From 4a5c9ee7f260e606aaa38c7e67583484510f75ae Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 10 Feb 2023 16:03:44 +0000 Subject: [PATCH] Remove redundant SIZE_MAX guards Signed-off-by: Dave Rodgman --- library/ctr_drbg.c | 3 +-- library/pk.c | 2 -- library/pk_wrap.c | 8 -------- library/psa_crypto_rsa.c | 2 -- library/psa_crypto_se.c | 2 -- library/ssl_msg.c | 4 ++-- tests/suites/test_suite_pk.function | 6 ------ tests/suites/test_suite_psa_crypto.function | 6 ------ 8 files changed, 3 insertions(+), 30 deletions(-) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 13fa6d4eb..acc4208cc 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -98,14 +98,13 @@ int mbedtls_ctr_drbg_set_nonce_len(mbedtls_ctr_drbg_context *ctx, if (len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) { return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG; } -#if SIZE_MAX > INT_MAX + /* This shouldn't be an issue because * MBEDTLS_CTR_DRBG_MAX_SEED_INPUT < INT_MAX in any sensible * configuration, but make sure anyway. */ if (len > INT_MAX) { return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG; } -#endif /* For backward compatibility with Mbed TLS <= 2.19, store the * entropy nonce length in a field that already exists, but isn't diff --git a/library/pk.c b/library/pk.c index ed3ca41cc..05afdbc4e 100644 --- a/library/pk.c +++ b/library/pk.c @@ -501,11 +501,9 @@ int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_pk_rsassa_pss_options *pss_opts; -#if SIZE_MAX > UINT_MAX if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } -#endif /* SIZE_MAX > UINT_MAX */ if (options == NULL) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; diff --git a/library/pk_wrap.c b/library/pk_wrap.c index fa296e824..dc7a27f0e 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -174,11 +174,9 @@ static int rsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg, PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_hash_info_psa_from_md(md_alg)); size_t rsa_len = mbedtls_rsa_get_len(rsa); -#if SIZE_MAX > UINT_MAX if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } -#endif /* SIZE_MAX > UINT_MAX */ if (sig_len < rsa_len) { return MBEDTLS_ERR_RSA_VERIFY_FAILED; @@ -230,11 +228,9 @@ static int rsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg, mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx; size_t rsa_len = mbedtls_rsa_get_len(rsa); -#if SIZE_MAX > UINT_MAX if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } -#endif /* SIZE_MAX > UINT_MAX */ if (sig_len < rsa_len) { return MBEDTLS_ERR_RSA_VERIFY_FAILED; @@ -345,11 +341,9 @@ static int rsa_sign_wrap(void *ctx, mbedtls_md_type_t md_alg, { mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx; -#if SIZE_MAX > UINT_MAX if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } -#endif /* SIZE_MAX > UINT_MAX */ *sig_len = mbedtls_rsa_get_len(rsa); if (sig_size < *sig_len) { @@ -1330,11 +1324,9 @@ static int rsa_alt_sign_wrap(void *ctx, mbedtls_md_type_t md_alg, { mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx; -#if SIZE_MAX > UINT_MAX if (UINT_MAX < hash_len) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } -#endif /* SIZE_MAX > UINT_MAX */ *sig_len = rsa_alt->key_len_func(rsa_alt->key); if (*sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE) { diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index c72061586..6e90f1cea 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -332,11 +332,9 @@ static psa_status_t psa_rsa_decode_md_type(psa_algorithm_t alg, /* The Mbed TLS RSA module uses an unsigned int for hash length * parameters. Validate that it fits so that we don't risk an * overflow later. */ -#if SIZE_MAX > UINT_MAX if (hash_length > UINT_MAX) { return PSA_ERROR_INVALID_ARGUMENT; } -#endif /* For signatures using a hash, the hash length must be correct. */ if (alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW) { diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c index b66039364..dee780f46 100644 --- a/library/psa_crypto_se.c +++ b/library/psa_crypto_se.c @@ -125,12 +125,10 @@ static psa_status_t psa_get_se_driver_its_file_uid( return PSA_ERROR_NOT_SUPPORTED; } -#if SIZE_MAX > UINT32_MAX /* ITS file sizes are limited to 32 bits. */ if (driver->u.internal.persistent_data_size > UINT32_MAX) { return PSA_ERROR_NOT_SUPPORTED; } -#endif /* See the documentation of PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE. */ *uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + driver->location; diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 4ebc8cb92..9bedc2546 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2090,7 +2090,7 @@ int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want) return ret; } - if ((size_t) ret > len || (INT_MAX > SIZE_MAX && ret > (int) SIZE_MAX)) { + if ((size_t) ret > len) { MBEDTLS_SSL_DEBUG_MSG(1, ("f_recv returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " were requested", @@ -2142,7 +2142,7 @@ int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl) return ret; } - if ((size_t) ret > ssl->out_left || (INT_MAX > SIZE_MAX && ret > (int) SIZE_MAX)) { + if ((size_t) ret > ssl->out_left) { MBEDTLS_SSL_DEBUG_MSG(1, ("f_send returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " bytes were sent", diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index d8a8f863e..bafd87afc 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1064,10 +1064,6 @@ void pk_rsa_overflow() size_t hash_len = SIZE_MAX, sig_len = SIZE_MAX; unsigned char hash[50], sig[100]; - if (SIZE_MAX <= UINT_MAX) { - return; - } - memset(hash, 0x2a, sizeof(hash)); memset(sig, 0, sizeof(sig)); @@ -1143,12 +1139,10 @@ void pk_rsa_alt() TEST_ASSERT(strcmp(mbedtls_pk_get_name(&alt), "RSA-alt") == 0); /* Test signature */ -#if SIZE_MAX > UINT_MAX TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, SIZE_MAX, sig, sizeof(sig), &sig_len, mbedtls_test_rnd_std_rand, NULL) == MBEDTLS_ERR_PK_BAD_INPUT_DATA); -#endif /* SIZE_MAX > UINT_MAX */ TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, sizeof(hash), sig, sizeof(sig), &sig_len, mbedtls_test_rnd_std_rand, NULL) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 5e46ca0ab..0a7744fd2 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -5844,7 +5844,6 @@ void aead_multipart_state_test(int key_type_arg, data_t *key_data, psa_aead_abort(&operation); /* Test for generating nonce after calling set lengths with SIZE_MAX ad_data length */ -#if SIZE_MAX > UINT32_MAX PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); if (operation.alg == PSA_ALG_CCM || operation.alg == PSA_ALG_GCM) { @@ -5864,7 +5863,6 @@ void aead_multipart_state_test(int key_type_arg, data_t *key_data, } psa_aead_abort(&operation); -#endif /* Test for calling set lengths with a UINT32_MAX ad_data length, after generating nonce */ @@ -5916,7 +5914,6 @@ void aead_multipart_state_test(int key_type_arg, data_t *key_data, psa_aead_abort(&operation); /* Test for setting nonce after calling set lengths with SIZE_MAX ad_data length */ -#if SIZE_MAX > UINT32_MAX PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); if (operation.alg == PSA_ALG_CCM || operation.alg == PSA_ALG_GCM) { @@ -5932,7 +5929,6 @@ void aead_multipart_state_test(int key_type_arg, data_t *key_data, } psa_aead_abort(&operation); -#endif /* Test for calling set lengths with an ad_data length of UINT32_MAX, after setting nonce */ @@ -5952,7 +5948,6 @@ void aead_multipart_state_test(int key_type_arg, data_t *key_data, psa_aead_abort(&operation); /* Test for setting nonce after calling set lengths with plaintext length of SIZE_MAX */ -#if SIZE_MAX > UINT32_MAX PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); if (operation.alg == PSA_ALG_GCM) { @@ -5984,7 +5979,6 @@ void aead_multipart_state_test(int key_type_arg, data_t *key_data, } psa_aead_abort(&operation); -#endif /* ------------------------------------------------------- */