mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-03-28 08:47:00 +00:00
2fa6b5f503
Attempting to create an ECC key with a curve specification that is not
valid can plausibly fail with PSA_ERROR_INVALID_ARGUMENT ("this is not
a curve specification at all") or PSA_ERROR_NOT_SUPPORTED ("this may
be a curve specification, but not one I support"). The choice of error
is somewhat subjective.
Before this commit, due to happenstance in the implementation, an
attempt to use a curve that is declared in the PSA API but not
implemented in Mbed TLS returned PSA_ERROR_INVALID_ARGUMENT, whereas
an attempt to use a curve that Mbed TLS supports but for which support
was disabled at compile-time returned PSA_ERROR_NOT_SUPPORTED. This
inconsistency made it difficult to write negative tests that could
work whether the curve is implemented via Mbed TLS code or via a
driver.
After this commit, any attempt to use parameters that are not
recognized fails with NOT_SUPPORTED, whether a curve with the
specified size might plausibly exist or not, because "might plausibly
exist" is not something Mbed TLS can determine.
To keep returning INVALID_ARGUMENT when importing an ECC key with an
explicit "bits" attribute that is inconsistent with the size of the
key material, this commit changes the way mbedtls_ecc_group_of_psa()
works: it now works on a size in bits rather than bytes, with an extra
flag indicating whether the bit-size must be exact or not.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
|
||
|---|---|---|
| .. | ||
| .jenkins | ||
| configs | ||
| data_files | ||
| docker/bionic | ||
| git-scripts | ||
| include/test | ||
| scripts | ||
| src | ||
| suites | ||
| .gitignore | ||
| CMakeLists.txt | ||
| compat-in-docker.sh | ||
| compat.sh | ||
| context-info.sh | ||
| Descriptions.txt | ||
| make-in-docker.sh | ||
| Makefile | ||
| ssl-opt-in-docker.sh | ||
| ssl-opt.sh | ||