update rsa_import_x509()

src/pk/rsa/rsa_import_x509.c

@@ -15,6 +15,15 @@
 
 #ifdef LTC_MRSA
 
+static int _rsa_decode(const unsigned char *in, unsigned long inlen, rsa_key *key)
+{
+   /* now it should be SEQUENCE { INTEGER, INTEGER } */
+   return der_decode_sequence_multi(in, inlen,
+                                        LTC_ASN1_INTEGER, 1UL, key->N,
+                                        LTC_ASN1_INTEGER, 1UL, key->e,
+                                        LTC_ASN1_EOL,     0UL, NULL);
+}
+
 /**
   Import an RSA key from a X.509 certificate
   @param in      The packet to import from
@@ -25,9 +34,6 @@
 int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key)
 {
    int           err;
-   unsigned char *tmpbuf;
-   unsigned long tmpbuf_len, tmp_inlen, len;
-   ltc_asn1_list *decoded_list = NULL, *l;
 
    LTC_ARGCHK(in          != NULL);
    LTC_ARGCHK(key         != NULL);
@@ -39,75 +45,15 @@ int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key)
       return err;
    }
 
-   tmpbuf_len = inlen;
-   tmpbuf = XCALLOC(1, tmpbuf_len);
-   if (tmpbuf == NULL) {
-       err = CRYPT_MEM;
-       goto LBL_ERR;
+   if ((err = x509_decode_public_key_from_certificate(in, inlen,
+                                                      PKA_RSA, LTC_ASN1_NULL,
+                                                      NULL, NULL,
+                                                      (public_key_decode_cb)_rsa_decode, key)) != CRYPT_OK) {
+      rsa_free(key);
+   } else {
+      key->type = PK_PUBLIC;
    }
 
-   tmp_inlen = inlen;
-   if ((err = der_decode_sequence_flexi(in, &tmp_inlen, &decoded_list)) == CRYPT_OK) {
-      l = decoded_list;
-      /* Move 2 levels up in the tree
-         SEQUENCE
-             SEQUENCE
-                 ...
-       */
-      if (l->type == LTC_ASN1_SEQUENCE && l->child) {
-         l = l->child;
-         if (l->type == LTC_ASN1_SEQUENCE && l->child) {
-            l = l->child;
-
-            err = CRYPT_ERROR;
-
-            /* Move forward in the tree until we find this combination
-                 ...
-                 SEQUENCE
-                     SEQUENCE
-                         OBJECT IDENTIFIER 1.2.840.113549.1.1.1
-                         NULL
-                     BIT STRING
-             */
-            do {
-               /* The additional check for l->data is there to make sure
-                * we won't try to decode a list that has been 'shrunk'
-                */
-               if (l->type == LTC_ASN1_SEQUENCE && l->data && l->child &&
-                     l->child->type == LTC_ASN1_SEQUENCE && l->child->child &&
-                     l->child->child->type == LTC_ASN1_OBJECT_IDENTIFIER && l->child->next &&
-                     l->child->next->type == LTC_ASN1_BIT_STRING) {
-                  len = 0;
-                  err = x509_decode_subject_public_key_info(l->data, l->size,
-                       PKA_RSA, tmpbuf, &tmpbuf_len,
-                       LTC_ASN1_NULL, NULL, &len);
-                  if (err == CRYPT_OK) {
-                     /* now it should be SEQUENCE { INTEGER, INTEGER } */
-                     if ((err = der_decode_sequence_multi(tmpbuf, tmpbuf_len,
-                                                          LTC_ASN1_INTEGER, 1UL, key->N,
-                                                          LTC_ASN1_INTEGER, 1UL, key->e,
-                                                          LTC_ASN1_EOL,     0UL, NULL)) != CRYPT_OK) {
-                        goto LBL_ERR;
-                     }
-                     key->type = PK_PUBLIC;
-                     err = CRYPT_OK;
-                     goto LBL_FREE;
-                  }
-               }
-               l = l->next;
-            } while(l);
-         }
-      }
-   }
-
-
-LBL_ERR:
-   rsa_free(key);
-
-LBL_FREE:
-   if (decoded_list) der_free_sequence_flexi(decoded_list);
-   if (tmpbuf != NULL) XFREE(tmpbuf);
-
    return err;
 }