[tls] Use our own ASN.1 routines for certificate parsing

Use our own, more robust, ASN.1 parsing routines to extract the RSA public key from a server certificate. Remove the now-unused AXTLS ASN.1 parser.
2025-12-24 06:22:59 +03:00 · 2009-02-10 17:37:24 +00:00
parent 5a99c586cf
commit 8e960eb67c
8 changed files with 353 additions and 953 deletions
--- a/src/include/gpxe/asn1.h
+++ b/src/include/gpxe/asn1.h
@@ -21,12 +21,12 @@
 */
 struct asn1_cursor {
 	/** Start of data */
-	uint8_t *data;
+	void *data;
 	/** Length of data */
 	size_t len;
 };

-extern int asn1_enter_object ( struct asn1_cursor *cursor, unsigned int type );
-extern int asn1_skip_object ( struct asn1_cursor *cursor, unsigned int type );
+extern int asn1_enter ( struct asn1_cursor *cursor, unsigned int type );
+extern int asn1_skip ( struct asn1_cursor *cursor, unsigned int type );

 #endif /* _GPXE_ASN1_H */
--- a/src/include/gpxe/errfile.h
+++ b/src/include/gpxe/errfile.h
@@ -168,6 +168,7 @@
 #define ERRFILE_smbios_settings	      ( ERRFILE_OTHER | 0x00130000 )
 #define ERRFILE_efi_smbios	      ( ERRFILE_OTHER | 0x00140000 )
 #define ERRFILE_pxemenu		      ( ERRFILE_OTHER | 0x00150000 )
+#define ERRFILE_x509		      ( ERRFILE_OTHER | 0x00160000 )

 /** @} */

--- a/src/include/gpxe/tls.h
+++ b/src/include/gpxe/tls.h
@@ -14,6 +14,7 @@
 #include <gpxe/crypto.h>
 #include <gpxe/md5.h>
 #include <gpxe/sha1.h>
+#include <gpxe/x509.h>

 /** A TLS header */
 struct tls_header {
@@ -157,10 +158,7 @@ struct tls_session {
 	uint8_t handshake_sha1_ctx[SHA1_CTX_SIZE];

 	/** Hack: server RSA public key */
-	uint8_t *rsa_mod;
-	size_t rsa_mod_len;
-	uint8_t *rsa_pub_exp;
-	size_t rsa_pub_exp_len;
+	struct x509_rsa_public_key rsa;

 	/** TX sequence number */
 	uint64_t tx_seq;
--- a/src/include/gpxe/x509.h
+++ b/src/include/gpxe/x509.h
@@ -0,0 +1,39 @@
+#ifndef _GPXE_X509_H
+#define _GPXE_X509_H
+
+/** @file
+ *
+ * X.509 certificates
+ *
+ */
+
+#include <stdint.h>
+
+struct asn1_cursor;
+
+/** An X.509 RSA public key */
+struct x509_rsa_public_key {
+	/** Modulus */
+	uint8_t *modulus;
+	/** Modulus length */
+	size_t modulus_len;
+	/** Exponent */
+	uint8_t *exponent;
+	/** Exponent length */
+	size_t exponent_len;
+};
+
+/**
+ * Free X.509 RSA public key
+ *
+ * @v rsa_pubkey	RSA public key
+ */
+static inline void
+x509_free_rsa_public_key ( struct x509_rsa_public_key *rsa_pubkey ) {
+	free ( rsa_pubkey->modulus );
+}
+
+extern int x509_rsa_public_key ( const struct asn1_cursor *certificate,
+				 struct x509_rsa_public_key *rsa_pubkey );
+
+#endif /* _GPXE_X509_H */