From 91477a7964f2ad9dd3bef857ae008e8c01757e8e Mon Sep 17 00:00:00 2001
From: Neil Armstrong <narmstrong@baylibre.com>
Date: Fri, 25 Mar 2022 15:42:20 +0100
Subject: [PATCH] Switch handshake->ecdh_bits to size_t and remove now useless
 cast & limit checks

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
---
 library/ssl_misc.h         | 2 +-
 library/ssl_tls12_client.c | 4 +---
 library/ssl_tls12_server.c | 9 +++------
 library/ssl_tls13_client.c | 4 +---
 4 files changed, 6 insertions(+), 13 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index e13b3d9dad..00f39891b7 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -630,7 +630,7 @@ struct mbedtls_ssl_handshake_params
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
     psa_key_type_t ecdh_psa_type;
-    uint16_t ecdh_bits;
+    size_t ecdh_bits;
     mbedtls_svc_key_id_t ecdh_psa_privkey;
     uint8_t ecdh_psa_shared_key;
     unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 7b609e9f2a..a8ce5c9af6 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -2352,9 +2352,7 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl,
     {
         return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
     }
-    if( ecdh_bits > 0xffff )
-        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
-    handshake->ecdh_bits = (uint16_t) ecdh_bits;
+    handshake->ecdh_bits = ecdh_bits;
 
     /* Keep a copy of the peer's public key */
     ecpoint_len = *(*p)++;
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index e0b5aaba30..f3e9d14947 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -2913,10 +2913,7 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
             return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
         }
 
-        if( ecdh_bits > 0xffff )
-            return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
-
-        ssl->handshake->ecdh_bits = (uint16_t) ecdh_bits;
+        ssl->handshake->ecdh_bits = ecdh_bits;
 
         key_attributes = psa_key_attributes_init();
         psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
@@ -3186,12 +3183,12 @@ curve_matching_done:
             handshake->ecdh_psa_type = mbedtls_psa_parse_tls_ecc_group(
                         (*curve)->tls_id, &ecdh_bits );
 
-            if( handshake->ecdh_psa_type == 0 || ecdh_bits > 0xffff )
+            if( handshake->ecdh_psa_type == 0 )
             {
                 MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid ecc group parse." ) );
                 return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
             }
-            handshake->ecdh_bits = (uint16_t) ecdh_bits;
+            handshake->ecdh_bits = ecdh_bits;
 
             key_attributes = psa_key_attributes_init();
             psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 9f22e1dcc6..c0094c065b 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -288,9 +288,7 @@ static int ssl_tls13_generate_and_write_ecdh_key_exchange(
         mbedtls_psa_parse_tls_ecc_group( named_group, &ecdh_bits ) ) == 0 )
             return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
 
-    if( ecdh_bits > 0xffff )
-        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
-    ssl->handshake->ecdh_bits = (uint16_t) ecdh_bits;
+    ssl->handshake->ecdh_bits = ecdh_bits;
 
     key_attributes = psa_key_attributes_init();
     psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );