From 8e960eb67c3c3974f4eca34e1fe733791f70ca09 Mon Sep 17 00:00:00 2001
From: Michael Brown
Date: Tue, 10 Feb 2009 17:37:24 +0000
Subject: [tls] Use our own ASN.1 routines for certificate parsing

Use our own, more robust, ASN.1 parsing routines to extract the RSA
public key from a server certificate.  Remove the now-unused AXTLS
ASN.1 parser.
---
 src/include/gpxe/asn1.h    |  6 +++---
 src/include/gpxe/errfile.h |  1 +
 src/include/gpxe/tls.h     |  6 ++----
 src/include/gpxe/x509.h    | 39 +++++++++++++++++++++++++++++++++++++++
 4 files changed, 45 insertions(+), 7 deletions(-)
 create mode 100644 src/include/gpxe/x509.h

(limited to 'src/include')

diff --git a/src/include/gpxe/asn1.h b/src/include/gpxe/asn1.h
index 1ad90050e..5440c48ca 100644
--- a/src/include/gpxe/asn1.h
+++ b/src/include/gpxe/asn1.h
@@ -21,12 +21,12 @@
  */
 struct asn1_cursor {
 	/** Start of data */
-	uint8_t *data;
+	void *data;
 	/** Length of data */
 	size_t len;
 };
 
-extern int asn1_enter_object ( struct asn1_cursor *cursor, unsigned int type );
-extern int asn1_skip_object ( struct asn1_cursor *cursor, unsigned int type );
+extern int asn1_enter ( struct asn1_cursor *cursor, unsigned int type );
+extern int asn1_skip ( struct asn1_cursor *cursor, unsigned int type );
 
 #endif /* _GPXE_ASN1_H */
diff --git a/src/include/gpxe/errfile.h b/src/include/gpxe/errfile.h
index df3717f19..4809e50c9 100644
--- a/src/include/gpxe/errfile.h
+++ b/src/include/gpxe/errfile.h
@@ -168,6 +168,7 @@
 #define ERRFILE_smbios_settings	      ( ERRFILE_OTHER | 0x00130000 )
 #define ERRFILE_efi_smbios	      ( ERRFILE_OTHER | 0x00140000 )
 #define ERRFILE_pxemenu		      ( ERRFILE_OTHER | 0x00150000 )
+#define ERRFILE_x509		      ( ERRFILE_OTHER | 0x00160000 )
 
 /** @} */
 
diff --git a/src/include/gpxe/tls.h b/src/include/gpxe/tls.h
index 39109452f..182bc49da 100644
--- a/src/include/gpxe/tls.h
+++ b/src/include/gpxe/tls.h
@@ -14,6 +14,7 @@
 #include <gpxe/crypto.h>
 #include <gpxe/md5.h>
 #include <gpxe/sha1.h>
+#include <gpxe/x509.h>
 
 /** A TLS header */
 struct tls_header {
@@ -157,10 +158,7 @@ struct tls_session {
 	uint8_t handshake_sha1_ctx[SHA1_CTX_SIZE];
 
 	/** Hack: server RSA public key */
-	uint8_t *rsa_mod;
-	size_t rsa_mod_len;
-	uint8_t *rsa_pub_exp;
-	size_t rsa_pub_exp_len;
+	struct x509_rsa_public_key rsa;
 
 	/** TX sequence number */
 	uint64_t tx_seq;
diff --git a/src/include/gpxe/x509.h b/src/include/gpxe/x509.h
new file mode 100644
index 000000000..071e1de56
--- /dev/null
+++ b/src/include/gpxe/x509.h
@@ -0,0 +1,39 @@
+#ifndef _GPXE_X509_H
+#define _GPXE_X509_H
+
+/** @file
+ *
+ * X.509 certificates
+ *
+ */
+
+#include <stdint.h>
+
+struct asn1_cursor;
+
+/** An X.509 RSA public key */
+struct x509_rsa_public_key {
+	/** Modulus */
+	uint8_t *modulus;
+	/** Modulus length */
+	size_t modulus_len;
+	/** Exponent */
+	uint8_t *exponent;
+	/** Exponent length */
+	size_t exponent_len;
+};
+
+/**
+ * Free X.509 RSA public key
+ *
+ * @v rsa_pubkey	RSA public key
+ */
+static inline void
+x509_free_rsa_public_key ( struct x509_rsa_public_key *rsa_pubkey ) {
+	free ( rsa_pubkey->modulus );
+}
+
+extern int x509_rsa_public_key ( const struct asn1_cursor *certificate,
+				 struct x509_rsa_public_key *rsa_pubkey );
+
+#endif /* _GPXE_X509_H */
-- 
cgit v1.2.3-55-g7522