From 2eab462a8cd298796143cc90e12f1397bcfbdb53 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 5 Oct 2023 13:30:37 +0100 Subject: [PATCH] Fix IAR warnings Signed-off-by: Dave Rodgman --- library/pk_wrap.c | 2 ++ library/ssl_ciphersuites.c | 6 +++--- library/ssl_tls.c | 9 +++++---- library/ssl_tls13_client.c | 6 +++--- library/ssl_tls13_generic.c | 8 ++++---- library/ssl_tls13_keys.c | 28 ++++++++++++++-------------- library/ssl_tls13_server.c | 9 +++++---- 7 files changed, 36 insertions(+), 32 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 4a3fef7cec..436876a5d5 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -208,9 +208,11 @@ static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg)); size_t rsa_len = mbedtls_rsa_get_len(rsa); +#if SIZE_MAX > UINT_MAX if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } +#endif if (sig_len < rsa_len) { return MBEDTLS_ERR_RSA_VERIFY_FAILED; diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 736b1423be..2368489df2 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -1920,7 +1920,7 @@ size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersui psa_algorithm_t alg; size_t key_bits; - status = mbedtls_ssl_cipher_to_psa(info->cipher, + status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) info->cipher, info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16, &alg, &key_type, &key_bits); @@ -1969,10 +1969,10 @@ psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_cip case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: return PSA_ALG_RSA_PKCS1V15_SIGN( - mbedtls_md_psa_alg_from_type(info->mac)); + mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(info->mac)); + return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: diff --git a/library/ssl_tls.c b/library/ssl_tls.c index fc3fb85d75..d3a7ddb42f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2427,7 +2427,8 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( psa_algorithm_t alg; psa_key_type_t type; size_t size; - status = mbedtls_ssl_cipher_to_psa(suite->cipher, 0, &alg, &type, &size); + status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) suite->cipher, + 0, &alg, &type, &size); if (status == PSA_SUCCESS) { base_mode = mbedtls_ssl_get_base_mode(alg); } @@ -6406,7 +6407,7 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake, mbedtls_svc_key_id_t psk; psa_key_derivation_operation_t derivation = PSA_KEY_DERIVATION_OPERATION_INIT; - mbedtls_md_type_t hash_alg = handshake->ciphersuite_info->mac; + mbedtls_md_type_t hash_alg = (mbedtls_md_type_t) handshake->ciphersuite_info->mac; MBEDTLS_SSL_DEBUG_MSG(2, ("perform PSA-based PSK-to-MS expansion")); @@ -8208,7 +8209,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, } #if defined(MBEDTLS_USE_PSA_CRYPTO) - if ((status = mbedtls_ssl_cipher_to_psa(ciphersuite_info->cipher, + if ((status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) ciphersuite_info->cipher, transform->taglen, &alg, &key_type, @@ -8227,7 +8228,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - mac_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); + mac_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); if (mac_alg == 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md_psa_alg_from_type for %u not found", (unsigned) ciphersuite_info->mac)); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index d018bee74a..c6fa3b3909 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -686,7 +686,7 @@ static psa_algorithm_t ssl_tls13_get_ciphersuite_hash_alg(int ciphersuite) ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite); if (ciphersuite_info != NULL) { - return mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); + return mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); } return PSA_ALG_NONE; @@ -1140,7 +1140,7 @@ static int ssl_tls13_parse_server_pre_shared_key_ext(mbedtls_ssl_context *ssl, return ret; } - if (mbedtls_md_psa_alg_from_type(ssl->handshake->ciphersuite_info->mac) + if (mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac) != hash_alg) { MBEDTLS_SSL_DEBUG_MSG( 1, ("Invalid ciphersuite for external psk.")); @@ -2858,7 +2858,7 @@ static int ssl_tls13_postprocess_new_session_ticket(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - psa_hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); + psa_hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); hash_length = PSA_HASH_LENGTH(psa_hash_alg); if (hash_length == -1 || (size_t) hash_length > sizeof(session->resumption_key)) { diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 81fa514f67..bf425018e9 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -369,7 +369,7 @@ int mbedtls_ssl_tls13_process_certificate_verify(mbedtls_ssl_context *ssl) */ ret = mbedtls_ssl_get_handshake_transcript( ssl, - ssl->handshake->ciphersuite_info->mac, + (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac, transcript, sizeof(transcript), &transcript_len); if (ret != 0) { @@ -967,7 +967,7 @@ cleanup: int mbedtls_ssl_tls13_check_sig_alg_cert_key_match(uint16_t sig_alg, mbedtls_pk_context *key) { - mbedtls_pk_type_t pk_type = mbedtls_ssl_sig_from_pk(key); + mbedtls_pk_type_t pk_type = (mbedtls_pk_type_t) mbedtls_ssl_sig_from_pk(key); size_t key_size = mbedtls_pk_get_bitlen(key); switch (pk_type) { @@ -1035,7 +1035,7 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, } ret = mbedtls_ssl_get_handshake_transcript( - ssl, ssl->handshake->ciphersuite_info->mac, + ssl, (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac, handshake_hash, sizeof(handshake_hash), &handshake_hash_len); if (ret != 0) { return ret; @@ -1464,7 +1464,7 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(3, ("Reset SSL session for HRR")); - ret = mbedtls_ssl_get_handshake_transcript(ssl, ciphersuite_info->mac, + ret = mbedtls_ssl_get_handshake_transcript(ssl, (mbedtls_md_type_t) ciphersuite_info->mac, hash_transcript + 4, PSA_HASH_MAX_SIZE, &hash_len); diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index afd84a9746..6905d926ac 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -685,7 +685,7 @@ static int ssl_tls13_key_schedule_stage_application(mbedtls_ssl_context *ssl) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_handshake_params *handshake = ssl->handshake; psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type( - handshake->ciphersuite_info->mac); + (mbedtls_md_type_t) handshake->ciphersuite_info->mac); /* * Compute MasterSecret @@ -797,10 +797,10 @@ int mbedtls_ssl_tls13_calculate_verify_data(mbedtls_ssl_context *ssl, mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets = &ssl->handshake->tls13_hs_secrets; - mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac; + mbedtls_md_type_t const md_type = (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac; psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type( - ssl->handshake->ciphersuite_info->mac); + (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac); size_t const hash_len = PSA_HASH_LENGTH(hash_alg); MBEDTLS_SSL_DEBUG_MSG(2, ("=> mbedtls_ssl_tls13_calculate_verify_data")); @@ -1059,7 +1059,7 @@ int mbedtls_ssl_tls13_populate_transform( /* * Setup psa keys and alg */ - if ((status = mbedtls_ssl_cipher_to_psa(ciphersuite_info->cipher, + if ((status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) ciphersuite_info->cipher, transform->taglen, &alg, &key_type, @@ -1118,7 +1118,7 @@ static int ssl_tls13_get_cipher_key_info( taglen = 16; } - status = mbedtls_ssl_cipher_to_psa(ciphersuite_info->cipher, taglen, + status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) ciphersuite_info->cipher, taglen, &alg, &key_type, &key_bits); if (status != PSA_SUCCESS) { return PSA_TO_MBEDTLS_ERR(status); @@ -1168,9 +1168,9 @@ static int ssl_tls13_generate_early_key(mbedtls_ssl_context *ssl, goto cleanup; } - md_type = ciphersuite_info->mac; + md_type = (mbedtls_md_type_t) ciphersuite_info->mac; - hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); + hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); hash_len = PSA_HASH_LENGTH(hash_alg); ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type, @@ -1298,7 +1298,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_early(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - hash_alg = mbedtls_md_psa_alg_from_type(handshake->ciphersuite_info->mac); + hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) handshake->ciphersuite_info->mac); #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len); @@ -1370,9 +1370,9 @@ static int ssl_tls13_generate_handshake_keys(mbedtls_ssl_context *ssl, return ret; } - md_type = ciphersuite_info->mac; + md_type = (mbedtls_md_type_t) ciphersuite_info->mac; - hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); + hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); hash_len = PSA_HASH_LENGTH(hash_alg); ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type, @@ -1480,7 +1480,7 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_handshake_params *handshake = ssl->handshake; psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type( - handshake->ciphersuite_info->mac); + (mbedtls_md_type_t) handshake->ciphersuite_info->mac); unsigned char *shared_secret = NULL; size_t shared_secret_len = 0; @@ -1617,9 +1617,9 @@ static int ssl_tls13_generate_application_keys( goto cleanup; } - md_type = handshake->ciphersuite_info->mac; + md_type = (mbedtls_md_type_t) handshake->ciphersuite_info->mac; - hash_alg = mbedtls_md_psa_alg_from_type(handshake->ciphersuite_info->mac); + hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) handshake->ciphersuite_info->mac); hash_len = PSA_HASH_LENGTH(hash_alg); /* Compute current handshake transcript. It's the caller's responsibility @@ -1767,7 +1767,7 @@ int mbedtls_ssl_tls13_compute_resumption_master_secret(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG( 2, ("=> mbedtls_ssl_tls13_compute_resumption_master_secret")); - md_type = handshake->ciphersuite_info->mac; + md_type = (mbedtls_md_type_t) handshake->ciphersuite_info->mac; ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type, transcript, sizeof(transcript), diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 89bba04b3a..b8201f086e 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -408,7 +408,8 @@ static int ssl_tls13_select_ciphersuite_for_psk( /* MAC of selected ciphersuite MUST be same with PSK binder if exist. * Otherwise, client should reject. */ - if (psk_hash_alg == mbedtls_md_psa_alg_from_type(ciphersuite_info->mac)) { + if (psk_hash_alg == + mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac)) { *selected_ciphersuite = cipher_suite; *selected_ciphersuite_info = ciphersuite_info; return 0; @@ -614,7 +615,7 @@ static int ssl_tls13_parse_pre_shared_key_ext( ret = ssl_tls13_offered_psks_check_binder_match( ssl, binder, binder_len, psk_type, - mbedtls_md_psa_alg_from_type(ciphersuite_info->mac)); + mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac)); if (ret != SSL_TLS1_3_OFFERED_PSK_MATCH) { /* For security reasons, the handshake should be aborted when we * fail to validate a binder value. See RFC 8446 section 4.2.11.2 @@ -2793,7 +2794,7 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, ciphersuite_info = (mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info; - psa_hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); + psa_hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); hash_length = PSA_HASH_LENGTH(psa_hash_alg); if (hash_length == -1 || (size_t) hash_length > sizeof(session->resumption_key)) { @@ -3015,7 +3016,7 @@ int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl) } MBEDTLS_SSL_DEBUG_MSG(2, ("tls13 server state: %s(%d)", - mbedtls_ssl_states_str(ssl->state), + mbedtls_ssl_states_str((mbedtls_ssl_states) ssl->state), ssl->state)); switch (ssl->state) {