sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2026-01-23 12:38:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

[crypto] Restructure handling of ASN.1 bit strings

Browse Source 
Signature values in ASN.1 tend to be encoded as bit strings rather
than octet strings.  In practice, no existent signature scheme uses a
non-integral number of bytes.

Switch to using a standard ASN.1 cursor to hold signature values, to
simplify consuming code.  Restructure the API to treat entering an
ASN.1 bit string in the same way as entering any other ASN.1 type.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2025-11-28 13:21:00 +00:00
parent d73981aece
commit c9c0282594
7 changed files with 87 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/include/ipxe/asn1.h
View File

@@ -427,16 +427,6 @@ extern struct asn1_algorithm oid_sha224_algorithm __asn1_algorithm;
extern struct asn1_algorithm oid_sha512_224_algorithm __asn1_algorithm;
extern struct asn1_algorithm oid_sha512_256_algorithm __asn1_algorithm;
/** An ASN.1 bit string */
struct asn1_bit_string {
/** Data */
const void *data;
/** Length */
size_t len;
/** Unused bits at end of data */
unsigned int unused;
} __attribute__ (( packed ));
/**
* Invalidate ASN.1 object cursor
*
@@ -489,12 +479,10 @@ extern int asn1_shrink ( struct asn1_cursor *cursor, unsigned int type );
extern int asn1_enter_any ( struct asn1_cursor *cursor );
extern int asn1_skip_any ( struct asn1_cursor *cursor );
extern int asn1_shrink_any ( struct asn1_cursor *cursor );
extern int asn1_enter_bits ( struct asn1_cursor *cursor,
unsigned int *unused );
extern int asn1_boolean ( const struct asn1_cursor *cursor );
extern int asn1_integer ( const struct asn1_cursor *cursor, int *value );
extern int asn1_bit_string ( const struct asn1_cursor *cursor,
struct asn1_bit_string *bits );
extern int asn1_integral_bit_string ( const struct asn1_cursor *cursor,
struct asn1_bit_string *bits );
extern int asn1_compare ( const struct asn1_cursor *cursor1,
const struct asn1_cursor *cursor2 );
extern int asn1_algorithm ( const struct asn1_cursor *cursor,

2
src/include/ipxe/ocsp.h
View File

@@ -76,7 +76,7 @@ struct ocsp_response {
/** Signature algorithm */
struct asn1_algorithm *algorithm;
/** Signature value */
struct asn1_bit_string signature;
struct asn1_cursor signature;
/** Signing certificate */
struct x509_certificate *signer;
};

6
src/include/ipxe/x509.h
View File

@@ -51,8 +51,8 @@ struct x509_public_key {
struct asn1_cursor raw;
/** Public key algorithm */
struct asn1_algorithm *algorithm;
/** Raw public key bit string */
struct asn1_bit_string raw_bits;
/** Public key value */
struct asn1_cursor value;
};
/** An X.509 certificate subject */
@@ -70,7 +70,7 @@ struct x509_signature {
/** Signature algorithm */
struct asn1_algorithm *algorithm;
/** Signature value */
struct asn1_bit_string value;
struct asn1_cursor value;
};
/** An X.509 certificate basic constraints set */