From d336f721c0b35548ab3dfb92d6dfa44d951a3e69 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 21 Aug 2019 11:46:11 +0100 Subject: [PATCH] Fixup: Add missing TinyCrypt guard in ECC private key parsing PEM-encoded keys with PEM header -----BEGIN EC PRIVATE KEY----- ... -----END EC PRIVATE KEY----- were previously not parsed in configurations using TinyCrypt instead of legacy ECC crypto. --- library/pkparse.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 713ee922d..69d2935e5 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1414,7 +1414,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, return( ret ); #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ if( key[keylen - 1] != '\0' ) ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; @@ -1427,9 +1427,15 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, { pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ); +#if defined(MBEDTLS_USE_TINYCRYPT) + if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || + ( ret = pk_parse_key_sec1_der( mbedtls_uecc_pk( *pk ), + pem.buf, pem.buflen ) ) != 0 ) +#else /* MBEDTLS_USE_TINYCRYPT */ if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), pem.buf, pem.buflen ) ) != 0 ) +#endif /* MBEDTLS_USE_TINYCRYPT */ { mbedtls_pk_free( pk ); } @@ -1443,7 +1449,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) return( ret ); -#endif /* MBEDTLS_ECP_C */ +#endif /* MBEDTLS_ECP_C || MBEDTLS_USE_TINYCRYPT */ /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ if( key[keylen - 1] != '\0' )