+            mbedtls_cipher_info_get_key_bitlen(def->info) == (unsigned) key_bitlen &&
            def->info->mode == mode) {
            return def->info;
        }
@ -323,7 +323,7 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
 #endif /* MBEDTLS_USE_PSA_CRYPTO */

    if ((ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN) == 0 &&
-        (int) ctx->cipher_info->key_bitlen != key_bitlen) {
+        (int) mbedtls_cipher_info_get_key_bitlen(ctx->cipher_info) != key_bitlen) {
        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
    }

--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@ -151,7 +151,7 @@ int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
        return MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE;
    }

-    keylen = cipher_info->key_bitlen / 8;
+    keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8;

    if ((ret = pkcs12_pbe_derive_key_iv(pbe_params, md_type, pwd, pwdlen,
                                        key, keylen,
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@ -176,7 +176,7 @@ int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode,
     * The value of keylen from pkcs5_parse_pbkdf2_params() is ignored
     * since it is optional and we don't know if it was set or not
     */
-    keylen = cipher_info->key_bitlen / 8;
+    keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8;

    if (enc_scheme_params.tag != MBEDTLS_ASN1_OCTET_STRING ||
        enc_scheme_params.len != cipher_info->iv_size) {
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@ -1143,10 +1143,10 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
    cipher_info = mbedtls_cipher_info_from_type(cipher_type);
    CHK(cipher_info != NULL);
    CHK(cipher_info->iv_size <= 16);
-    CHK(cipher_info->key_bitlen % 8 == 0);
+    CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0);

    /* Pick keys */
-    keylen = cipher_info->key_bitlen / 8;
+    keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8;
    /* Allocate `keylen + 1` bytes to ensure that we get
     * a non-NULL pointers from `mbedtls_calloc` even if
     * `keylen == 0` in the case of the NULL cipher. */
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@ -586,12 +586,12 @@ void dec_empty_buf(int cipher,
    ASSERT_ALLOC(iv, iv_len);
    memset(iv, 0, iv_len);

-    TEST_ASSERT(sizeof(key) * 8 >= cipher_info->key_bitlen);
+    TEST_ASSERT(sizeof(key) * 8 >= mbedtls_cipher_info_get_key_bitlen(cipher_info));

    TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info));

    TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec,
-                                           key, cipher_info->key_bitlen,
+                                           key, mbedtls_cipher_info_get_key_bitlen(cipher_info),
                                           MBEDTLS_DECRYPT));

    TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len));