TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 487bbf68053143cdcb27cc60a91caf7738d86b68^! / . / library
commit487bbf68053143cdcb27cc60a91caf7738d86b68[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Thu May 27 22:17:07 2021 +0200
committerGilles Peskine <Gilles.Peskine@arm.com>Tue Jun 15 00:12:37 2021 +0200
treeecad368d220314fbe6134c3bf3cfc6664096a7bd
parent85b1bc65a0f84aa6e453f316ce73e778b2cf8717 [diff]
DHM: new functions to query the length of the modulus

Add two functions mbedtls_dhm_get_len() and mbedtls_dhm_get_bitlen() to
query the length of the modulus in bytes or bits.

Remove the len field: the cost of calling mbedtls_dhm_get_len() each time
it's needed is negligible, and this improves the abstraction of the DHM
module.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

diff --git a/library/dhm.c b/library/dhm.c
index accd5a8..2543be1 100644
--- a/library/dhm.c
+++ b/library/dhm.c

@@ -124,6 +124,16 @@
     memset( ctx, 0, sizeof( mbedtls_dhm_context ) );
 }
 
+size_t mbedtls_dhm_get_bitlen( const mbedtls_dhm_context *ctx )
+{
+    return( mbedtls_mpi_bitlen( &ctx->P ) );
+}
+
+size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx )
+{
+    return( mbedtls_mpi_size( &ctx->P ) );
+}
+
 /*
  * Parse the ServerKeyExchange parameters
  */
@@ -144,8 +154,6 @@
     if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
         return( ret );
 
-    ctx->len = mbedtls_mpi_size( &ctx->P );
-
     return( 0 );
 }
 
@@ -247,8 +255,6 @@
 
     *olen = p - output;
 
-    ctx->len = n1;
-
 cleanup:
     if( ret != 0 && ret > -128 )
         ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED, ret );
@@ -273,7 +279,6 @@
         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_SET_GROUP_FAILED, ret ) );
     }
 
-    ctx->len = mbedtls_mpi_size( &ctx->P );
     return( 0 );
 }
 
@@ -287,7 +292,7 @@
     DHM_VALIDATE_RET( ctx != NULL );
     DHM_VALIDATE_RET( input != NULL );
 
-    if( ilen < 1 || ilen > ctx->len )
+    if( ilen < 1 || ilen > mbedtls_dhm_get_len( ctx ) )
         return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
 
     if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 )
@@ -309,7 +314,7 @@
     DHM_VALIDATE_RET( output != NULL );
     DHM_VALIDATE_RET( f_rng != NULL );
 
-    if( olen < 1 || olen > ctx->len )
+    if( olen < 1 || olen > mbedtls_dhm_get_len( ctx ) )
         return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
 
     ret = dhm_make_common( ctx, x_size, f_rng, p_rng );
@@ -408,7 +413,7 @@
     DHM_VALIDATE_RET( output != NULL );
     DHM_VALIDATE_RET( olen != NULL );
 
-    if( output_size < ctx->len )
+    if( output_size < mbedtls_dhm_get_len( ctx ) )
         return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
 
     if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
@@ -564,8 +569,6 @@
 
     ret = 0;
 
-    dhm->len = mbedtls_mpi_size( &dhm->P );
-
 exit:
 #if defined(MBEDTLS_PEM_PARSE_C)
     mbedtls_pem_free( &pem );

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 12ed0fb..1bacd64 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -2553,7 +2553,7 @@
         return( ret );
     }
 
-    dhm_actual_bitlen = mbedtls_mpi_bitlen( &ssl->handshake->dhm_ctx.P );
+    dhm_actual_bitlen = mbedtls_dhm_get_bitlen( &ssl->handshake->dhm_ctx );
     if( dhm_actual_bitlen < ssl->conf->dhm_min_bitlen )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u",
@@ -3588,14 +3588,14 @@
         /*
          * DHM key exchange -- send G^X mod P
          */
-        content_len = ssl->handshake->dhm_ctx.len;
+        content_len = mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx );
 
         ssl->out_msg[4] = (unsigned char)( content_len >> 8 );
         ssl->out_msg[5] = (unsigned char)( content_len      );
         header_len = 6;
 
         ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
-                          (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
+                          (int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ),
                           &ssl->out_msg[header_len], content_len,
                           ssl->conf->f_rng, ssl->conf->p_rng );
         if( ret != 0 )
@@ -3848,7 +3848,7 @@
             /*
              * ClientDiffieHellmanPublic public (DHM send G^X mod P)
              */
-            content_len = ssl->handshake->dhm_ctx.len;
+            content_len = mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx );
 
             if( header_len + 2 + content_len >
                 MBEDTLS_SSL_OUT_CONTENT_LEN )
@@ -3862,7 +3862,7 @@
             ssl->out_msg[header_len++] = (unsigned char)( content_len      );
 
             ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
-                    (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
+                    (int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ),
                     &ssl->out_msg[header_len], content_len,
                     ssl->conf->f_rng, ssl->conf->p_rng );
             if( ret != 0 )

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 4fe6b02..cf4b7c5 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -3049,7 +3049,7 @@
 
         if( ( ret = mbedtls_dhm_make_params(
                   &ssl->handshake->dhm_ctx,
-                  (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
+                  (int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ),
                   ssl->out_msg + ssl->out_msglen, &len,
                   ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
         {