pem: do not parse ASN1 data after decryption (removes ASN1 dependency)

Now that we have padding verification after decryption and since this can be used to validate the password as well there is no need to parse ASN1 content any more, so we can simplify/remove that dependency. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-07-29 11:41:15 +03:00 · 2024-02-16 14:40:42 +01:00
parent 8aff4ef274
commit 4cc6522a85
6 changed files with 8 additions and 42 deletions
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@ -198,7 +198,7 @@ typedef struct mbedtls_asn1_named_data {
 mbedtls_asn1_named_data;

 #if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C) || \
-    defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) || defined(MBEDTLS_PEM_PARSE_C)
+    defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA)
 /**
 * \brief       Get the length of an ASN.1 element.
 *              Updates the pointer to immediately behind the length.
@ -245,8 +245,7 @@ int mbedtls_asn1_get_len(unsigned char **p,
 int mbedtls_asn1_get_tag(unsigned char **p,
                         const unsigned char *end,
                         size_t *len, int tag);
-#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C ||
-          MBEDTLS_PSA_UTIL_HAVE_ECDSA || MBEDTLS_PEM_PARSE_C */
+#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA */

 #if defined(MBEDTLS_ASN1_PARSE_C)
 /**