diff --git a/library/bignum.c b/library/bignum.c index 61353ca53d..70e751b534 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -131,15 +131,17 @@ int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X, MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n)); - mbedtls_ct_condition_t do_assign = mbedtls_ct_bool(assign); + { + mbedtls_ct_condition_t do_assign = mbedtls_ct_bool(assign); - X->s = (int) mbedtls_ct_uint_if(do_assign, Y->s, X->s); + X->s = (int) mbedtls_ct_uint_if(do_assign, Y->s, X->s); - mbedtls_mpi_core_cond_assign(X->p, Y->p, Y->n, do_assign); + mbedtls_mpi_core_cond_assign(X->p, Y->p, Y->n, do_assign); - mbedtls_ct_condition_t do_not_assign = mbedtls_ct_bool_not(do_assign); - for (size_t i = Y->n; i < X->n; i++) { - X->p[i] = mbedtls_ct_mpi_uint_if_else_0(do_not_assign, X->p[i]); + mbedtls_ct_condition_t do_not_assign = mbedtls_ct_bool_not(do_assign); + for (size_t i = Y->n; i < X->n; i++) { + X->p[i] = mbedtls_ct_mpi_uint_if_else_0(do_not_assign, X->p[i]); + } } cleanup: @@ -386,7 +388,7 @@ static inline mbedtls_mpi_uint mpi_sint_abs(mbedtls_mpi_sint z) /* Convert x to a sign, i.e. to 1, if x is positive, or -1, if x is negative. * This looks awkward but generates smaller code than (x < 0 ? -1 : 1) */ -#define TO_SIGN(x) ((((mbedtls_mpi_uint) x) >> (biL - 1)) * -2 + 1) +#define TO_SIGN(x) ((mbedtls_mpi_sint) (((mbedtls_mpi_uint) x) >> (biL - 1)) * -2 + 1) /* * Set value from integer diff --git a/library/pk.c b/library/pk.c index 03c1e353bd..96b8ef9220 100644 --- a/library/pk.c +++ b/library/pk.c @@ -514,9 +514,11 @@ int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_pk_rsassa_pss_options *pss_opts; +#if SIZE_MAX > UINT_MAX if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } +#endif if (options == NULL) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; diff --git a/library/pk_wrap.c b/library/pk_wrap.c index e67138b26e..4a3fef7cec 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -262,9 +262,11 @@ static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx; size_t rsa_len = mbedtls_rsa_get_len(rsa); +#if SIZE_MAX > UINT_MAX if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } +#endif if (sig_len < rsa_len) { return MBEDTLS_ERR_RSA_VERIFY_FAILED; @@ -382,9 +384,11 @@ static int rsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, { mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx; +#if SIZE_MAX > UINT_MAX if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } +#endif *sig_len = mbedtls_rsa_get_len(rsa); if (sig_size < *sig_len) { @@ -1565,9 +1569,11 @@ static int rsa_alt_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, { mbedtls_rsa_alt_context *rsa_alt = pk->pk_ctx; +#if SIZE_MAX > UINT_MAX if (UINT_MAX < hash_len) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } +#endif *sig_len = rsa_alt->key_len_func(rsa_alt->key); if (*sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE) { diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 508a68b032..065e55af18 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -328,9 +328,11 @@ static psa_status_t psa_rsa_decode_md_type(psa_algorithm_t alg, /* The Mbed TLS RSA module uses an unsigned int for hash length * parameters. Validate that it fits so that we don't risk an * overflow later. */ +#if SIZE_MAX > UINT_MAX if (hash_length > UINT_MAX) { return PSA_ERROR_INVALID_ARGUMENT; } +#endif /* For signatures using a hash, the hash length must be correct. */ if (alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW) { diff --git a/library/sha256.c b/library/sha256.c index 5375255a8d..223badf00f 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -681,6 +681,7 @@ int mbedtls_sha256_finish(mbedtls_sha256_context *ctx, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint32_t used; uint32_t high, low; + int truncated = 0; /* * Add padding: 0x80 then 0x00 until 8 bytes remain for the length @@ -728,7 +729,6 @@ int mbedtls_sha256_finish(mbedtls_sha256_context *ctx, MBEDTLS_PUT_UINT32_BE(ctx->state[5], output, 20); MBEDTLS_PUT_UINT32_BE(ctx->state[6], output, 24); - int truncated = 0; #if defined(MBEDTLS_SHA224_C) truncated = ctx->is224; #endif diff --git a/library/sha512.c b/library/sha512.c index a91d7922ac..e739af2546 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -828,6 +828,7 @@ int mbedtls_sha512_finish(mbedtls_sha512_context *ctx, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned used; uint64_t high, low; + int truncated = 0; /* * Add padding: 0x80 then 0x00 until 16 bytes remain for the length @@ -874,7 +875,6 @@ int mbedtls_sha512_finish(mbedtls_sha512_context *ctx, sha512_put_uint64_be(ctx->state[4], output, 32); sha512_put_uint64_be(ctx->state[5], output, 40); - int truncated = 0; #if defined(MBEDTLS_SHA384_C) truncated = ctx->is384; #endif diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja index ded5c041a2..de16284bde 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja @@ -527,9 +527,7 @@ static inline psa_status_t psa_driver_wrapper_sign_hash_start( size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length ) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); switch( location ) @@ -560,18 +558,8 @@ static inline psa_status_t psa_driver_wrapper_sign_hash_start( default: /* Key is declared with a lifetime not known to us */ - ( void ) status; return( PSA_ERROR_INVALID_ARGUMENT ); } - - ( void ) operation; - ( void ) key_buffer; - ( void ) key_buffer_size; - ( void ) alg; - ( void ) hash; - ( void ) hash_length; - - return( status ); } static inline psa_status_t psa_driver_wrapper_sign_hash_complete( @@ -627,8 +615,6 @@ static inline psa_status_t psa_driver_wrapper_verify_hash_start( const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ) { - - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); @@ -662,20 +648,8 @@ static inline psa_status_t psa_driver_wrapper_verify_hash_start( default: /* Key is declared with a lifetime not known to us */ - ( void ) status; return( PSA_ERROR_INVALID_ARGUMENT ); } - - ( void ) operation; - ( void ) key_buffer; - ( void ) key_buffer_size; - ( void ) alg; - ( void ) hash; - ( void ) hash_length; - ( void ) signature; - ( void ) signature_length; - - return( status ); } static inline psa_status_t psa_driver_wrapper_verify_hash_complete( @@ -2726,6 +2700,7 @@ static inline psa_status_t psa_driver_wrapper_pake_setup( case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ + status = PSA_ERROR_NOT_SUPPORTED; #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) status = mbedtls_test_transparent_pake_setup( @@ -2743,15 +2718,12 @@ static inline psa_status_t psa_driver_wrapper_pake_setup( inputs ); if( status == PSA_SUCCESS ) operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; - return status; #endif - return( PSA_ERROR_NOT_SUPPORTED ); + return status; /* Add cases for opaque driver here */ default: /* Key is declared with a lifetime not known to us */ (void)operation; - (void)inputs; - (void)status; return( PSA_ERROR_INVALID_ARGUMENT ); } }