TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 4cc6522a85473e6ae49e1558988cde408739305e^! / . / library
commit4cc6522a85473e6ae49e1558988cde408739305e[log] [tgz]
authorValerio Setti <valerio.setti@nordicsemi.no>Fri Feb 16 14:40:42 2024 +0100
committerValerio Setti <valerio.setti@nordicsemi.no>Fri Feb 16 15:26:12 2024 +0100
treeb776bbadcbec9f8b95751b3926fcd55c6d46a197
parent8aff4ef274688be38423820091895a2f30187f28 [diff]
pem: do not parse ASN1 data after decryption (removes ASN1 dependency)

Now that we have padding verification after decryption and since
this can be used to validate the password as well there is no
need to parse ASN1 content any more, so we can simplify/remove
that dependency.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>

diff --git a/library/asn1parse.c b/library/asn1parse.c
index 644b43b..e33fdf7 100644
--- a/library/asn1parse.c
+++ b/library/asn1parse.c

@@ -8,7 +8,7 @@
 #include "common.h"
 
 #if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C) || \
-    defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) || defined(MBEDTLS_PEM_PARSE_C)
+    defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA)
 
 #include "mbedtls/asn1.h"
 #include "mbedtls/platform_util.h"
@@ -74,8 +74,7 @@
 
     return mbedtls_asn1_get_len(p, end, len);
 }
-#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C ||
-          MBEDTLS_PSA_UTIL_HAVE_ECDSA || MBEDTLS_PEM_PARSE_C */
+#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA */
 
 #if defined(MBEDTLS_ASN1_PARSE_C)
 int mbedtls_asn1_get_bool(unsigned char **p,

diff --git a/library/pem.c b/library/pem.c
index 3f01d3b..48180ee 100644
--- a/library/pem.c
+++ b/library/pem.c

@@ -17,7 +17,6 @@
 #include "mbedtls/cipher.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"
-#include "mbedtls/asn1.h"
 
 #include <string.h>
 
@@ -466,28 +465,6 @@
             mbedtls_zeroize_and_free(buf, len);
             return ret;
         }
-
-        /*
-         * In RFC1421 PEM is used as container for DER (ASN.1) content so we
-         * can use ASN.1 functions to parse the main SEQUENCE tag and to get its
-         * length.
-         */
-        unsigned char *p = buf;
-        size_t sequence_len;
-        ret = mbedtls_asn1_get_tag(&p, buf + len, &sequence_len,
-                                   MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED);
-        if (ret != 0) {
-            mbedtls_free(buf);
-            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret);
-        }
-        /* Add also the sequence block (tag + len) to the total amount of valid data. */
-        sequence_len += (p - buf);
-
-        /* Ensure that the reported SEQUENCE length matches the data len (i.e. no
-         * trailing garbage data). */
-        if (len != sequence_len) {
-            return MBEDTLS_ERR_PEM_BAD_INPUT_DATA;
-        }
 #else
         mbedtls_zeroize_and_free(buf, len);
         return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE;