Add static assert check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c04470c..c621e41 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -25,6 +25,8 @@
#if defined(MBEDTLS_SSL_TLS_C)
+#include <assert.h>
+
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
@@ -3160,35 +3162,35 @@
{
const int *md;
const int *sig_hashes = ssl->conf->sig_hashes;
- size_t sig_algs_len = sizeof( uint16_t );
- size_t sig_algs_len_per_hash = 0;
+ size_t sig_algs_len = 0;
uint16_t *p;
-#if defined(MBEDTLS_ECDSA_C)
- sig_algs_len_per_hash += sizeof( uint16_t );
-#endif
-#if defined(MBEDTLS_RSA_C)
- sig_algs_len_per_hash += sizeof( uint16_t );
+#if defined(static_assert)
+ static_assert( MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN
+ <= ( SIZE_MAX - ( 2 * sizeof(uint16_t) ) ),
+ "MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN too big" );
#endif
for( md = sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
{
if( mbedtls_ssl_hash_from_md_alg( *md ) == MBEDTLS_SSL_HASH_NONE )
continue;
- if( sig_algs_len >
- ( MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN + sizeof( uint16_t )
- - sig_algs_len_per_hash ) )
- {
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
- }
+#if defined(MBEDTLS_ECDSA_C)
+ sig_algs_len += sizeof( uint16_t );
+#endif
- sig_algs_len += sig_algs_len_per_hash;
+#if defined(MBEDTLS_RSA_C)
+ sig_algs_len += sizeof( uint16_t );
+#endif
+ if( sig_algs_len > MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
}
- if( sig_algs_len < MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN + sizeof( uint16_t ))
+ if( sig_algs_len < MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
- ssl->handshake->sig_algs = mbedtls_calloc( 1, sig_algs_len );
+ ssl->handshake->sig_algs = mbedtls_calloc( 1, sig_algs_len +
+ sizeof( uint16_t ));
if( ssl->handshake->sig_algs == NULL )
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );