TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 713c9e187f2db498b74d9719f16fec04fce7ff2e
commit713c9e187f2db498b74d9719f16fec04fce7ff2e[log] [tgz]
authorHanno Becker <hanno.becker@arm.com>Thu Sep 28 16:46:24 2017 +0100
committerHanno Becker <hanno.becker@arm.com>Thu Sep 28 16:54:39 2017 +0100
tree5103112df6a4ee98709b46ba4f52572f124743b1
parenta75a4591430919a6eb3d430aca396044fe3816d4 [diff]
Use in-place decryption in pk_parse_pkcs8_encrypted_der

The stack buffer used to hold the decrypted key in pk_parse_pkcs8_encrypted_der
was statically sized to 2048 bytes, which is not enough for DER encoded 4096bit
RSA keys.

This commit resolves the problem by performing the key-decryption in-place,
circumventing the introduction of another stack or heap copy of the key.

There are two situations where pk_parse_pkcs8_encrypted_der is invoked:
1. When processing a PEM-encoded encrypted key in pk_parse_key.
   This does not need adaption since the PEM context used to hold the decoded
   key is already constructed and owned by pk_parse_key.
2. When processing a DER-encoded encrypted key in pk_parse_key.
   In this case, pk_parse_key calls pk_parse_pkcs8_encrypted_der with
   the buffer provided by the user, which is declared const. The commit
   therefore adds a small code paths making a copy of the keybuffer before
   calling pk_parse_pkcs8_encrypted_der.
1 file changed
tree: 5103112df6a4ee98709b46ba4f52572f124743b1
  1. configs/
  2. doxygen/
  3. include/
  4. library/
  5. programs/
  6. scripts/
  7. tests/
  8. visualc/
  9. .gitignore
  10. .travis.yml
  11. ChangeLog
  12. CMakeLists.txt
  13. DartConfiguration.tcl
  14. LICENSE
  15. Makefile
  16. README.rst