diff --git a/libtomcrypt_VS2005.vcproj b/libtomcrypt_VS2005.vcproj
index 5f16e83..ec61129 100644
--- a/libtomcrypt_VS2005.vcproj
+++ b/libtomcrypt_VS2005.vcproj
@@ -1575,6 +1575,10 @@
RelativePath="src\pk\asn1\der\sequence\der_sequence_free.c"
>
+
+
+
+
diff --git a/libtomcrypt_VS2008.vcproj b/libtomcrypt_VS2008.vcproj
index 887f726..26c0efb 100644
--- a/libtomcrypt_VS2008.vcproj
+++ b/libtomcrypt_VS2008.vcproj
@@ -1816,6 +1816,10 @@
RelativePath="src\pk\asn1\der\sequence\der_sequence_free.c"
>
+
+
+
+
diff --git a/makefile b/makefile
index 6432b3f..140ef2b 100644
--- a/makefile
+++ b/makefile
@@ -141,8 +141,8 @@ src/pk/asn1/der/sequence/der_encode_sequence_ex.o \
src/pk/asn1/der/sequence/der_encode_sequence_multi.o \
src/pk/asn1/der/sequence/der_encode_subject_public_key_info.o \
src/pk/asn1/der/sequence/der_length_sequence.o src/pk/asn1/der/sequence/der_sequence_free.o \
-src/pk/asn1/der/set/der_encode_set.o src/pk/asn1/der/set/der_encode_setof.o \
-src/pk/asn1/der/short_integer/der_decode_short_integer.o \
+src/pk/asn1/der/sequence/der_sequence_shrink.o src/pk/asn1/der/set/der_encode_set.o \
+src/pk/asn1/der/set/der_encode_setof.o src/pk/asn1/der/short_integer/der_decode_short_integer.o \
src/pk/asn1/der/short_integer/der_encode_short_integer.o \
src/pk/asn1/der/short_integer/der_length_short_integer.o \
src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
@@ -168,10 +168,10 @@ src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1
src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \
src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
-src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_make_key.o \
-src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o \
-src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o \
-src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o
+src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_import_x509.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o \
+src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o \
+src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o
HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
diff --git a/makefile.icc b/makefile.icc
index 44664b0..e16d71c 100644
--- a/makefile.icc
+++ b/makefile.icc
@@ -198,8 +198,8 @@ src/pk/asn1/der/sequence/der_encode_sequence_ex.o \
src/pk/asn1/der/sequence/der_encode_sequence_multi.o \
src/pk/asn1/der/sequence/der_encode_subject_public_key_info.o \
src/pk/asn1/der/sequence/der_length_sequence.o src/pk/asn1/der/sequence/der_sequence_free.o \
-src/pk/asn1/der/set/der_encode_set.o src/pk/asn1/der/set/der_encode_setof.o \
-src/pk/asn1/der/short_integer/der_decode_short_integer.o \
+src/pk/asn1/der/sequence/der_sequence_shrink.o src/pk/asn1/der/set/der_encode_set.o \
+src/pk/asn1/der/set/der_encode_setof.o src/pk/asn1/der/short_integer/der_decode_short_integer.o \
src/pk/asn1/der/short_integer/der_encode_short_integer.o \
src/pk/asn1/der/short_integer/der_length_short_integer.o \
src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
@@ -225,10 +225,10 @@ src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1
src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \
src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
-src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_make_key.o \
-src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o \
-src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o \
-src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o
+src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_import_x509.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o \
+src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o \
+src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o
HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
diff --git a/makefile.mingw b/makefile.mingw
index c905256..12d4de2 100644
--- a/makefile.mingw
+++ b/makefile.mingw
@@ -134,8 +134,8 @@ src/pk/asn1/der/sequence/der_encode_sequence_ex.o \
src/pk/asn1/der/sequence/der_encode_sequence_multi.o \
src/pk/asn1/der/sequence/der_encode_subject_public_key_info.o \
src/pk/asn1/der/sequence/der_length_sequence.o src/pk/asn1/der/sequence/der_sequence_free.o \
-src/pk/asn1/der/set/der_encode_set.o src/pk/asn1/der/set/der_encode_setof.o \
-src/pk/asn1/der/short_integer/der_decode_short_integer.o \
+src/pk/asn1/der/sequence/der_sequence_shrink.o src/pk/asn1/der/set/der_encode_set.o \
+src/pk/asn1/der/set/der_encode_setof.o src/pk/asn1/der/short_integer/der_decode_short_integer.o \
src/pk/asn1/der/short_integer/der_encode_short_integer.o \
src/pk/asn1/der/short_integer/der_length_short_integer.o \
src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
@@ -161,10 +161,10 @@ src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1
src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \
src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
-src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_make_key.o \
-src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o \
-src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o \
-src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o
+src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_import_x509.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o \
+src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o \
+src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o
HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
diff --git a/makefile.msvc b/makefile.msvc
index 2b57246..80ac0cc 100644
--- a/makefile.msvc
+++ b/makefile.msvc
@@ -108,8 +108,8 @@ src/pk/asn1/der/sequence/der_encode_sequence_ex.obj \
src/pk/asn1/der/sequence/der_encode_sequence_multi.obj \
src/pk/asn1/der/sequence/der_encode_subject_public_key_info.obj \
src/pk/asn1/der/sequence/der_length_sequence.obj src/pk/asn1/der/sequence/der_sequence_free.obj \
-src/pk/asn1/der/set/der_encode_set.obj src/pk/asn1/der/set/der_encode_setof.obj \
-src/pk/asn1/der/short_integer/der_decode_short_integer.obj \
+src/pk/asn1/der/sequence/der_sequence_shrink.obj src/pk/asn1/der/set/der_encode_set.obj \
+src/pk/asn1/der/set/der_encode_setof.obj src/pk/asn1/der/short_integer/der_decode_short_integer.obj \
src/pk/asn1/der/short_integer/der_encode_short_integer.obj \
src/pk/asn1/der/short_integer/der_length_short_integer.obj \
src/pk/asn1/der/teletex_string/der_decode_teletex_string.obj \
@@ -135,10 +135,10 @@ src/pk/pkcs1/pkcs_1_oaep_decode.obj src/pk/pkcs1/pkcs_1_oaep_encode.obj src/pk/p
src/pk/pkcs1/pkcs_1_pss_decode.obj src/pk/pkcs1/pkcs_1_pss_encode.obj src/pk/pkcs1/pkcs_1_v1_5_decode.obj \
src/pk/pkcs1/pkcs_1_v1_5_encode.obj src/pk/rsa/rsa_decrypt_key.obj src/pk/rsa/rsa_encrypt_key.obj \
src/pk/rsa/rsa_export.obj src/pk/rsa/rsa_exptmod.obj src/pk/rsa/rsa_free.obj src/pk/rsa/rsa_get_size.obj \
-src/pk/rsa/rsa_import.obj src/pk/rsa/rsa_import_radix.obj src/pk/rsa/rsa_make_key.obj \
-src/pk/rsa/rsa_sign_hash.obj src/pk/rsa/rsa_sign_saltlen_get.obj src/pk/rsa/rsa_verify_hash.obj \
-src/prngs/fortuna.obj src/prngs/rc4.obj src/prngs/rng_get_bytes.obj src/prngs/rng_make_prng.obj \
-src/prngs/sober128.obj src/prngs/sprng.obj src/prngs/yarrow.obj
+src/pk/rsa/rsa_import.obj src/pk/rsa/rsa_import_radix.obj src/pk/rsa/rsa_import_x509.obj \
+src/pk/rsa/rsa_make_key.obj src/pk/rsa/rsa_sign_hash.obj src/pk/rsa/rsa_sign_saltlen_get.obj \
+src/pk/rsa/rsa_verify_hash.obj src/prngs/fortuna.obj src/prngs/rc4.obj src/prngs/rng_get_bytes.obj \
+src/prngs/rng_make_prng.obj src/prngs/sober128.obj src/prngs/sprng.obj src/prngs/yarrow.obj
HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
diff --git a/makefile.shared b/makefile.shared
index 763397c..0393caa 100644
--- a/makefile.shared
+++ b/makefile.shared
@@ -131,8 +131,8 @@ src/pk/asn1/der/sequence/der_encode_sequence_ex.o \
src/pk/asn1/der/sequence/der_encode_sequence_multi.o \
src/pk/asn1/der/sequence/der_encode_subject_public_key_info.o \
src/pk/asn1/der/sequence/der_length_sequence.o src/pk/asn1/der/sequence/der_sequence_free.o \
-src/pk/asn1/der/set/der_encode_set.o src/pk/asn1/der/set/der_encode_setof.o \
-src/pk/asn1/der/short_integer/der_decode_short_integer.o \
+src/pk/asn1/der/sequence/der_sequence_shrink.o src/pk/asn1/der/set/der_encode_set.o \
+src/pk/asn1/der/set/der_encode_setof.o src/pk/asn1/der/short_integer/der_decode_short_integer.o \
src/pk/asn1/der/short_integer/der_encode_short_integer.o \
src/pk/asn1/der/short_integer/der_length_short_integer.o \
src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
@@ -158,10 +158,10 @@ src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1
src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \
src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
-src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_make_key.o \
-src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o \
-src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o \
-src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o
+src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_import_x509.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o \
+src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o \
+src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o
HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
diff --git a/makefile.unix b/makefile.unix
index 9e7c8f9..59a3481 100644
--- a/makefile.unix
+++ b/makefile.unix
@@ -139,8 +139,8 @@ src/pk/asn1/der/sequence/der_encode_sequence_ex.o \
src/pk/asn1/der/sequence/der_encode_sequence_multi.o \
src/pk/asn1/der/sequence/der_encode_subject_public_key_info.o \
src/pk/asn1/der/sequence/der_length_sequence.o src/pk/asn1/der/sequence/der_sequence_free.o \
-src/pk/asn1/der/set/der_encode_set.o src/pk/asn1/der/set/der_encode_setof.o \
-src/pk/asn1/der/short_integer/der_decode_short_integer.o \
+src/pk/asn1/der/sequence/der_sequence_shrink.o src/pk/asn1/der/set/der_encode_set.o \
+src/pk/asn1/der/set/der_encode_setof.o src/pk/asn1/der/short_integer/der_decode_short_integer.o \
src/pk/asn1/der/short_integer/der_encode_short_integer.o \
src/pk/asn1/der/short_integer/der_length_short_integer.o \
src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
@@ -166,10 +166,10 @@ src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1
src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \
src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
-src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_make_key.o \
-src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o \
-src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o \
-src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o
+src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_import_x509.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o \
+src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o \
+src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o
HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h
index ad5efc0..be19bad 100644
--- a/src/headers/tomcrypt_pk.h
+++ b/src/headers/tomcrypt_pk.h
@@ -107,6 +107,7 @@ int rsa_sign_saltlen_get_max_ex(int padding, int hash_idx, rsa_key *key);
int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key);
int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key);
+int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key);
int rsa_import_radix(int radix, char *N, char *e, char *d, char *p, char *q, char *dP, char *dQ, char *qP, rsa_key *key);
#endif
@@ -540,6 +541,7 @@ int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...)
int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out);
#define der_free_sequence_flexi der_sequence_free
void der_sequence_free(ltc_asn1_list *in);
+void der_sequence_shrink(ltc_asn1_list *in);
/* BOOLEAN */
int der_length_boolean(unsigned long *outlen);
diff --git a/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c b/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c
index caad485..5435381 100644
--- a/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c
+++ b/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c
@@ -53,6 +53,25 @@ static unsigned long fetch_length(const unsigned char *in, unsigned long inlen,
return z+*data_offset;
}
+static int new_element(ltc_asn1_list **l)
+{
+ /* alloc new link */
+ if (*l == NULL) {
+ *l = XCALLOC(1, sizeof(ltc_asn1_list));
+ if (*l == NULL) {
+ return CRYPT_MEM;
+ }
+ } else {
+ (*l)->next = XCALLOC(1, sizeof(ltc_asn1_list));
+ if ((*l)->next == NULL) {
+ return CRYPT_MEM;
+ }
+ (*l)->next->prev = *l;
+ *l = (*l)->next;
+ }
+ return CRYPT_OK;
+}
+
/**
ASN.1 DER Flexi(ble) decoder will decode arbitrary DER packets and create a linked list of the decoded elements.
@param in The input buffer
@@ -73,6 +92,13 @@ int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc
l = NULL;
totlen = 0;
+ if (*inlen == 0) {
+ /* alloc new link */
+ if ((err = new_element(&l)) != CRYPT_OK) {
+ goto error;
+ }
+ }
+
/* scan the input and and get lengths and what not */
while (*inlen) {
/* read the type byte */
@@ -86,20 +112,8 @@ int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc
}
/* alloc new link */
- if (l == NULL) {
- l = XCALLOC(1, sizeof(*l));
- if (l == NULL) {
- err = CRYPT_MEM;
- goto error;
- }
- } else {
- l->next = XCALLOC(1, sizeof(*l));
- if (l->next == NULL) {
- err = CRYPT_MEM;
- goto error;
- }
- l->next->prev = l;
- l = l->next;
+ if ((err = new_element(&l)) != CRYPT_OK) {
+ goto error;
}
if ((type & 0x20) && (type != 0x30) && (type != 0x31)) {
@@ -348,6 +362,15 @@ int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc
l->type = LTC_ASN1_SET;
}
+ if ((l->data = XMALLOC(len)) == NULL) {
+ err = CRYPT_MEM;
+ goto error;
+ }
+
+ XMEMCPY(l->data, in, len);
+ l->size = len;
+
+
/* jump to the start of the data */
in += data_offset;
*inlen -= data_offset;
diff --git a/src/pk/asn1/der/sequence/der_sequence_free.c b/src/pk/asn1/der/sequence/der_sequence_free.c
index e849483..4600d5f 100644
--- a/src/pk/asn1/der/sequence/der_sequence_free.c
+++ b/src/pk/asn1/der/sequence/der_sequence_free.c
@@ -46,9 +46,7 @@ void der_sequence_free(ltc_asn1_list *in)
}
switch (in->type) {
- case LTC_ASN1_SET:
- case LTC_ASN1_SETOF:
- case LTC_ASN1_SEQUENCE: break;
+ case LTC_ASN1_SETOF: break;
case LTC_ASN1_INTEGER : if (in->data != NULL) { mp_clear(in->data); } break;
default : if (in->data != NULL) { XFREE(in->data); }
}
diff --git a/src/pk/asn1/der/sequence/der_sequence_shrink.c b/src/pk/asn1/der/sequence/der_sequence_shrink.c
new file mode 100644
index 0000000..227576d
--- /dev/null
+++ b/src/pk/asn1/der/sequence/der_sequence_shrink.c
@@ -0,0 +1,52 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
+ */
+#include "tomcrypt.h"
+
+/**
+ @file der_sequence_shrink.c
+ Free memory allocated for CONSTRUCTED, SET or SEQUENCE elements by der_decode_sequence_flexi(), Steffen Jaeckel
+*/
+
+#ifdef LTC_DER
+
+/**
+ Free memory allocated for CONSTRUCTED,
+ SET or SEQUENCE elements by der_decode_sequence_flexi()
+ @param in The list to shrink
+*/
+void der_sequence_shrink(ltc_asn1_list *in)
+{
+ if (!in) return;
+
+ /* now walk the list and free stuff */
+ while (in != NULL) {
+ /* is there a child? */
+ if (in->child) {
+ der_sequence_shrink(in->child);
+ }
+
+ switch (in->type) {
+ case LTC_ASN1_CONSTRUCTED:
+ case LTC_ASN1_SET:
+ case LTC_ASN1_SEQUENCE : if (in->data != NULL) { XFREE(in->data); in->data = NULL; } break;
+ default: break;
+ }
+
+ /* move to next and free current */
+ in = in->next;
+ }
+}
+
+#endif
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */
diff --git a/src/pk/rsa/rsa_free.c b/src/pk/rsa/rsa_free.c
index 702116a..57da74c 100644
--- a/src/pk/rsa/rsa_free.c
+++ b/src/pk/rsa/rsa_free.c
@@ -24,7 +24,7 @@
void rsa_free(rsa_key *key)
{
LTC_ARGCHKVD(key != NULL);
- mp_clear_multi(key->e, key->d, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL);
+ mp_clear_multi(key->q, key->p, key->qP, key->dP, key->dQ, key->N, key->d, key->e, NULL);
}
#endif
diff --git a/src/pk/rsa/rsa_import_x509.c b/src/pk/rsa/rsa_import_x509.c
new file mode 100644
index 0000000..cf4a19f
--- /dev/null
+++ b/src/pk/rsa/rsa_import_x509.c
@@ -0,0 +1,120 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
+ */
+#include "tomcrypt.h"
+
+/**
+ @file rsa_import.c
+ Import an RSA key from a X.509 certificate, Steffen Jaeckel
+*/
+
+#ifdef LTC_MRSA
+
+/**
+ Import an RSA key from a X.509 certificate
+ @param in The packet to import from
+ @param inlen It's length (octets)
+ @param key [out] Destination for newly imported key
+ @return CRYPT_OK if successful, upon error allocated memory is freed
+*/
+int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key)
+{
+ int err;
+ unsigned char *tmpbuf=NULL;
+ unsigned long tmpbuf_len, tmp_inlen;
+ ltc_asn1_list *decoded_list = NULL, *l;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(ltc_mp.name != NULL);
+
+ /* init key */
+ if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ,
+ &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) {
+ return err;
+ }
+
+ tmpbuf_len = MAX_RSA_SIZE * 8;
+ tmpbuf = XCALLOC(1, tmpbuf_len);
+ if (tmpbuf == NULL) {
+ err = CRYPT_MEM;
+ goto LBL_ERR;
+ }
+
+ tmp_inlen = inlen;
+ if ((err = der_decode_sequence_flexi(in, &tmp_inlen, &decoded_list)) == CRYPT_OK) {
+ l = decoded_list;
+ /* Move 2 levels up in the tree
+ SEQUENCE
+ SEQUENCE
+ ...
+ */
+ if (l->type == LTC_ASN1_SEQUENCE && l->child) {
+ l = l->child;
+ if (l->type == LTC_ASN1_SEQUENCE && l->child) {
+ l = l->child;
+
+ err = CRYPT_ERROR;
+
+ /* Move forward in the tree until we find this combination
+ ...
+ SEQUENCE
+ SEQUENCE
+ OBJECT IDENTIFIER 1.2.840.113549.1.1.1
+ NULL
+ BIT STRING
+ */
+ do {
+ /* The additional check for l->data is there to make sure
+ * we won't try to decode a list that has been 'shrunk'
+ */
+ if (l->type == LTC_ASN1_SEQUENCE && l->data && l->child &&
+ l->child->type == LTC_ASN1_SEQUENCE && l->child->child &&
+ l->child->child->type == LTC_ASN1_OBJECT_IDENTIFIER && l->child->next &&
+ l->child->next->type == LTC_ASN1_BIT_STRING) {
+ err = der_decode_subject_public_key_info(l->data, l->size,
+ PKA_RSA, tmpbuf, &tmpbuf_len,
+ LTC_ASN1_NULL, NULL, 0);
+ if (err == CRYPT_OK) {
+ /* now it should be SEQUENCE { INTEGER, INTEGER } */
+ if ((err = der_decode_sequence_multi(tmpbuf, tmpbuf_len,
+ LTC_ASN1_INTEGER, 1UL, key->N,
+ LTC_ASN1_INTEGER, 1UL, key->e,
+ LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ key->type = PK_PUBLIC;
+ err = CRYPT_OK;
+ goto LBL_FREE;
+ }
+ }
+ l = l->next;
+ } while(l);
+ }
+ }
+ }
+
+
+LBL_ERR:
+ rsa_free(key);
+
+LBL_FREE:
+ if (decoded_list) der_free_sequence_flexi(decoded_list);
+ if (tmpbuf != NULL) XFREE(tmpbuf);
+
+ return err;
+}
+
+#endif /* LTC_MRSA */
+
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */
diff --git a/testprof/der_tests.c b/testprof/der_tests.c
index 7ce6273..dcaf1b2 100644
--- a/testprof/der_tests.c
+++ b/testprof/der_tests.c
@@ -13,7 +13,36 @@ int der_tests(void)
#else
-static const unsigned char _der_tests_cacert_root_cert[] =
+static const unsigned char _der_tests_stinky_root_cert[] =
+ "MIIFETCCA/mgAwIBAgIQbv53JNmv518t5lkCHE272jANBgkqhkiG9w0BAQUFADCB\
+ lTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug\
+ Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho\
+ dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHTAbBgNVBAMTFFVUTi1VU0VSRmlyc3Qt\
+ T2JqZWN0MB4XDTA4MDQyOTAwMDAwMFoXDTEwMDQyOTIzNTk1OVowgbUxCzAJBgNV\
+ BAYTAlVTMQ4wDAYDVQQRDAU0NDE0MzELMAkGA1UECAwCT0gxGTAXBgNVBAcMEE1h\
+ eWZpZWxkIFZpbGxhZ2UxEDAOBgNVBAkMB1N1aXRlIEExFDASBgNVBAkMCzc2NyBC\
+ ZXRhIERyMSIwIAYDVQQKDBlQcmVlbXB0aXZlIFNvbHV0aW9ucywgTExDMSIwIAYD\
+ VQQDDBlQcmVlbXB0aXZlIFNvbHV0aW9ucywgTExDMIIBIjANBgkqhkiG9w0BAQEF\
+ AAOCAQ8AMIIBCgKCAQEAzH7ZBkMcBuHx8d2f10RGTHAf7gzzVteGbOihJGH2BwlS\
+ ZvNp6WEE4DfL+s1vp0wzk1XeLN5tRjg2qum9YqyCk7okh7pXGy46f5mWbLQiefGA\
+ j5UXRcr6WJ3xeACdbXxKrYMV0REia+4Jb2UbFA8S81PjhRon6vcRz76ziUWwt8NC\
+ igX+4ZC0skhhKzKszel6KGL7bJCtLG7ukw9DZCrvPCRcKFeM/GwQ6ACMgP88CSCL\
+ t1fbIXDH1vd/x2XM3QlaSDN6hYDbef8m1T+9TCkXVKeqG1GYjSUrHzYnCZUmTRrR\
+ 38jgC3qXxiIpDKW105uM0nlXe2XF9c+ot2MdWvV4TwIDAQABo4IBOTCCATUwHwYD\
+ VR0jBBgwFoAU2u1kdBScFDyr3ZmpvVsoTYs8ydgwHQYDVR0OBBYEFK+1HzZE4i28\
+ oLIzuqlFR9SspiCIMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMBMGA1Ud\
+ JQQMMAoGCCsGAQUFBwMDMBEGCWCGSAGG+EIBAQQEAwIEEDBGBgNVHSAEPzA9MDsG\
+ DCsGAQQBsjEBAgEDAjArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21v\
+ ZG8ubmV0L0NQUzBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY3JsLnVzZXJ0cnVz\
+ dC5jb20vVVROLVVTRVJGaXJzdC1PYmplY3QuY3JsMCEGA1UdEQQaMBiBFnN1cHBv\
+ cnRAcHJlZW1wdGl2ZS5jb20wDQYJKoZIhvcNAQEFBQADggEBAC+JM26Dokvonudl\
+ JXe/Yun7IBhimkagZUjbk9l/GQWN6i+v1o95UJ1wGJtBdm2+MxbSaPoNTDZR4B+2\
+ lYL9MW57UVmePrnfUPXQKZZG+8gTRDz8+7ol/CEAKmS3MLKCRcH5oe+J5345sGxi\
+ FC/KWNKedTNraW95xlg8NTlL2yRP7TMsjvBxgLmkbaFUoXzPTbQWmtovIagIT8GC\
+ JeXwdFaRjbamiz3Irl+u7x/mhxdza6RvgBYylXRFMudANpeGsV7gDXlnfzpFDKHQ\
+ niVwB7P5sbPFIlmIc+4/xRItkLIRjCVXaepgN9KYu3VOgiSDI6wXiTwP44/LUXQM\
+ hetwa7s=";
+const unsigned char _der_tests_cacert_root_cert[] =
"MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\
IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\
IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\
@@ -53,6 +82,7 @@ static const unsigned char _der_tests_cacert_root_cert[] =
GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\
zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\
omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD";
+const unsigned long _der_tests_cacert_root_cert_size = sizeof(_der_tests_cacert_root_cert);
/*
SEQUENCE(3 elem)
@@ -195,6 +225,8 @@ SEQUENCE(3 elem)
#define CHECK_ASN1_HAS_NO_CHILD(l) __CHECK_ASN1_HAS_NO(l, child)
#define CHECK_ASN1_HAS_NEXT(l) __CHECK_ASN1_HAS(l, next)
#define CHECK_ASN1_HAS_NO_NEXT(l) __CHECK_ASN1_HAS_NO(l, next)
+#define CHECK_ASN1_HAS_DATA(l) __CHECK_ASN1_HAS(l, data)
+#define CHECK_ASN1_HAS_NO_DATA(l) __CHECK_ASN1_HAS_NO(l, data)
#ifdef LTC_DER_TESTS_PRINT_FLEXI
static void _der_tests_print_flexi(ltc_asn1_list* l, unsigned int level)
@@ -392,9 +424,22 @@ static void der_cacert_test(void)
ltc_asn1_list *decoded_list, *l, *l1, *l2;
+ DO(base64_decode(_der_tests_stinky_root_cert, sizeof(_der_tests_stinky_root_cert), buf, &len1));
+ len2 = len1;
+ DO(der_decode_sequence_flexi(buf, &len2, &decoded_list));
+ der_free_sequence_flexi(decoded_list);
+
+ len1 = sizeof(buf);
DO(base64_decode(_der_tests_cacert_root_cert, sizeof(_der_tests_cacert_root_cert), buf, &len1));
len2 = len1;
DO(der_decode_sequence_flexi(buf, &len2, &decoded_list));
+ CHECK_ASN1_TYPE(decoded_list, LTC_ASN1_SEQUENCE);
+ CHECK_ASN1_HAS_DATA(decoded_list);
+
+ der_sequence_shrink(decoded_list);
+
+ CHECK_ASN1_TYPE(decoded_list, LTC_ASN1_SEQUENCE);
+ CHECK_ASN1_HAS_NO_DATA(decoded_list);
#ifdef LTC_DER_TESTS_PRINT_FLEXI
printf("\n\n--- test print start ---\n\n");
diff --git a/testprof/rsa_test.c b/testprof/rsa_test.c
index c7f1dcb..8bc372f 100644
--- a/testprof/rsa_test.c
+++ b/testprof/rsa_test.c
@@ -93,6 +93,9 @@ static const unsigned char openssl_public_rsa_stripped[] = {
0x60, 0x3f, 0x8b, 0x54, 0x3a, 0xc3, 0x4d, 0x31, 0xe7, 0x94, 0xa4, 0x44, 0xfd, 0x02, 0x03, 0x01,
0x00, 0x01, };
+extern const unsigned char _der_tests_cacert_root_cert[];
+extern const unsigned long _der_tests_cacert_root_cert_size;
+
static int rsa_compat_test(void)
{
rsa_key key;
@@ -195,7 +198,7 @@ static int rsa_compat_test(void)
int rsa_test(void)
{
- unsigned char in[1024], out[1024], tmp[1024];
+ unsigned char in[1024], out[1024], tmp[3072];
rsa_key key, privKey, pubKey;
int hash_idx, prng_idx, stat, stat2, i, err;
unsigned long rsa_msgsize, len, len2, len3, cnt, cnt2;
@@ -537,6 +540,11 @@ for (cnt = 0; cnt < len; ) {
DOX(stat == 0?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, "should fail");
}
+ len3 = sizeof(tmp);
+ DO(base64_decode(_der_tests_cacert_root_cert, _der_tests_cacert_root_cert_size, tmp, &len3));
+
+ DO(rsa_import_x509(tmp, len3, &key));
+
/* free the key and return */
rsa_free(&key);
rsa_free(&pubKey);