Add some missing compilation guards

Add missing checks for defined(MBEDTLS_MD_C) around types and
functions that require it (HMAC, HKDF, TLS12_PRF).

Add missing checks for defined(MBEDTLS_ECDSA_DETERMINISTIC) around
code that calls mbedtls_ecdsa_sign_det().

Add missing checks for defined(MBEDTLS_ECDH_C) around ECDH-specific
functions.
This commit is contained in:
Gilles Peskine 2018-11-16 16:02:56 +01:00
parent 353e45361d
commit a05219c70b
2 changed files with 26 additions and 3 deletions

View file

@ -85,7 +85,7 @@ struct psa_hash_operation_s
} ctx; } ctx;
}; };
#if defined(MBEDTLS_MD_C)
typedef struct typedef struct
{ {
/** The hash context. */ /** The hash context. */
@ -93,7 +93,7 @@ typedef struct
/** The HMAC part of the context. */ /** The HMAC part of the context. */
uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
} psa_hmac_internal_data; } psa_hmac_internal_data;
#endif /* MBEDTLS_MD_C */
struct psa_mac_operation_s struct psa_mac_operation_s
{ {
@ -130,6 +130,7 @@ struct psa_cipher_operation_s
} ctx; } ctx;
}; };
#if defined(MBEDTLS_MD_C)
typedef struct typedef struct
{ {
uint8_t *info; uint8_t *info;
@ -143,7 +144,9 @@ typedef struct
uint8_t offset_in_block; uint8_t offset_in_block;
uint8_t block_number; uint8_t block_number;
} psa_hkdf_generator_t; } psa_hkdf_generator_t;
#endif /* MBEDTLS_MD_C */
#if defined(MBEDTLS_MD_C)
typedef struct psa_tls12_prf_generator_s typedef struct psa_tls12_prf_generator_s
{ {
/* The TLS 1.2 PRF uses the key for each HMAC iteration, /* The TLS 1.2 PRF uses the key for each HMAC iteration,
@ -172,6 +175,7 @@ typedef struct psa_tls12_prf_generator_s
uint8_t block_number; uint8_t block_number;
} psa_tls12_prf_generator_t; } psa_tls12_prf_generator_t;
#endif /* MBEDTLS_MD_C */
struct psa_crypto_generator_s struct psa_crypto_generator_s
{ {

View file

@ -1431,6 +1431,7 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
(int) key_bits, mode ) ); (int) key_bits, mode ) );
} }
#if defined(MBEDTLS_MD_C)
static size_t psa_get_hash_block_size( psa_algorithm_t alg ) static size_t psa_get_hash_block_size( psa_algorithm_t alg )
{ {
switch( alg ) switch( alg )
@ -1457,6 +1458,7 @@ static size_t psa_get_hash_block_size( psa_algorithm_t alg )
return( 0 ); return( 0 );
} }
} }
#endif /* MBEDTLS_MD_C */
/* Initialize the MAC operation structure. Once this function has been /* Initialize the MAC operation structure. Once this function has been
* called, psa_mac_abort can run and will do the right thing. */ * called, psa_mac_abort can run and will do the right thing. */
@ -2164,6 +2166,7 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp,
goto cleanup; goto cleanup;
} }
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) ) if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) )
{ {
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
@ -2174,7 +2177,9 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp,
md_alg ) ); md_alg ) );
} }
else else
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
{ {
(void) alg;
MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d, MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d,
hash, hash_length, hash, hash_length,
mbedtls_ctr_drbg_random, mbedtls_ctr_drbg_random,
@ -2265,7 +2270,13 @@ psa_status_t psa_asymmetric_sign( psa_key_slot_t key,
if( PSA_KEY_TYPE_IS_ECC( slot->type ) ) if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
{ {
#if defined(MBEDTLS_ECDSA_C) #if defined(MBEDTLS_ECDSA_C)
if( PSA_ALG_IS_ECDSA( alg ) ) if(
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
PSA_ALG_IS_ECDSA( alg )
#else
PSA_ALG_IS_RANDOMIZED_ECDSA( alg )
#endif
)
status = psa_ecdsa_sign( slot->data.ecp, status = psa_ecdsa_sign( slot->data.ecp,
alg, alg,
hash, hash_length, hash, hash_length,
@ -3637,6 +3648,7 @@ exit:
/* Key derivation */ /* Key derivation */
/****************************************************************/ /****************************************************************/
#if defined(MBEDTLS_MD_C)
/* Set up an HKDF-based generator. This is exactly the extract phase /* Set up an HKDF-based generator. This is exactly the extract phase
* of the HKDF algorithm. */ * of the HKDF algorithm. */
static psa_status_t psa_generator_hkdf_setup( psa_hkdf_generator_t *hkdf, static psa_status_t psa_generator_hkdf_setup( psa_hkdf_generator_t *hkdf,
@ -3674,7 +3686,9 @@ static psa_status_t psa_generator_hkdf_setup( psa_hkdf_generator_t *hkdf,
} }
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }
#endif /* MBEDTLS_MD_C */
#if defined(MBEDTLS_MD_C)
/* Set up a TLS-1.2-prf-based generator (see RFC 5246, Section 5). */ /* Set up a TLS-1.2-prf-based generator (see RFC 5246, Section 5). */
static psa_status_t psa_generator_tls12_prf_setup( static psa_status_t psa_generator_tls12_prf_setup(
psa_tls12_prf_generator_t *tls12_prf, psa_tls12_prf_generator_t *tls12_prf,
@ -3727,6 +3741,7 @@ static psa_status_t psa_generator_tls12_prf_setup(
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }
#endif /* MBEDTLS_MD_C */
static psa_status_t psa_key_derivation_internal( static psa_status_t psa_key_derivation_internal(
psa_crypto_generator_t *generator, psa_crypto_generator_t *generator,
@ -3744,8 +3759,10 @@ static psa_status_t psa_key_derivation_internal(
if( alg == PSA_ALG_SELECT_RAW ) if( alg == PSA_ALG_SELECT_RAW )
{ {
(void) salt;
if( salt_length != 0 ) if( salt_length != 0 )
return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_ERROR_INVALID_ARGUMENT );
(void) label;
if( label_length != 0 ) if( label_length != 0 )
return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_ERROR_INVALID_ARGUMENT );
generator->ctx.buffer.data = mbedtls_calloc( 1, secret_length ); generator->ctx.buffer.data = mbedtls_calloc( 1, secret_length );
@ -3854,6 +3871,7 @@ psa_status_t psa_key_derivation( psa_crypto_generator_t *generator,
/* Key agreement */ /* Key agreement */
/****************************************************************/ /****************************************************************/
#if defined(MBEDTLS_ECDH_C)
static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key, static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key,
size_t peer_key_length, size_t peer_key_length,
const mbedtls_ecp_keypair *our_key, const mbedtls_ecp_keypair *our_key,
@ -3905,6 +3923,7 @@ exit:
mbedtls_ecdh_free( &ecdh ); mbedtls_ecdh_free( &ecdh );
return( mbedtls_to_psa_error( ret ) ); return( mbedtls_to_psa_error( ret ) );
} }
#endif /* MBEDTLS_ECDH_C */
#define PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE MBEDTLS_ECP_MAX_BYTES #define PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE MBEDTLS_ECP_MAX_BYTES