commit 84f7467a0a91f8835e40ca5e57b44a81dd666464
author Jerome Forissier <jerome@forissier.org> Mon Mar 30 17:42:28 2020 +0200
committer Jérôme Forissier <jerome@forissier.org> Tue Apr 07 11:15:15 2020 +0200
tree 3b230e3db79bd0b867b910ad29ff4632262d5631
parent 06bdcfe6e4f92fd25eb3a1542b1faa41ffca002c

Import mbedtls-2.16.5

Imports Mbed TLS 2.16.5 from https://github.com/ARMmbed/mbedtls.git
commit 0fce215851cc ("Merge pull request #3053 from
yanesca/bump-version-2.16.5") (tag mbedtls-2.16.5).

Certain files will bever be needed and are thus removed:
 rm -f .gitignore .globalrc .pylintrc .travis.yml
 rm -f CMakeLists.txt DartConfiguration.tcl Makefile
 rm -f include/{.gitignore,CMakeLists.txt}
 rm -f library/{.gitignore,CMakeLists.txt,Makefile}
 rm -rf .git .github configs docs doxygen programs scripts tests visualc

This is a complete overwrite of previous code so earlier changes in the
branch import/mbedtls-2.16.0 will be added on top of this commit to bring
the changes forward.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

lib/libmbedtls/mbedtls/library/pkwrite.c

diff --git a/lib/libmbedtls/mbedtls/library/pkwrite.c b/lib/libmbedtls/mbedtls/library/pkwrite.c
index c3e9721..03d14f2 100644
--- a/lib/libmbedtls/mbedtls/library/pkwrite.c
+++ b/lib/libmbedtls/mbedtls/library/pkwrite.c
@@ -1,8 +1,8 @@
-// SPDX-License-Identifier: Apache-2.0
 /*
  *  Public Key layer for writing key files and structures
  *
  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
  *
  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
  *  not use this file except in compliance with the License.
@@ -38,7 +38,9 @@
 #include "mbedtls/rsa.h"
 #endif
 #if defined(MBEDTLS_ECP_C)
+#include "mbedtls/bignum.h"
 #include "mbedtls/ecp.h"
+#include "mbedtls/platform_util.h"
 #endif
 #if defined(MBEDTLS_ECDSA_C)
 #include "mbedtls/ecdsa.h"
@@ -150,6 +152,26 @@
 
     return( (int) len );
 }
+
+/*
+ * privateKey  OCTET STRING -- always of length ceil(log2(n)/8)
+ */
+static int pk_write_ec_private( unsigned char **p, unsigned char *start,
+                                mbedtls_ecp_keypair *ec )
+{
+    int ret;
+    size_t byte_length = ( ec->grp.pbits + 7 ) / 8;
+    unsigned char tmp[MBEDTLS_ECP_MAX_BYTES];
+
+    ret = mbedtls_mpi_write_binary( &ec->d, tmp, byte_length );
+    if( ret != 0 )
+        goto exit;
+    ret = mbedtls_asn1_write_octet_string( p, start, tmp, byte_length );
+
+exit:
+    mbedtls_platform_zeroize( tmp, byte_length );
+    return( ret );
+}
 #endif /* MBEDTLS_ECP_C */
 
 int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
@@ -364,9 +386,8 @@
                             MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
         len += par_len;
 
-        /* privateKey: write as MPI then fix tag */
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &ec->d ) );
-        *c = MBEDTLS_ASN1_OCTET_STRING;
+        /* privateKey */
+        MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_private( &c, buf, ec ) );
 
         /* version */
         MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 1 ) );