From b476a44fc6cd9cd5fef2aab83ad58f1378745fe1 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 21 Jan 2022 18:14:45 +0800
Subject: [PATCH] Add static assert check

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls.c | 34 ++++++++++++++++++----------------
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c04470c96..c621e415f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -25,6 +25,8 @@
 
 #if defined(MBEDTLS_SSL_TLS_C)
 
+#include <assert.h>
+
 #if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
 #else
@@ -3160,35 +3162,35 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
     {
         const int *md;
         const int *sig_hashes = ssl->conf->sig_hashes;
-        size_t sig_algs_len = sizeof( uint16_t );
-        size_t sig_algs_len_per_hash = 0;
+        size_t sig_algs_len = 0;
         uint16_t *p;
 
-#if defined(MBEDTLS_ECDSA_C)
-        sig_algs_len_per_hash += sizeof( uint16_t );
-#endif
-#if defined(MBEDTLS_RSA_C)
-        sig_algs_len_per_hash += sizeof( uint16_t );
+#if defined(static_assert)
+        static_assert( MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN
+                       <= ( SIZE_MAX - ( 2 * sizeof(uint16_t) ) ),
+                       "MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN too big" );
 #endif
 
         for( md = sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
         {
             if( mbedtls_ssl_hash_from_md_alg( *md ) == MBEDTLS_SSL_HASH_NONE )
                 continue;
-            if( sig_algs_len >
-                ( MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN + sizeof( uint16_t )
-                  - sig_algs_len_per_hash ) )
-            {
-                return( MBEDTLS_ERR_SSL_BAD_CONFIG );
-            }
+#if defined(MBEDTLS_ECDSA_C)
+            sig_algs_len += sizeof( uint16_t );
+#endif
 
-            sig_algs_len += sig_algs_len_per_hash;
+#if defined(MBEDTLS_RSA_C)
+            sig_algs_len += sizeof( uint16_t );
+#endif
+            if( sig_algs_len > MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN )
+                return( MBEDTLS_ERR_SSL_BAD_CONFIG );
         }
 
-        if( sig_algs_len < MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN + sizeof( uint16_t ))
+        if( sig_algs_len < MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN )
             return( MBEDTLS_ERR_SSL_BAD_CONFIG );
 
-        ssl->handshake->sig_algs = mbedtls_calloc( 1, sig_algs_len );
+        ssl->handshake->sig_algs = mbedtls_calloc( 1, sig_algs_len +
+                                                      sizeof( uint16_t ));
         if( ssl->handshake->sig_algs == NULL )
             return( MBEDTLS_ERR_SSL_ALLOC_FAILED );