In order to remove large buffers from the stack, the der data is written
into the same buffer that the pem is eventually written into, however
although the pem data is zero terminated, there is now data left in the
buffer after the zero termination, which can cause
mbedtls_x509_crt_parse to fail to parse the same buffer if passed back
in. Patches also applied to mbedtls_pk_write_pubkey_pem, and
mbedtls_pk_write_key_pem, which use similar methods of writing der data
to the same buffer, and tests modified to hopefully catch any future
regression on this.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
<string.h> is actually needed when MBEDTLS_ERROR_C is enabled and not
when only MBEDTLS_ERROR_STRERROR_DUMMY is enabled.
Fix#3866.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
* As described in issue #3801 the upcoming cmake 3.19
will not support cmake 2.6 any more
* This PR updates the mimimum required cmake version
to 2.8.12, which will not give a warning with cmake 3.19
but still compatible with MbedTLS support of RHEL/CentOS 7 LTS
* Adding ChangeLog.d/bugfix_PR3802.txt
Signed-off-by: Peter Toft <peter.toft@dirac.com>
In `read_next_b64_code()`, the result of fgetc() is stored into a char,
but later compared against EOF, which is generally -1. On platforms
where char is unsigned, this generates a compiler warning/error that the
comparison will never be true (causing a build failure). The value will
never match, with the function ultimately bailing with a "Too many bad
symbols are detected" error.
On platforms with signed char, EOF is detected, but a file containing a
0xFF character will causes a premature end of file exit of the loop.
Fix this by changing the result to an int.
Fixes#3794.
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: David Brown <david.brown@linaro.org>
Allows required targets to have prefixes added to them, so that external
projects can avoid target names clashing.
Signed-off-by: Raef Coles <raef.coles@arm.com>
The CCM specification (NIST SP 800-38C) mandates that the formatting of
the additional data length l(a) changes when it is greater _or equal_ to
2^16 - 2^8 (>= 0xFF00). Since such lengths are not supported in mbed TLS,
the operation should fail in such cases.
This commit fixes an off-by-one error which allowed encryption/decryption
to be executed when l(a) was equal to 0xFF00, resulting in an
incorrect/non-standard length format being used.
Fixes#3719.
Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>
* Stores bits in psa_persistent_key_storage_format.
* psa_load_persistent_key_into_slot still imports plaintext keys which
ensures that the bits value gets set.
* Updates key specification to match new implementation.
* Expands persistent store and load tests with to check for bits
attribute.
* Removes bits storage from psa_se_key_data_storage_t.
Signed-off-by: Torstein Nesse <torstein.nesse@silabs.com>
This reverts commit 9c46a60e6c.
When the library is dynamically linked against Glibc (as is usually
the case with Glibc), it now requires a recent Glibc at runtime if it
was compiled with a recent Glibc. This is a loss of functionality for
no demonstrated benefit.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
“Prior to Mbed TLS 2.24” suggests that 2.24 itself didn't use the old
policy anymore, but it did. Change to “Until”, and also give the exact
version number “2.24.0”.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In psa_generate_key_internal() for ECC keys, remove the check that the
bit-size according to Mbed TLS is equal to the requested bit-size.
This check was necessary back when the PSA API encoded curves and key
sizes independently, in order to reject combinations such as SECP256R1
with a 512-bit size. Since the curve encoding changed to specifying a
curve family and a size separately, the Mbed TLS curve id (grp_id) and
the curve data (curve_info) are now determined from the size, and
checking that (curve_info->bit_size == bits) is now only a redundant
sanity check.
This check is actually buggy, because PSA Crypto and Mbed TLS don't
have exactly the same notion of key size. PSA thinks Curve25519 is
255-bit and secp224k1 is 225-bit, but Mbed TLS thinks they're 256-bit
and 224-bit respectively. Removing the check allows key generation to
work for these curves.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
mbedtls_ecp_curve_list() now lists Curve25519 and Curve448 under the names
"x25519" and "x448". These curves support ECDH but not ECDSA.
This was meant ever since the introduction of mbedtls_ecdsa_can_do()
in 0082f9df6f, but
2c69d10bac had removed the claim
that Montgomery curves support ECDH except through Everest.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>