commit c29df535eea63765e6a0fa91da4a736595fe9898
author Gilles Peskine <Gilles.Peskine@arm.com> Mon Oct 02 14:59:26 2023 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Mon Oct 02 15:02:39 2023 +0200
tree 3ebc8fe72e6bbc9b8480f97aaad0457654a388cc
parent c8df898204584e92b9e5001847788d899b34353d

Improve robustness of ECDH public key length validation

In client-side code with MBEDTLS_USE_PSA_CRYPTO, use the buffer size to
validate what is written in handshake->xxdh_psa_peerkey. The previous code
was correct, but a little fragile to misconfiguration or maintenance.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

library/ssl_tls12_client.c

diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index cc22a3f..02f6cd3 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -1779,7 +1779,7 @@
         return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    if (ecpoint_len > PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)) {
+    if (ecpoint_len > sizeof(handshake->xxdh_psa_peerkey)) {
         return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
 
@@ -2059,7 +2059,7 @@
     ret = mbedtls_ecp_point_write_binary(&peer_key->grp, &peer_key->Q,
                                          MBEDTLS_ECP_PF_UNCOMPRESSED, &olen,
                                          ssl->handshake->xxdh_psa_peerkey,
-                                         MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH);
+                                         sizeof(ssl->handshake->xxdh_psa_peerkey));
 
     if (ret != 0) {
         MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecp_point_write_binary"), ret);