DHM: new functions to query the length of the modulus

Add two functions mbedtls_dhm_get_len() and mbedtls_dhm_get_bitlen() to query the length of the modulus in bytes or bits. Remove the len field: the cost of calling mbedtls_dhm_get_len() each time it's needed is negligible, and this improves the abstraction of the DHM module. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-27 22:17:07 +02:00 · 2021-05-27 22:17:07 +02:00 · 487bbf6805
commit 487bbf6805
parent 85b1bc65a0
9 changed files with 58 additions and 26 deletions
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -2553,7 +2553,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
        return( ret );
    }

-    dhm_actual_bitlen = mbedtls_mpi_bitlen( &ssl->handshake->dhm_ctx.P );
+    dhm_actual_bitlen = mbedtls_dhm_get_bitlen( &ssl->handshake->dhm_ctx );
    if( dhm_actual_bitlen < ssl->conf->dhm_min_bitlen )
    {
        MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u",
@ -3588,14 +3588,14 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
        /*
         * DHM key exchange -- send G^X mod P
         */
-        content_len = ssl->handshake->dhm_ctx.len;
+        content_len = mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx );

        ssl->out_msg[4] = (unsigned char)( content_len >> 8 );
        ssl->out_msg[5] = (unsigned char)( content_len      );
        header_len = 6;

        ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
-                          (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
+                          (int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ),
                          &ssl->out_msg[header_len], content_len,
                          ssl->conf->f_rng, ssl->conf->p_rng );
        if( ret != 0 )
@ -3848,7 +3848,7 @@ ecdh_calc_secret:
            /*
             * ClientDiffieHellmanPublic public (DHM send G^X mod P)
             */
-            content_len = ssl->handshake->dhm_ctx.len;
+            content_len = mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx );

            if( header_len + 2 + content_len >
                MBEDTLS_SSL_OUT_CONTENT_LEN )
@ -3862,7 +3862,7 @@ ecdh_calc_secret:
            ssl->out_msg[header_len++] = (unsigned char)( content_len      );

            ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
-                    (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
+                    (int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ),
                    &ssl->out_msg[header_len], content_len,
                    ssl->conf->f_rng, ssl->conf->p_rng );
            if( ret != 0 )