From 1337a4f334854f9482b80244b4a90f7df7694773 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 30 Jan 2023 15:54:55 +0100 Subject: [PATCH] pk_wrap: use specific lengths for EC's private key and key-pair Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 3 +++ library/pk_wrap.c | 6 ++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index dc74ac60c..f6070dcba 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -257,6 +257,9 @@ static inline int mbedtls_psa_get_ecc_oid_from_id( #define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH \ PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) +#define MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH \ + PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) + /* Expose whatever RNG the PSA subsystem uses to applications using the * mbedtls_xxx API. The declarations and definitions here need to be * consistent with the implementation in library/psa_crypto_random_impl.h. diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 525f6bc90..6fba6e9b2 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -692,8 +692,7 @@ static int ecdsa_verify_wrap(void *ctx_arg, mbedtls_md_type_t md_alg, /* This buffer contains first the public key (consisting of two public * points plus a header byte), then the signature (consisting of two * public points). Size it for the public key which is one byte larger. */ - unsigned char buf[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE( - PSA_VENDOR_ECC_MAX_CURVE_BITS )]; + unsigned char buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; unsigned char *p; psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY; size_t curve_bits; @@ -876,8 +875,7 @@ static int ecdsa_sign_wrap(void *ctx_arg, mbedtls_md_type_t md_alg, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; - unsigned char buf[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE( - PSA_VENDOR_ECC_MAX_CURVE_BITS )]; + unsigned char buf[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; #if defined(MBEDTLS_ECDSA_DETERMINISTIC) psa_algorithm_t psa_sig_md = PSA_ALG_DETERMINISTIC_ECDSA( mbedtls_hash_info_psa_from_md( md_alg ) );