Determine MBEDTLS_ECP_MAX_BITS automatically

MBEDTLS_ECP_MAX_BITS is now determined automatically from the configured curves and no longer needs to be configured explicitly to save RAM. Setting it explicit in config.h is still supported for backward compatibility. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-02-02 17:11:05 +00:00 · 2021-06-02 23:34:02 +02:00 · 2021-06-02 23:34:02 +02:00 · 33c92f01a0
parent e57bad4b42
commit 33c92f01a0
5 changed files with 15 additions and 7 deletions
--- a/ChangeLog.d/ecp_max_bits.txt
+++ b/ChangeLog.d/ecp_max_bits.txt
@ -2,3 +2,7 @@ Security
   * It was possible to configure MBEDTLS_ECP_MAX_BITS to a value that is
     too small, leading to buffer overflows in ECC operations. Fail the build
     in such a case.
+
+Features
+   * MBEDTLS_ECP_MAX_BITS is now determined automatically from the configured
+     curves and no longer needs to be configured explicitly to save RAM.
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@ -80,8 +80,7 @@
 #define MBEDTLS_AES_ROM_TABLES

 /* Save RAM by adjusting to our exact needs */
-#define MBEDTLS_ECP_MAX_BITS   384
-#define MBEDTLS_MPI_MAX_SIZE    48 // 384 bits is 48 bytes
+#define MBEDTLS_MPI_MAX_SIZE    48 // 48 bytes for a 384-bit elliptic curve

 /* Save RAM at the expense of speed, see ecp.h */
 #define MBEDTLS_ECP_WINDOW_SIZE        2
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@ -81,8 +81,7 @@
 #define MBEDTLS_AES_ROM_TABLES

 /* Save RAM by adjusting to our exact needs */
-#define MBEDTLS_ECP_MAX_BITS             256
-#define MBEDTLS_MPI_MAX_SIZE              32 // 256 bits is 32 bytes
+#define MBEDTLS_MPI_MAX_SIZE              32 // 32 bytes for a 256-bit elliptic curve

 /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
 #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -3616,7 +3616,7 @@
 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT      384 /**< Maximum size of (re)seed buffer */

 /* ECP options */
-//#define MBEDTLS_ECP_MAX_BITS             521 /**< Maximum bit size of groups */
+//#define MBEDTLS_ECP_MAX_BITS             521 /**< Maximum bit size of groups. Normally determined automatically from the configured curves. */
 //#define MBEDTLS_ECP_WINDOW_SIZE            6 /**< Maximum window size used */
 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM      1 /**< Enable fixed-point speed-up */

--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@ -285,11 +285,17 @@ mbedtls_ecp_group;
 #error "MBEDTLS_ECP_MAX_BITS is smaller than the largest supported curve"
 #endif

-#else
+#elif defined(MBEDTLS_ECP_C)
 /**
 * The maximum size of the groups, that is, of \c N and \c P.
 */
-#define MBEDTLS_ECP_MAX_BITS     521   /**< The maximum size of groups, in bits. */
+#define MBEDTLS_ECP_MAX_BITS     MBEDTLS_ECP_MAX_BITS_MIN
+
+#else
+/* MBEDTLS_ECP_MAX_BITS is not relevant without MBEDTLS_ECP_C, but set it
+ * to a nonzero value so that code that unconditionally allocates an array
+ * of a size based on it keeps working if built without ECC support. */
+#define MBEDTLS_ECP_MAX_BITS 1
 #endif

 #define MBEDTLS_ECP_MAX_BYTES    ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )