From 33c92f01a00fc2590a27341be15ca1c91e106a52 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 2 Jun 2021 23:34:02 +0200 Subject: [PATCH] Determine MBEDTLS_ECP_MAX_BITS automatically MBEDTLS_ECP_MAX_BITS is now determined automatically from the configured curves and no longer needs to be configured explicitly to save RAM. Setting it explicit in config.h is still supported for backward compatibility. Signed-off-by: Gilles Peskine --- ChangeLog.d/ecp_max_bits.txt | 4 ++++ configs/config-suite-b.h | 3 +-- configs/config-thread.h | 3 +-- include/mbedtls/config.h | 2 +- include/mbedtls/ecp.h | 10 ++++++++-- 5 files changed, 15 insertions(+), 7 deletions(-) diff --git a/ChangeLog.d/ecp_max_bits.txt b/ChangeLog.d/ecp_max_bits.txt index bfbe11f13..834dedaa5 100644 --- a/ChangeLog.d/ecp_max_bits.txt +++ b/ChangeLog.d/ecp_max_bits.txt @@ -2,3 +2,7 @@ Security * It was possible to configure MBEDTLS_ECP_MAX_BITS to a value that is too small, leading to buffer overflows in ECC operations. Fail the build in such a case. + +Features + * MBEDTLS_ECP_MAX_BITS is now determined automatically from the configured + curves and no longer needs to be configured explicitly to save RAM. diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index 6eb03a97e..9cad38273 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -80,8 +80,7 @@ #define MBEDTLS_AES_ROM_TABLES /* Save RAM by adjusting to our exact needs */ -#define MBEDTLS_ECP_MAX_BITS 384 -#define MBEDTLS_MPI_MAX_SIZE 48 // 384 bits is 48 bytes +#define MBEDTLS_MPI_MAX_SIZE 48 // 48 bytes for a 384-bit elliptic curve /* Save RAM at the expense of speed, see ecp.h */ #define MBEDTLS_ECP_WINDOW_SIZE 2 diff --git a/configs/config-thread.h b/configs/config-thread.h index 47dd5e222..8464fcb1b 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -81,8 +81,7 @@ #define MBEDTLS_AES_ROM_TABLES /* Save RAM by adjusting to our exact needs */ -#define MBEDTLS_ECP_MAX_BITS 256 -#define MBEDTLS_MPI_MAX_SIZE 32 // 256 bits is 32 bytes +#define MBEDTLS_MPI_MAX_SIZE 32 // 32 bytes for a 256-bit elliptic curve /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index d0e61c545..79aacf7b8 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3616,7 +3616,7 @@ //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ /* ECP options */ -//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ +//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups. Normally determined automatically from the configured curves. */ //#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index a4aa3a30e..42630e981 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -285,11 +285,17 @@ mbedtls_ecp_group; #error "MBEDTLS_ECP_MAX_BITS is smaller than the largest supported curve" #endif -#else +#elif defined(MBEDTLS_ECP_C) /** * The maximum size of the groups, that is, of \c N and \c P. */ -#define MBEDTLS_ECP_MAX_BITS 521 /**< The maximum size of groups, in bits. */ +#define MBEDTLS_ECP_MAX_BITS MBEDTLS_ECP_MAX_BITS_MIN + +#else +/* MBEDTLS_ECP_MAX_BITS is not relevant without MBEDTLS_ECP_C, but set it + * to a nonzero value so that code that unconditionally allocates an array + * of a size based on it keeps working if built without ECC support. */ +#define MBEDTLS_ECP_MAX_BITS 1 #endif #define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )