From df6577b55b5f13ec91b7890dcc528bc15de52d83 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 23 May 2019 16:31:05 +0200 Subject: [PATCH] update rsa_import_x509() --- src/pk/rsa/rsa_import_x509.c | 86 +++++++----------------------------- 1 file changed, 16 insertions(+), 70 deletions(-) diff --git a/src/pk/rsa/rsa_import_x509.c b/src/pk/rsa/rsa_import_x509.c index c615b7720..5220ae389 100644 --- a/src/pk/rsa/rsa_import_x509.c +++ b/src/pk/rsa/rsa_import_x509.c @@ -15,6 +15,15 @@ #ifdef LTC_MRSA +static int _rsa_decode(const unsigned char *in, unsigned long inlen, rsa_key *key) +{ + /* now it should be SEQUENCE { INTEGER, INTEGER } */ + return der_decode_sequence_multi(in, inlen, + LTC_ASN1_INTEGER, 1UL, key->N, + LTC_ASN1_INTEGER, 1UL, key->e, + LTC_ASN1_EOL, 0UL, NULL); +} + /** Import an RSA key from a X.509 certificate @param in The packet to import from @@ -25,9 +34,6 @@ int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key) { int err; - unsigned char *tmpbuf; - unsigned long tmpbuf_len, tmp_inlen, len; - ltc_asn1_list *decoded_list = NULL, *l; LTC_ARGCHK(in != NULL); LTC_ARGCHK(key != NULL); @@ -39,75 +45,15 @@ int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key) return err; } - tmpbuf_len = inlen; - tmpbuf = XCALLOC(1, tmpbuf_len); - if (tmpbuf == NULL) { - err = CRYPT_MEM; - goto LBL_ERR; - } - - tmp_inlen = inlen; - if ((err = der_decode_sequence_flexi(in, &tmp_inlen, &decoded_list)) == CRYPT_OK) { - l = decoded_list; - /* Move 2 levels up in the tree - SEQUENCE - SEQUENCE - ... - */ - if (l->type == LTC_ASN1_SEQUENCE && l->child) { - l = l->child; - if (l->type == LTC_ASN1_SEQUENCE && l->child) { - l = l->child; - - err = CRYPT_ERROR; - - /* Move forward in the tree until we find this combination - ... - SEQUENCE - SEQUENCE - OBJECT IDENTIFIER 1.2.840.113549.1.1.1 - NULL - BIT STRING - */ - do { - /* The additional check for l->data is there to make sure - * we won't try to decode a list that has been 'shrunk' - */ - if (l->type == LTC_ASN1_SEQUENCE && l->data && l->child && - l->child->type == LTC_ASN1_SEQUENCE && l->child->child && - l->child->child->type == LTC_ASN1_OBJECT_IDENTIFIER && l->child->next && - l->child->next->type == LTC_ASN1_BIT_STRING) { - len = 0; - err = x509_decode_subject_public_key_info(l->data, l->size, - PKA_RSA, tmpbuf, &tmpbuf_len, - LTC_ASN1_NULL, NULL, &len); - if (err == CRYPT_OK) { - /* now it should be SEQUENCE { INTEGER, INTEGER } */ - if ((err = der_decode_sequence_multi(tmpbuf, tmpbuf_len, - LTC_ASN1_INTEGER, 1UL, key->N, - LTC_ASN1_INTEGER, 1UL, key->e, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto LBL_ERR; - } - key->type = PK_PUBLIC; - err = CRYPT_OK; - goto LBL_FREE; - } - } - l = l->next; - } while(l); - } - } + if ((err = x509_decode_public_key_from_certificate(in, inlen, + PKA_RSA, LTC_ASN1_NULL, + NULL, NULL, + (public_key_decode_cb)_rsa_decode, key)) != CRYPT_OK) { + rsa_free(key); + } else { + key->type = PK_PUBLIC; } - -LBL_ERR: - rsa_free(key); - -LBL_FREE: - if (decoded_list) der_free_sequence_flexi(decoded_list); - if (tmpbuf != NULL) XFREE(tmpbuf); - return err; }