diff options
| author | Michael Brown <mcb30@etherboot.org> | 2009-02-10 17:37:24 +0000 |
|---|---|---|
| committer | Michael Brown <mcb30@etherboot.org> | 2009-02-10 18:30:17 +0000 |
| commit | 8e960eb67c3c3974f4eca34e1fe733791f70ca09 (patch) | |
| tree | f068d9b2dec5d41a6f20942b40fd778e4a1ce952 /src/crypto/asn1.c | |
| parent | 5a99c586cfff4c01b5b2bb2da6637b4913ebbc75 (diff) | |
| download | ipxe-8e960eb67c3c3974f4eca34e1fe733791f70ca09.tar.gz | |
[tls] Use our own ASN.1 routines for certificate parsing
Use our own, more robust, ASN.1 parsing routines to extract the RSA
public key from a server certificate. Remove the now-unused AXTLS
ASN.1 parser.
Diffstat (limited to 'src/crypto/asn1.c')
| -rw-r--r-- | src/crypto/asn1.c | 31 |
1 files changed, 18 insertions, 13 deletions
diff --git a/src/crypto/asn1.c b/src/crypto/asn1.c index 0a69162a8..25e7495bd 100644 --- a/src/crypto/asn1.c +++ b/src/crypto/asn1.c @@ -32,7 +32,7 @@ * * @v cursor ASN.1 object cursor * @v type Expected type - * @ret len Length of object body, or -1 on error + * @ret len Length of object body, or negative error * * The object cursor will be updated to point to the start of the * object body (i.e. the first byte following the length byte(s)), and @@ -44,29 +44,32 @@ * the cursor will be invalidated and a negative value will be * returned. */ -static int asn1_start_object ( struct asn1_cursor *cursor, +static int asn1_start ( struct asn1_cursor *cursor, unsigned int type ) { unsigned int len_len; unsigned int len; + int rc; /* Sanity check */ if ( cursor->len < 2 /* Tag byte and first length byte */ ) { if ( cursor->len ) DBGC ( cursor, "ASN1 %p too short\n", cursor ); + rc = -EINVAL; goto notfound; } /* Check the tag byte */ - if ( cursor->data[0] != type ) { + if ( *( ( uint8_t * ) cursor->data ) != type ) { DBGC ( cursor, "ASN1 %p type mismatch (expected %d, got %d)\n", - cursor, type, cursor->data[0] ); + cursor, type, *( ( uint8_t * ) cursor->data ) ); + rc = -ENXIO; goto notfound; } cursor->data++; cursor->len--; /* Extract length of the length field and sanity check */ - len_len = cursor->data[0]; + len_len = *( ( uint8_t * ) cursor->data ); if ( len_len & 0x80 ) { len_len = ( len_len & 0x7f ); cursor->data++; @@ -77,19 +80,21 @@ static int asn1_start_object ( struct asn1_cursor *cursor, if ( cursor->len < len_len ) { DBGC ( cursor, "ASN1 %p bad length field length %d (max " "%zd)\n", cursor, len_len, cursor->len ); + rc = -EINVAL; goto notfound; } /* Extract the length and sanity check */ for ( len = 0 ; len_len ; len_len-- ) { len <<= 8; - len |= cursor->data[0]; + len |= *( ( uint8_t * ) cursor->data ); cursor->data++; cursor->len--; } if ( cursor->len < len ) { DBGC ( cursor, "ASN1 %p bad length %d (max %zd)\n", cursor, len, cursor->len ); + rc = -EINVAL; goto notfound; } @@ -98,7 +103,7 @@ static int asn1_start_object ( struct asn1_cursor *cursor, notfound: cursor->data = NULL; cursor->len = 0; - return -1; + return rc; } /** @@ -112,12 +117,12 @@ static int asn1_start_object ( struct asn1_cursor *cursor, * current ASN.1 object. If any error occurs, the object cursor will * be invalidated. */ -int asn1_enter_object ( struct asn1_cursor *cursor, unsigned int type ) { +int asn1_enter ( struct asn1_cursor *cursor, unsigned int type ) { int len; - len = asn1_start_object ( cursor, type ); + len = asn1_start ( cursor, type ); if ( len < 0 ) - return -ENOENT; + return len; cursor->len = len; DBGC ( cursor, "ASN1 %p entered object type %02x (len %x)\n", @@ -137,12 +142,12 @@ int asn1_enter_object ( struct asn1_cursor *cursor, unsigned int type ) { * object. If any error occurs, the object cursor will be * invalidated. */ -int asn1_skip_object ( struct asn1_cursor *cursor, unsigned int type ) { +int asn1_skip ( struct asn1_cursor *cursor, unsigned int type ) { int len; - len = asn1_start_object ( cursor, type ); + len = asn1_start ( cursor, type ); if ( len < 0 ) - return -ENOENT; + return len; cursor->data += len; cursor->len -= len; |