Merge remote-tracking branch 'psa/pr/67' into feature-psa
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 8ce668c..4a33639 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1163,7 +1163,8 @@
if( cipher_id != NULL )
*cipher_id = cipher_id_tmp;
- return( mbedtls_cipher_info_from_values( cipher_id_tmp, key_bits, mode ) );
+ return( mbedtls_cipher_info_from_values( cipher_id_tmp,
+ (int) key_bits, mode ) );
}
static size_t psa_get_hash_block_size( psa_algorithm_t alg )
@@ -1253,7 +1254,7 @@
#if defined(MBEDTLS_MD_C)
if( PSA_ALG_IS_HMAC( operation->alg ) )
{
- unsigned int block_size =
+ size_t block_size =
psa_get_hash_block_size( PSA_ALG_HMAC_HASH( operation->alg ) );
if( block_size == 0 )
@@ -1660,6 +1661,15 @@
if( signature_size < rsa->len )
return( PSA_ERROR_BUFFER_TOO_SMALL );
+ /* The Mbed TLS RSA module uses an unsigned int for hash_length. See if
+ * hash_length will fit and return an error if it doesn't. */
+#if defined(MBEDTLS_PKCS1_V15) || defined(MBEDTLS_PKCS1_V21)
+#if SIZE_MAX > UINT_MAX
+ if( hash_length > UINT_MAX )
+ return( PSA_ERROR_NOT_SUPPORTED );
+#endif
+#endif
+
#if defined(MBEDTLS_PKCS1_V15)
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
{
@@ -1669,7 +1679,9 @@
mbedtls_ctr_drbg_random,
&global_data.ctr_drbg,
MBEDTLS_RSA_PRIVATE,
- md_alg, hash_length, hash,
+ md_alg,
+ (unsigned int) hash_length,
+ hash,
signature );
}
else
@@ -1682,7 +1694,9 @@
mbedtls_ctr_drbg_random,
&global_data.ctr_drbg,
MBEDTLS_RSA_PRIVATE,
- md_alg, hash_length, hash,
+ md_alg,
+ (unsigned int) hash_length,
+ hash,
signature );
}
else
@@ -1714,6 +1728,15 @@
if( signature_length < rsa->len )
return( PSA_ERROR_BUFFER_TOO_SMALL );
+#if defined(MBEDTLS_PKCS1_V15) || defined(MBEDTLS_PKCS1_V21)
+#if SIZE_MAX > UINT_MAX
+ /* The Mbed TLS RSA module uses an unsigned int for hash_length. See if
+ * hash_length will fit and return an error if it doesn't. */
+ if( hash_length > UINT_MAX )
+ return( PSA_ERROR_NOT_SUPPORTED );
+#endif
+#endif
+
#if defined(MBEDTLS_PKCS1_V15)
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
{
@@ -1724,7 +1747,7 @@
&global_data.ctr_drbg,
MBEDTLS_RSA_PUBLIC,
md_alg,
- hash_length,
+ (unsigned int) hash_length,
hash,
signature );
}
@@ -1738,7 +1761,9 @@
mbedtls_ctr_drbg_random,
&global_data.ctr_drbg,
MBEDTLS_RSA_PUBLIC,
- md_alg, hash_length, hash,
+ md_alg,
+ (unsigned int) hash_length,
+ hash,
signature );
}
else
@@ -2188,7 +2213,7 @@
{
ret = mbedtls_cipher_setkey( &operation->ctx.cipher,
slot->data.raw.data,
- key_bits, cipher_operation );
+ (int) key_bits, cipher_operation );
}
if( ret != 0 )
{
@@ -2513,7 +2538,7 @@
}
psa_status_t psa_set_key_lifetime( psa_key_slot_t key,
- const psa_key_lifetime_t lifetime )
+ psa_key_lifetime_t lifetime )
{
key_slot_t *slot;
@@ -2604,7 +2629,7 @@
mbedtls_gcm_init( &gcm );
ret = mbedtls_gcm_setkey( &gcm, cipher_id,
slot->data.raw.data,
- key_bits );
+ (unsigned int) key_bits );
if( ret != 0 )
{
mbedtls_gcm_free( &gcm );
@@ -2637,7 +2662,8 @@
mbedtls_ccm_init( &ccm );
ret = mbedtls_ccm_setkey( &ccm, cipher_id,
- slot->data.raw.data, key_bits );
+ slot->data.raw.data,
+ (unsigned int) key_bits );
if( ret != 0 )
{
mbedtls_ccm_free( &ccm );
@@ -2743,7 +2769,8 @@
mbedtls_gcm_init( &gcm );
ret = mbedtls_gcm_setkey( &gcm, cipher_id,
- slot->data.raw.data, key_bits );
+ slot->data.raw.data,
+ (unsigned int) key_bits );
if( ret != 0 )
{
mbedtls_gcm_free( &gcm );
@@ -2775,7 +2802,8 @@
mbedtls_ccm_init( &ccm );
ret = mbedtls_ccm_setkey( &ccm, cipher_id,
- slot->data.raw.data, key_bits );
+ slot->data.raw.data,
+ (unsigned int) key_bits );
if( ret != 0 )
{
mbedtls_ccm_free( &ccm );
@@ -2882,7 +2910,7 @@
ret = mbedtls_rsa_gen_key( rsa,
mbedtls_ctr_drbg_random,
&global_data.ctr_drbg,
- bits,
+ (unsigned int) bits,
exponent );
if( ret != 0 )
{
@@ -2941,7 +2969,7 @@
void mbedtls_psa_crypto_free( void )
{
- size_t key;
+ psa_key_slot_t key;
for( key = 1; key < PSA_KEY_SLOT_COUNT; key++ )
psa_destroy_key( key );
mbedtls_ctr_drbg_free( &global_data.ctr_drbg );