From 88ff27f354c222696daa7284c4d6c8adcc81db94 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 6 Nov 2023 17:01:27 +0100 Subject: [PATCH] Fix mbedTLS 3.5 build. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- src/hsm/cmd_cipher_sym.c | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 09276f7..6069911 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 09276f7117beb7a2f52e65cc601b9153e7b59ca1 +Subproject commit 6069911be0bf91844a174a1d69e2539e81145fe6 diff --git a/src/hsm/cmd_cipher_sym.c b/src/hsm/cmd_cipher_sym.c index adddcb7..68a1f36 100644 --- a/src/hsm/cmd_cipher_sym.c +++ b/src/hsm/cmd_cipher_sym.c @@ -412,20 +412,21 @@ int cmd_cipher_sym() { res_APDU_size = keylen ? keylen : (apdu.ne > 0 && apdu.ne < 65536 ? apdu.ne : 32); } else if (memcmp(oid, OID_PKCS5_PBES2, oid_len) == 0) { + size_t olen = 0; mbedtls_asn1_buf params = - { .p = aad, .len = aad_len, .tag = (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) }; - int r = mbedtls_pkcs5_pbes2(¶ms, + {.p = aad, .len = aad_len, .tag = (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)}; + int r = mbedtls_pkcs5_pbes2_ext(¶ms, algo == ALGO_EXT_CIPHER_ENCRYPT ? MBEDTLS_PKCS5_ENCRYPT : MBEDTLS_PKCS5_DECRYPT, kdata, key_size, enc, enc_len, - res_APDU); + res_APDU, 4096, &olen); mbedtls_platform_zeroize(kdata, sizeof(kdata)); if (r != 0) { return SW_WRONG_DATA(); } - res_APDU_size = enc_len; + res_APDU_size = olen; } else if (memcmp(oid, OID_KDF_X963, oid_len) == 0) { mbedtls_md_type_t md_type = MBEDTLS_MD_SHA1;