From 0064484a701bf17cd699019bada172e90ee8793e Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 30 May 2023 05:45:00 -0400 Subject: [PATCH 1/7] Optimize error translation code size Introducing an intermediate function saves code size that's otherwise taken by excessive, repeated arguments in each place that was translating errors. Signed-off-by: Andrzej Kurek --- library/constant_time.c | 12 +++++++++--- library/lmots.c | 12 +++++++++--- library/lms.c | 12 +++++++++--- library/ssl_cookie.c | 12 +++++++++--- library/ssl_msg.c | 12 +++++++++--- library/ssl_ticket.c | 12 +++++++++--- library/ssl_tls.c | 23 +++++++++++++++++------ library/ssl_tls12_client.c | 12 +++++++++--- library/ssl_tls12_server.c | 12 +++++++++--- library/ssl_tls13_client.c | 13 +++++++++---- library/ssl_tls13_generic.c | 12 +++++++++--- library/ssl_tls13_keys.c | 12 +++++++++--- 12 files changed, 116 insertions(+), 40 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index c823b78894..fa0d898954 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -47,9 +47,15 @@ #include #if defined(MBEDTLS_USE_PSA_CRYPTO) -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) +/* Define a local translating function to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_ssl_errors, + sizeof(psa_to_ssl_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #endif /* diff --git a/library/lmots.c b/library/lmots.c index 4061edde04..a3bfff89f8 100644 --- a/library/lmots.c +++ b/library/lmots.c @@ -45,9 +45,15 @@ #include "psa/crypto.h" -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_lms_errors, \ - psa_generic_status_to_mbedtls) +/* Define a local translating function to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_lms_errors, + sizeof(psa_to_lms_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #define PUBLIC_KEY_TYPE_OFFSET (0) #define PUBLIC_KEY_I_KEY_ID_OFFSET (PUBLIC_KEY_TYPE_OFFSET + \ diff --git a/library/lms.c b/library/lms.c index acc3523314..50595703de 100644 --- a/library/lms.c +++ b/library/lms.c @@ -46,9 +46,15 @@ #include "mbedtls/platform.h" -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_lms_errors, \ - psa_generic_status_to_mbedtls) +/* Define a local translating function to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_lms_errors, + sizeof(psa_to_lms_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #define SIG_Q_LEAF_ID_OFFSET (0) #define SIG_OTS_SIG_OFFSET (SIG_Q_LEAF_ID_OFFSET + \ diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index ae7a4204ca..371edce3a9 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -37,9 +37,15 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "md_psa.h" -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) +/* Define a local translating function to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_ssl_errors, + sizeof(psa_to_ssl_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #endif /* diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 18c19f93ef..f1906570c5 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -49,9 +49,15 @@ #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) +/* Define a local translating function to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_ssl_errors, + sizeof(psa_to_ssl_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #endif static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl); diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 7d07d191fd..54c00cc0c6 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -31,9 +31,15 @@ #include #if defined(MBEDTLS_USE_PSA_CRYPTO) -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) +/* Define a local translating function to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_ssl_errors, + sizeof(psa_to_ssl_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #endif /* diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f0067f4b2d..7601e5b117 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -51,12 +51,23 @@ #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) -#define PSA_TO_MD_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_md_errors, \ - psa_generic_status_to_mbedtls) +/* Define local translating functions to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_ssl_errors, + sizeof(psa_to_ssl_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) + +static int local_md_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_md_errors, + sizeof(psa_to_md_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MD_ERR(status) local_md_translation(status) #endif #if defined(MBEDTLS_TEST_HOOKS) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index fc96dae1e2..75b79bfadf 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -33,9 +33,15 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "mbedtls/psa_util.h" #include "psa/crypto.h" -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) +/* Define a local translating function to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_ssl_errors, + sizeof(psa_to_ssl_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #endif /* MBEDTLS_USE_PSA_CRYPTO */ #include diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 30c35f3a45..d29aa8d437 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -34,9 +34,15 @@ #include #if defined(MBEDTLS_USE_PSA_CRYPTO) -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) +/* Define a local translating function to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_ssl_errors, + sizeof(psa_to_ssl_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #endif #if defined(MBEDTLS_ECP_C) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 3dffc1df4a..64d905cbea 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -35,10 +35,15 @@ #include "ssl_debug_helpers.h" #include "md_psa.h" -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) - +/* Define a local translating function to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_ssl_errors, + sizeof(psa_to_ssl_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) /* Write extensions */ /* diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index a59f01c3e0..48e6f76e9d 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -39,9 +39,15 @@ #include "psa/crypto.h" #include "mbedtls/psa_util.h" -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) +/* Define a local translating function to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_ssl_errors, + sizeof(psa_to_ssl_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[ MBEDTLS_SERVER_HELLO_RANDOM_LEN] = diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 540f854a84..08d10a3549 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -36,9 +36,15 @@ #include "psa/crypto.h" #include "md_psa.h" -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) +/* Define a local translating function to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_ssl_errors, + sizeof(psa_to_ssl_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ .name = string, From 1c7a99856f965f3e2049c924446783f1094c75be Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 30 May 2023 09:21:20 -0400 Subject: [PATCH 2/7] Add missing ifdefs Make sure that the error translating functions are only defined when they're used. Signed-off-by: Andrzej Kurek --- library/constant_time.c | 4 +++- library/ssl_tls12_client.c | 2 ++ library/ssl_tls12_server.c | 3 +++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/library/constant_time.c b/library/constant_time.c index fa0d898954..9b2a47758f 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -46,7 +46,9 @@ #endif #include -#if defined(MBEDTLS_USE_PSA_CRYPTO) + +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) +#include "psa/crypto.h" /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 75b79bfadf..ade68a9272 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -33,6 +33,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "mbedtls/psa_util.h" #include "psa/crypto.h" +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) @@ -42,6 +43,7 @@ static int local_err_translation(psa_status_t status) psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) +#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ #endif /* MBEDTLS_USE_PSA_CRYPTO */ #include diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index d29aa8d437..03f9eea856 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -36,6 +36,8 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, @@ -44,6 +46,7 @@ static int local_err_translation(psa_status_t status) } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #endif +#endif #if defined(MBEDTLS_ECP_C) #include "mbedtls/ecp.h" From b22b9778c7aeeae70a978819dd401a874c54038c Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 30 May 2023 09:44:20 -0400 Subject: [PATCH 3/7] Move the ARRAY_LENGTH definition to common.h Reuse it in the library and tests. Signed-off-by: Andrzej Kurek --- library/common.h | 38 +++++++++++++++++++++++++++ library/psa_crypto.c | 2 -- library/psa_crypto_slot_management.c | 2 -- library/sha512.c | 2 -- library/ssl_tls.c | 2 -- tests/include/test/macros.h | 39 ---------------------------- tests/src/psa_crypto_helpers.c | 1 + 7 files changed, 39 insertions(+), 47 deletions(-) diff --git a/library/common.h b/library/common.h index eb159a7c48..68af8405ed 100644 --- a/library/common.h +++ b/library/common.h @@ -65,6 +65,44 @@ extern void (*mbedtls_test_hook_test_fail)(const char *test, int line, const cha #define MBEDTLS_TEST_HOOK_TEST_ASSERT(TEST) #endif /* defined(MBEDTLS_TEST_HOOKS) */ +/** \def ARRAY_LENGTH + * Return the number of elements of a static or stack array. + * + * \param array A value of array (not pointer) type. + * + * \return The number of elements of the array. + */ +/* A correct implementation of ARRAY_LENGTH, but which silently gives + * a nonsensical result if called with a pointer rather than an array. */ +#define ARRAY_LENGTH_UNSAFE(array) \ + (sizeof(array) / sizeof(*(array))) + +#if defined(__GNUC__) +/* Test if arg and &(arg)[0] have the same type. This is true if arg is + * an array but not if it's a pointer. */ +#define IS_ARRAY_NOT_POINTER(arg) \ + (!__builtin_types_compatible_p(__typeof__(arg), \ + __typeof__(&(arg)[0]))) +/* A compile-time constant with the value 0. If `const_expr` is not a + * compile-time constant with a nonzero value, cause a compile-time error. */ +#define STATIC_ASSERT_EXPR(const_expr) \ + (0 && sizeof(struct { unsigned int STATIC_ASSERT : 1 - 2 * !(const_expr); })) + +/* Return the scalar value `value` (possibly promoted). This is a compile-time + * constant if `value` is. `condition` must be a compile-time constant. + * If `condition` is false, arrange to cause a compile-time error. */ +#define STATIC_ASSERT_THEN_RETURN(condition, value) \ + (STATIC_ASSERT_EXPR(condition) ? 0 : (value)) + +#define ARRAY_LENGTH(array) \ + (STATIC_ASSERT_THEN_RETURN(IS_ARRAY_NOT_POINTER(array), \ + ARRAY_LENGTH_UNSAFE(array))) + +#else +/* If we aren't sure the compiler supports our non-standard tricks, + * fall back to the unsafe implementation. */ +#define ARRAY_LENGTH(array) ARRAY_LENGTH_UNSAFE(array) +#endif /** Allow library to access its structs' private members. * * Although structs defined in header files are publicly available, diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 399e7f3879..f735d88aa3 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -84,8 +84,6 @@ #include "mbedtls/sha512.h" #include "md_psa.h" -#define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array))) - #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index a7cb9b513a..a10cb2b476 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -36,8 +36,6 @@ #include #include "mbedtls/platform.h" -#define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array))) - typedef struct { psa_key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT]; unsigned key_slots_initialized : 1; diff --git a/library/sha512.c b/library/sha512.c index b8b24854d7..ff92a1b81b 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -1001,8 +1001,6 @@ static sha_test_sum_t sha512_test_sum[] = }; #endif /* MBEDTLS_SHA512_C */ -#define ARRAY_LENGTH(a) (sizeof(a) / sizeof((a)[0])) - static int mbedtls_sha512_common_self_test(int verbose, int is384) { int i, buflen, ret = 0; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7601e5b117..fc44dbe28c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -759,8 +759,6 @@ void mbedtls_ssl_print_extensions(const mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) -#define ARRAY_LENGTH(a) (sizeof(a) / sizeof(*(a))) - static const char *ticket_flag_name_table[] = { [0] = "ALLOW_PSK_RESUMPTION", diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index ab8260b759..01eaff5c20 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -196,45 +196,6 @@ mbedtls_exit(1); \ } -/** \def ARRAY_LENGTH - * Return the number of elements of a static or stack array. - * - * \param array A value of array (not pointer) type. - * - * \return The number of elements of the array. - */ -/* A correct implementation of ARRAY_LENGTH, but which silently gives - * a nonsensical result if called with a pointer rather than an array. */ -#define ARRAY_LENGTH_UNSAFE(array) \ - (sizeof(array) / sizeof(*(array))) - -#if defined(__GNUC__) -/* Test if arg and &(arg)[0] have the same type. This is true if arg is - * an array but not if it's a pointer. */ -#define IS_ARRAY_NOT_POINTER(arg) \ - (!__builtin_types_compatible_p(__typeof__(arg), \ - __typeof__(&(arg)[0]))) -/* A compile-time constant with the value 0. If `const_expr` is not a - * compile-time constant with a nonzero value, cause a compile-time error. */ -#define STATIC_ASSERT_EXPR(const_expr) \ - (0 && sizeof(struct { unsigned int STATIC_ASSERT : 1 - 2 * !(const_expr); })) - -/* Return the scalar value `value` (possibly promoted). This is a compile-time - * constant if `value` is. `condition` must be a compile-time constant. - * If `condition` is false, arrange to cause a compile-time error. */ -#define STATIC_ASSERT_THEN_RETURN(condition, value) \ - (STATIC_ASSERT_EXPR(condition) ? 0 : (value)) - -#define ARRAY_LENGTH(array) \ - (STATIC_ASSERT_THEN_RETURN(IS_ARRAY_NOT_POINTER(array), \ - ARRAY_LENGTH_UNSAFE(array))) - -#else -/* If we aren't sure the compiler supports our non-standard tricks, - * fall back to the unsafe implementation. */ -#define ARRAY_LENGTH(array) ARRAY_LENGTH_UNSAFE(array) -#endif - /** Return the smaller of two values. * * \param x An integer-valued expression without side effects. diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c index 77c2f89764..8f58d4dc16 100644 --- a/tests/src/psa_crypto_helpers.c +++ b/tests/src/psa_crypto_helpers.c @@ -24,6 +24,7 @@ #include #include #include +#include "common.h" #if defined(MBEDTLS_PSA_CRYPTO_C) From 1e4a030b003ef813f179d66be1fd0cd88cdfe306 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 30 May 2023 09:45:17 -0400 Subject: [PATCH 4/7] Fix wrong array size calculation in error translation code Signed-off-by: Andrzej Kurek --- library/constant_time.c | 2 +- library/lmots.c | 2 +- library/lms.c | 2 +- library/ssl_cookie.c | 2 +- library/ssl_msg.c | 2 +- library/ssl_ticket.c | 2 +- library/ssl_tls.c | 4 ++-- library/ssl_tls12_client.c | 2 +- library/ssl_tls12_server.c | 2 +- library/ssl_tls13_client.c | 2 +- library/ssl_tls13_generic.c | 2 +- library/ssl_tls13_keys.c | 2 +- 12 files changed, 13 insertions(+), 13 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index 9b2a47758f..f1dbd04e62 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -54,7 +54,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, - sizeof(psa_to_ssl_errors), + ARRAY_LENGTH(psa_to_ssl_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) diff --git a/library/lmots.c b/library/lmots.c index a3bfff89f8..4ef2c5178e 100644 --- a/library/lmots.c +++ b/library/lmots.c @@ -50,7 +50,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_lms_errors, - sizeof(psa_to_lms_errors), + ARRAY_LENGTH(psa_to_lms_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) diff --git a/library/lms.c b/library/lms.c index 50595703de..823ce09f89 100644 --- a/library/lms.c +++ b/library/lms.c @@ -51,7 +51,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_lms_errors, - sizeof(psa_to_lms_errors), + ARRAY_LENGTH(psa_to_lms_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 371edce3a9..098acedd3b 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -42,7 +42,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, - sizeof(psa_to_ssl_errors), + ARRAY_LENGTH(psa_to_ssl_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index f1906570c5..e9050230b3 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -54,7 +54,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, - sizeof(psa_to_ssl_errors), + ARRAY_LENGTH(psa_to_ssl_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 54c00cc0c6..1adaa07fe2 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -36,7 +36,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, - sizeof(psa_to_ssl_errors), + ARRAY_LENGTH(psa_to_ssl_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index fc44dbe28c..9f3b3be3f9 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -56,7 +56,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, - sizeof(psa_to_ssl_errors), + ARRAY_LENGTH(psa_to_ssl_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) @@ -64,7 +64,7 @@ static int local_err_translation(psa_status_t status) static int local_md_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_md_errors, - sizeof(psa_to_md_errors), + ARRAY_LENGTH(psa_to_md_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MD_ERR(status) local_md_translation(status) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index ade68a9272..28f9cdbff4 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -39,7 +39,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, - sizeof(psa_to_ssl_errors), + ARRAY_LENGTH(psa_to_ssl_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 03f9eea856..9e122d6b89 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -41,7 +41,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, - sizeof(psa_to_ssl_errors), + ARRAY_LENGTH(psa_to_ssl_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 64d905cbea..eb733b3a98 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -40,7 +40,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, - sizeof(psa_to_ssl_errors), + ARRAY_LENGTH(psa_to_ssl_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 48e6f76e9d..e58c3e5b87 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -44,7 +44,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, - sizeof(psa_to_ssl_errors), + ARRAY_LENGTH(psa_to_ssl_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 08d10a3549..81daf0a8b6 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -41,7 +41,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, - sizeof(psa_to_ssl_errors), + ARRAY_LENGTH(psa_to_ssl_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) From f1b659ed62e9c9de1796d753d952a180699976a0 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 30 May 2023 09:45:17 -0400 Subject: [PATCH 5/7] Move an include ARRAY_LENGTH macro was previously present in macros.h, so move the include there. Signed-off-by: Andrzej Kurek --- tests/include/test/macros.h | 1 + tests/src/psa_crypto_helpers.c | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index 01eaff5c20..ae84ec2363 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -33,6 +33,7 @@ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #include "mbedtls/memory_buffer_alloc.h" #endif +#include "common.h" /** * \brief This macro tests the expression passed to it as a test step or diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c index 8f58d4dc16..77c2f89764 100644 --- a/tests/src/psa_crypto_helpers.c +++ b/tests/src/psa_crypto_helpers.c @@ -24,7 +24,6 @@ #include #include #include -#include "common.h" #if defined(MBEDTLS_PSA_CRYPTO_C) From a6033ac431503d7de23c4dfb497051715bcba1fe Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 30 May 2023 15:16:34 -0400 Subject: [PATCH 6/7] Add missing guards in tls 1.3 Error translation is only used with these defines on. Signed-off-by: Andrzej Kurek --- library/ssl_tls13_client.c | 3 +++ library/ssl_tls13_generic.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index eb733b3a98..6ec3170076 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -35,6 +35,7 @@ #include "ssl_debug_helpers.h" #include "md_psa.h" +#if defined(PSA_WANT_ALG_ECDH) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) @@ -44,6 +45,8 @@ static int local_err_translation(psa_status_t status) psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) +#endif + /* Write extensions */ /* diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index e58c3e5b87..fa193ffb63 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -39,6 +39,8 @@ #include "psa/crypto.h" #include "mbedtls/psa_util.h" +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \ + defined(PSA_WANT_ALG_ECDH) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) @@ -48,6 +50,7 @@ static int local_err_translation(psa_status_t status) psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) +#endif const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[ MBEDTLS_SERVER_HELLO_RANDOM_LEN] = From 15ddda9ff8a2f8e92fff104335f9afb58d129d72 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 14 Jun 2023 07:37:46 -0400 Subject: [PATCH 7/7] Remove PSA_TO_MD_ERR from ssl_tls.c Signed-off-by: Andrzej Kurek --- library/ssl_tls.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9f3b3be3f9..bc9f4f8ee0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -60,14 +60,6 @@ static int local_err_translation(psa_status_t status) psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) - -static int local_md_translation(psa_status_t status) -{ - return psa_status_to_mbedtls(status, psa_to_md_errors, - ARRAY_LENGTH(psa_to_md_errors), - psa_generic_status_to_mbedtls); -} -#define PSA_TO_MD_ERR(status) local_md_translation(status) #endif #if defined(MBEDTLS_TEST_HOOKS)