Merge pull request #8277 from mpg/cl-ffdh-psa

Fix ChangeLog entry for FFDH in PSA
diff --git a/library/bignum.c b/library/bignum.c
index 61353ca..70e751b 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -131,15 +131,17 @@
 
     MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n));
 
-    mbedtls_ct_condition_t do_assign = mbedtls_ct_bool(assign);
+    {
+        mbedtls_ct_condition_t do_assign = mbedtls_ct_bool(assign);
 
-    X->s = (int) mbedtls_ct_uint_if(do_assign, Y->s, X->s);
+        X->s = (int) mbedtls_ct_uint_if(do_assign, Y->s, X->s);
 
-    mbedtls_mpi_core_cond_assign(X->p, Y->p, Y->n, do_assign);
+        mbedtls_mpi_core_cond_assign(X->p, Y->p, Y->n, do_assign);
 
-    mbedtls_ct_condition_t do_not_assign = mbedtls_ct_bool_not(do_assign);
-    for (size_t i = Y->n; i < X->n; i++) {
-        X->p[i] = mbedtls_ct_mpi_uint_if_else_0(do_not_assign, X->p[i]);
+        mbedtls_ct_condition_t do_not_assign = mbedtls_ct_bool_not(do_assign);
+        for (size_t i = Y->n; i < X->n; i++) {
+            X->p[i] = mbedtls_ct_mpi_uint_if_else_0(do_not_assign, X->p[i]);
+        }
     }
 
 cleanup:
@@ -386,7 +388,7 @@
 
 /* Convert x to a sign, i.e. to 1, if x is positive, or -1, if x is negative.
  * This looks awkward but generates smaller code than (x < 0 ? -1 : 1) */
-#define TO_SIGN(x) ((((mbedtls_mpi_uint) x) >> (biL - 1)) * -2 + 1)
+#define TO_SIGN(x) ((mbedtls_mpi_sint) (((mbedtls_mpi_uint) x) >> (biL - 1)) * -2 + 1)
 
 /*
  * Set value from integer
diff --git a/library/pk.c b/library/pk.c
index 03c1e35..96b8ef9 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -514,9 +514,11 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const mbedtls_pk_rsassa_pss_options *pss_opts;
 
+#if SIZE_MAX > UINT_MAX
     if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
         return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
     }
+#endif
 
     if (options == NULL) {
         return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index e67138b..4a3fef7 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -262,9 +262,11 @@
     mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx;
     size_t rsa_len = mbedtls_rsa_get_len(rsa);
 
+#if SIZE_MAX > UINT_MAX
     if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
         return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
     }
+#endif
 
     if (sig_len < rsa_len) {
         return MBEDTLS_ERR_RSA_VERIFY_FAILED;
@@ -382,9 +384,11 @@
 {
     mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx;
 
+#if SIZE_MAX > UINT_MAX
     if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
         return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
     }
+#endif
 
     *sig_len = mbedtls_rsa_get_len(rsa);
     if (sig_size < *sig_len) {
@@ -1565,9 +1569,11 @@
 {
     mbedtls_rsa_alt_context *rsa_alt = pk->pk_ctx;
 
+#if SIZE_MAX > UINT_MAX
     if (UINT_MAX < hash_len) {
         return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
     }
+#endif
 
     *sig_len = rsa_alt->key_len_func(rsa_alt->key);
     if (*sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE) {
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index 508a68b..065e55a 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -328,9 +328,11 @@
     /* The Mbed TLS RSA module uses an unsigned int for hash length
      * parameters. Validate that it fits so that we don't risk an
      * overflow later. */
+#if SIZE_MAX > UINT_MAX
     if (hash_length > UINT_MAX) {
         return PSA_ERROR_INVALID_ARGUMENT;
     }
+#endif
 
     /* For signatures using a hash, the hash length must be correct. */
     if (alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW) {
diff --git a/library/sha256.c b/library/sha256.c
index 5375255..223badf 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -681,6 +681,7 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     uint32_t used;
     uint32_t high, low;
+    int truncated = 0;
 
     /*
      * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
@@ -728,7 +729,6 @@
     MBEDTLS_PUT_UINT32_BE(ctx->state[5], output, 20);
     MBEDTLS_PUT_UINT32_BE(ctx->state[6], output, 24);
 
-    int truncated = 0;
 #if defined(MBEDTLS_SHA224_C)
     truncated = ctx->is224;
 #endif
diff --git a/library/sha512.c b/library/sha512.c
index a91d792..e739af2 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -828,6 +828,7 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned used;
     uint64_t high, low;
+    int truncated = 0;
 
     /*
      * Add padding: 0x80 then 0x00 until 16 bytes remain for the length
@@ -874,7 +875,6 @@
     sha512_put_uint64_be(ctx->state[4], output, 32);
     sha512_put_uint64_be(ctx->state[5], output, 40);
 
-    int truncated = 0;
 #if defined(MBEDTLS_SHA384_C)
     truncated = ctx->is384;
 #endif
diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
index 3d116b3..de16284 100644
--- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
+++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
@@ -492,7 +492,8 @@
 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
     }
 
-    return( PSA_ERROR_INVALID_ARGUMENT );
+    /* Can't happen (see discussion in #8271) */
+    return 0;
 }
 
 static inline uint32_t psa_driver_wrapper_verify_hash_get_num_ops(
@@ -516,7 +517,8 @@
 
     }
 
-    return( PSA_ERROR_INVALID_ARGUMENT );
+    /* Can't happen (see discussion in #8271) */
+    return 0;
 }
 
 static inline psa_status_t psa_driver_wrapper_sign_hash_start(
@@ -525,9 +527,7 @@
     size_t key_buffer_size, psa_algorithm_t alg,
     const uint8_t *hash, size_t hash_length )
 {
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_location_t location =
-                                  PSA_KEY_LIFETIME_GET_LOCATION(
+    psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
                                                     attributes->core.lifetime );
 
     switch( location )
@@ -558,18 +558,8 @@
 
         default:
             /* Key is declared with a lifetime not known to us */
-            ( void ) status;
             return( PSA_ERROR_INVALID_ARGUMENT );
     }
-
-    ( void ) operation;
-    ( void ) key_buffer;
-    ( void ) key_buffer_size;
-    ( void ) alg;
-    ( void ) hash;
-    ( void ) hash_length;
-
-        return( status );
 }
 
 static inline psa_status_t psa_driver_wrapper_sign_hash_complete(
@@ -625,8 +615,6 @@
     const uint8_t *hash, size_t hash_length,
     const uint8_t *signature, size_t signature_length )
 {
-
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
                                                     attributes->core.lifetime );
 
@@ -660,20 +648,8 @@
 
         default:
             /* Key is declared with a lifetime not known to us */
-            ( void ) status;
             return( PSA_ERROR_INVALID_ARGUMENT );
     }
-
-    ( void ) operation;
-    ( void ) key_buffer;
-    ( void ) key_buffer_size;
-    ( void ) alg;
-    ( void ) hash;
-    ( void ) hash_length;
-    ( void ) signature;
-    ( void ) signature_length;
-
-    return( status );
 }
 
 static inline psa_status_t psa_driver_wrapper_verify_hash_complete(
@@ -2724,6 +2700,7 @@
         case PSA_KEY_LOCATION_LOCAL_STORAGE:
             /* Key is stored in the slot in export representation, so
              * cycle through all known transparent accelerators */
+            status = PSA_ERROR_NOT_SUPPORTED;
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
             status = mbedtls_test_transparent_pake_setup(
@@ -2741,15 +2718,12 @@
                         inputs );
             if( status == PSA_SUCCESS )
                 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
-            return status;
 #endif
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return status;
         /* Add cases for opaque driver here */
         default:
             /* Key is declared with a lifetime not known to us */
             (void)operation;
-            (void)inputs;
-            (void)status;
             return( PSA_ERROR_INVALID_ARGUMENT );
     }
 }