mbedtls_ecp_write_key_ext(): migrate internally
Stop using mbedtls_ecp_write_key() except to test it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/library/pk.c b/library/pk.c
index 1ded487..c647b45 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -1401,8 +1401,7 @@
mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk);
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- d_len = PSA_BITS_TO_BYTES(ec->grp.nbits);
- if ((ret = mbedtls_ecp_write_key(ec, d, d_len)) != 0) {
+ if ((ret = mbedtls_ecp_write_key_ext(ec, &d_len, d, sizeof(d))) != 0) {
return ret;
}
diff --git a/library/pkwrite.c b/library/pkwrite.c
index b9ddcf1..5e009c5 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -202,7 +202,7 @@
mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk);
byte_length = (ec->grp.pbits + 7) / 8;
- ret = mbedtls_ecp_write_key(ec, tmp, byte_length);
+ ret = mbedtls_ecp_write_key_ext(ec, &byte_length, tmp, sizeof(tmp));
if (ret != 0) {
goto exit;
}
diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c
index 7edea81..e373ad9 100644
--- a/library/psa_crypto_ecp.c
+++ b/library/psa_crypto_ecp.c
@@ -281,20 +281,8 @@
return status;
} else {
- if (data_size < PSA_BITS_TO_BYTES(ecp->grp.nbits)) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
status = mbedtls_to_psa_error(
- mbedtls_ecp_write_key(ecp,
- data,
- PSA_BITS_TO_BYTES(ecp->grp.nbits)));
- if (status == PSA_SUCCESS) {
- *data_length = PSA_BITS_TO_BYTES(ecp->grp.nbits);
- } else {
- memset(data, 0, data_size);
- }
-
+ mbedtls_ecp_write_key_ext(ecp, data_length, data, data_size));
return status;
}
}
@@ -359,14 +347,11 @@
}
status = mbedtls_to_psa_error(
- mbedtls_ecp_write_key(&ecp, key_buffer, key_buffer_size));
+ mbedtls_ecp_write_key_ext(&ecp, key_buffer_length,
+ key_buffer, key_buffer_size));
mbedtls_ecp_keypair_free(&ecp);
- if (status == PSA_SUCCESS) {
- *key_buffer_length = key_buffer_size;
- }
-
return status;
}
#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 53a9ce2..5bee188 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -2703,8 +2703,7 @@
PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type));
psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits);
- key_len = PSA_BITS_TO_BYTES(key->grp.pbits);
- ret = mbedtls_ecp_write_key(key, buf, key_len);
+ ret = mbedtls_ecp_write_key_ext(key, &key_len, buf, sizeof(buf));
if (ret != 0) {
mbedtls_platform_zeroize(buf, sizeof(buf));
break;