Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function and deprecate mbedtls_pkcs5_pbes2 function. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>

commit: c9f4040f7f3356293e90c58d11f6567def641e08 [log] [tgz]
author: Waleed Elmelegy <waleed.elmelegy@arm.com> Tue Aug 08 15:28:15 2023 +0100
committer: Waleed Elmelegy <waleed.elmelegy@arm.com> Wed Sep 20 19:28:28 2023 +0100
tree: 8e0c627c19f5797829894978aacc7ee5df158941
parent: 8a7fb2d7992a0a3db46d825eff90557204e075bf [diff] [blame]
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index c0424da..1786dda 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h

@@ -229,6 +229,14 @@
 #define MBEDTLS_PK_HAVE_ECC_KEYS
 #endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
 
+/* Historically pkparse did not check the CBC padding when decrypting
+ * a key. This was a bug, which is now fixed. As a consequence, pkparse
+ * now needs PKCS7 padding support, but existing configurations might not
+ * enable it, so we enable it here. */
+#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PKCS5_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
+#define MBEDTLS_CIPHER_PADDING_PKCS7
+#endif
+
 /* The following blocks make it easier to disable all of TLS,
  * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all
  * key exchanges, options and extensions related to them. */
commit	c9f4040f7f3356293e90c58d11f6567def641e08	[log] [tgz]
author	Waleed Elmelegy <waleed.elmelegy@arm.com>	Tue Aug 08 15:28:15 2023 +0100
committer	Waleed Elmelegy <waleed.elmelegy@arm.com>	Wed Sep 20 19:28:28 2023 +0100
tree	8e0c627c19f5797829894978aacc7ee5df158941
parent	8a7fb2d7992a0a3db46d825eff90557204e075bf [diff] [blame]