Merge pull request #79 from libtom/feature/rsa_import_x509

RSA import x509
2017-03-30 22:28:24 +02:00 · 2017-03-30 22:28:24 +02:00 · 77019928dd
commit 77019928dd
parent 0a400f465f ac7915ed13
16 changed files with 320 additions and 56 deletions
--- a/libtomcrypt_VS2005.vcproj
+++ b/libtomcrypt_VS2005.vcproj
@ -1575,6 +1575,10 @@
 							RelativePath="src\pk\asn1\der\sequence\der_sequence_free.c"
 							>
 						</File>
+						<File
+							RelativePath="src\pk\asn1\der\sequence\der_sequence_shrink.c"
+							>
+						</File>
 					</Filter>
 					<Filter
 						Name="set"
@ -1921,6 +1925,10 @@
 					RelativePath="src\pk\rsa\rsa_import_radix.c"
 					>
 				</File>
+				<File
+					RelativePath="src\pk\rsa\rsa_import_x509.c"
+					>
+				</File>
 				<File
 					RelativePath="src\pk\rsa\rsa_make_key.c"
 					>
--- a/libtomcrypt_VS2008.vcproj
+++ b/libtomcrypt_VS2008.vcproj
@ -1816,6 +1816,10 @@
 							RelativePath="src\pk\asn1\der\sequence\der_sequence_free.c"
 							>
 						</File>
+						<File
+							RelativePath="src\pk\asn1\der\sequence\der_sequence_shrink.c"
+							>
+						</File>
 					</Filter>
 					<Filter
 						Name="set"
@ -2162,6 +2166,10 @@
 					RelativePath="src\pk\rsa\rsa_import_radix.c"
 					>
 				</File>
+				<File
+					RelativePath="src\pk\rsa\rsa_import_x509.c"
+					>
+				</File>
 				<File
 					RelativePath="src\pk\rsa\rsa_make_key.c"
 					>
--- a/12
+++ b/12
@ -141,8 +141,8 @@ src/pk/asn1/der/sequence/der_encode_sequence_ex.o \
 src/pk/asn1/der/sequence/der_encode_sequence_multi.o \
 src/pk/asn1/der/sequence/der_encode_subject_public_key_info.o \
 src/pk/asn1/der/sequence/der_length_sequence.o src/pk/asn1/der/sequence/der_sequence_free.o \
-src/pk/asn1/der/set/der_encode_set.o src/pk/asn1/der/set/der_encode_setof.o \
-src/pk/asn1/der/short_integer/der_decode_short_integer.o \
+src/pk/asn1/der/sequence/der_sequence_shrink.o src/pk/asn1/der/set/der_encode_set.o \
+src/pk/asn1/der/set/der_encode_setof.o src/pk/asn1/der/short_integer/der_decode_short_integer.o \
 src/pk/asn1/der/short_integer/der_encode_short_integer.o \
 src/pk/asn1/der/short_integer/der_length_short_integer.o \
 src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
@ -168,10 +168,10 @@ src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1
 src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \
 src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
 src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
-src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_make_key.o \
-src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o \
-src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o \
-src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o
+src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_import_x509.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o \
+src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o \
+src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o

 HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
 src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
--- a/makefile.icc
+++ b/makefile.icc
@ -198,8 +198,8 @@ src/pk/asn1/der/sequence/der_encode_sequence_ex.o \
 src/pk/asn1/der/sequence/der_encode_sequence_multi.o \
 src/pk/asn1/der/sequence/der_encode_subject_public_key_info.o \
 src/pk/asn1/der/sequence/der_length_sequence.o src/pk/asn1/der/sequence/der_sequence_free.o \
-src/pk/asn1/der/set/der_encode_set.o src/pk/asn1/der/set/der_encode_setof.o \
-src/pk/asn1/der/short_integer/der_decode_short_integer.o \
+src/pk/asn1/der/sequence/der_sequence_shrink.o src/pk/asn1/der/set/der_encode_set.o \
+src/pk/asn1/der/set/der_encode_setof.o src/pk/asn1/der/short_integer/der_decode_short_integer.o \
 src/pk/asn1/der/short_integer/der_encode_short_integer.o \
 src/pk/asn1/der/short_integer/der_length_short_integer.o \
 src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
@ -225,10 +225,10 @@ src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1
 src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \
 src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
 src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
-src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_make_key.o \
-src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o \
-src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o \
-src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o
+src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_import_x509.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o \
+src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o \
+src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o

 HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
 src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
--- a/makefile.mingw
+++ b/makefile.mingw
@ -134,8 +134,8 @@ src/pk/asn1/der/sequence/der_encode_sequence_ex.o \
 src/pk/asn1/der/sequence/der_encode_sequence_multi.o \
 src/pk/asn1/der/sequence/der_encode_subject_public_key_info.o \
 src/pk/asn1/der/sequence/der_length_sequence.o src/pk/asn1/der/sequence/der_sequence_free.o \
-src/pk/asn1/der/set/der_encode_set.o src/pk/asn1/der/set/der_encode_setof.o \
-src/pk/asn1/der/short_integer/der_decode_short_integer.o \
+src/pk/asn1/der/sequence/der_sequence_shrink.o src/pk/asn1/der/set/der_encode_set.o \
+src/pk/asn1/der/set/der_encode_setof.o src/pk/asn1/der/short_integer/der_decode_short_integer.o \
 src/pk/asn1/der/short_integer/der_encode_short_integer.o \
 src/pk/asn1/der/short_integer/der_length_short_integer.o \
 src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
@ -161,10 +161,10 @@ src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1
 src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \
 src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
 src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
-src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_make_key.o \
-src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o \
-src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o \
-src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o
+src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_import_x509.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o \
+src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o \
+src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o

 HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
 src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
--- a/makefile.msvc
+++ b/makefile.msvc
@ -108,8 +108,8 @@ src/pk/asn1/der/sequence/der_encode_sequence_ex.obj \
 src/pk/asn1/der/sequence/der_encode_sequence_multi.obj \
 src/pk/asn1/der/sequence/der_encode_subject_public_key_info.obj \
 src/pk/asn1/der/sequence/der_length_sequence.obj src/pk/asn1/der/sequence/der_sequence_free.obj \
-src/pk/asn1/der/set/der_encode_set.obj src/pk/asn1/der/set/der_encode_setof.obj \
-src/pk/asn1/der/short_integer/der_decode_short_integer.obj \
+src/pk/asn1/der/sequence/der_sequence_shrink.obj src/pk/asn1/der/set/der_encode_set.obj \
+src/pk/asn1/der/set/der_encode_setof.obj src/pk/asn1/der/short_integer/der_decode_short_integer.obj \
 src/pk/asn1/der/short_integer/der_encode_short_integer.obj \
 src/pk/asn1/der/short_integer/der_length_short_integer.obj \
 src/pk/asn1/der/teletex_string/der_decode_teletex_string.obj \
@ -135,10 +135,10 @@ src/pk/pkcs1/pkcs_1_oaep_decode.obj src/pk/pkcs1/pkcs_1_oaep_encode.obj src/pk/p
 src/pk/pkcs1/pkcs_1_pss_decode.obj src/pk/pkcs1/pkcs_1_pss_encode.obj src/pk/pkcs1/pkcs_1_v1_5_decode.obj \
 src/pk/pkcs1/pkcs_1_v1_5_encode.obj src/pk/rsa/rsa_decrypt_key.obj src/pk/rsa/rsa_encrypt_key.obj \
 src/pk/rsa/rsa_export.obj src/pk/rsa/rsa_exptmod.obj src/pk/rsa/rsa_free.obj src/pk/rsa/rsa_get_size.obj \
-src/pk/rsa/rsa_import.obj src/pk/rsa/rsa_import_radix.obj src/pk/rsa/rsa_make_key.obj \
-src/pk/rsa/rsa_sign_hash.obj src/pk/rsa/rsa_sign_saltlen_get.obj src/pk/rsa/rsa_verify_hash.obj \
-src/prngs/fortuna.obj src/prngs/rc4.obj src/prngs/rng_get_bytes.obj src/prngs/rng_make_prng.obj \
-src/prngs/sober128.obj src/prngs/sprng.obj src/prngs/yarrow.obj
+src/pk/rsa/rsa_import.obj src/pk/rsa/rsa_import_radix.obj src/pk/rsa/rsa_import_x509.obj \
+src/pk/rsa/rsa_make_key.obj src/pk/rsa/rsa_sign_hash.obj src/pk/rsa/rsa_sign_saltlen_get.obj \
+src/pk/rsa/rsa_verify_hash.obj src/prngs/fortuna.obj src/prngs/rc4.obj src/prngs/rng_get_bytes.obj \
+src/prngs/rng_make_prng.obj src/prngs/sober128.obj src/prngs/sprng.obj src/prngs/yarrow.obj

 HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
 src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
--- a/makefile.shared
+++ b/makefile.shared
@ -131,8 +131,8 @@ src/pk/asn1/der/sequence/der_encode_sequence_ex.o \
 src/pk/asn1/der/sequence/der_encode_sequence_multi.o \
 src/pk/asn1/der/sequence/der_encode_subject_public_key_info.o \
 src/pk/asn1/der/sequence/der_length_sequence.o src/pk/asn1/der/sequence/der_sequence_free.o \
-src/pk/asn1/der/set/der_encode_set.o src/pk/asn1/der/set/der_encode_setof.o \
-src/pk/asn1/der/short_integer/der_decode_short_integer.o \
+src/pk/asn1/der/sequence/der_sequence_shrink.o src/pk/asn1/der/set/der_encode_set.o \
+src/pk/asn1/der/set/der_encode_setof.o src/pk/asn1/der/short_integer/der_decode_short_integer.o \
 src/pk/asn1/der/short_integer/der_encode_short_integer.o \
 src/pk/asn1/der/short_integer/der_length_short_integer.o \
 src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
@ -158,10 +158,10 @@ src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1
 src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \
 src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
 src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
-src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_make_key.o \
-src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o \
-src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o \
-src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o
+src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_import_x509.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o \
+src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o \
+src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o

 HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
 src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
--- a/makefile.unix
+++ b/makefile.unix
@ -139,8 +139,8 @@ src/pk/asn1/der/sequence/der_encode_sequence_ex.o \
 src/pk/asn1/der/sequence/der_encode_sequence_multi.o \
 src/pk/asn1/der/sequence/der_encode_subject_public_key_info.o \
 src/pk/asn1/der/sequence/der_length_sequence.o src/pk/asn1/der/sequence/der_sequence_free.o \
-src/pk/asn1/der/set/der_encode_set.o src/pk/asn1/der/set/der_encode_setof.o \
-src/pk/asn1/der/short_integer/der_decode_short_integer.o \
+src/pk/asn1/der/sequence/der_sequence_shrink.o src/pk/asn1/der/set/der_encode_set.o \
+src/pk/asn1/der/set/der_encode_setof.o src/pk/asn1/der/short_integer/der_decode_short_integer.o \
 src/pk/asn1/der/short_integer/der_encode_short_integer.o \
 src/pk/asn1/der/short_integer/der_length_short_integer.o \
 src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
@ -166,10 +166,10 @@ src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1
 src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \
 src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
 src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
-src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_make_key.o \
-src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o \
-src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o \
-src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o
+src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_import_x509.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o \
+src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o \
+src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o

 HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
 src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
--- a/src/headers/tomcrypt_pk.h
+++ b/src/headers/tomcrypt_pk.h
@ -107,6 +107,7 @@ int rsa_sign_saltlen_get_max_ex(int padding, int hash_idx, rsa_key *key);
 int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key);
 int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key);

+int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key);
 int rsa_import_radix(int radix, char *N, char *e, char *d, char *p, char *q, char *dP, char *dQ, char *qP, rsa_key *key);
 #endif

@ -540,6 +541,7 @@ int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...)
 int  der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out);
 #define der_free_sequence_flexi         der_sequence_free
 void der_sequence_free(ltc_asn1_list *in);
+void der_sequence_shrink(ltc_asn1_list *in);

 /* BOOLEAN */
 int der_length_boolean(unsigned long *outlen);
--- a/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c
+++ b/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c
@ -53,6 +53,25 @@ static unsigned long fetch_length(const unsigned char *in, unsigned long inlen,
   return z+*data_offset;
 }

+static int new_element(ltc_asn1_list **l)
+{
+   /* alloc new link */
+   if (*l == NULL) {
+      *l = XCALLOC(1, sizeof(ltc_asn1_list));
+      if (*l == NULL) {
+         return CRYPT_MEM;
+      }
+   } else {
+      (*l)->next = XCALLOC(1, sizeof(ltc_asn1_list));
+      if ((*l)->next == NULL) {
+         return CRYPT_MEM;
+      }
+      (*l)->next->prev = *l;
+      *l = (*l)->next;
+   }
+   return CRYPT_OK;
+}
+
 /**
   ASN.1 DER Flexi(ble) decoder will decode arbitrary DER packets and create a linked list of the decoded elements.
   @param in      The input buffer
@ -73,6 +92,13 @@ int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc
   l = NULL;
   totlen = 0;

+   if (*inlen == 0) {
+      /* alloc new link */
+      if ((err = new_element(&l)) != CRYPT_OK) {
+         goto error;
+      }
+   }
+
   /* scan the input and and get lengths and what not */
   while (*inlen) {
      /* read the type byte */
@ -86,21 +112,9 @@ int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc
      }

      /* alloc new link */
-      if (l == NULL) {
-         l = XCALLOC(1, sizeof(*l));
-         if (l == NULL) {
-            err = CRYPT_MEM;
+      if ((err = new_element(&l)) != CRYPT_OK) {
         goto error;
      }
-      } else {
-         l->next = XCALLOC(1, sizeof(*l));
-         if (l->next == NULL) {
-            err = CRYPT_MEM;
-            goto error;
-         }
-         l->next->prev = l;
-         l = l->next;
-      }

      if ((type & 0x20) && (type != 0x30) && (type != 0x31)) {
         /* constructed, use the 'used' field to store the original identifier */
@ -348,6 +362,15 @@ int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc
                l->type = LTC_ASN1_SET;
             }

+             if ((l->data = XMALLOC(len)) == NULL) {
+                err = CRYPT_MEM;
+                goto error;
+             }
+
+             XMEMCPY(l->data, in, len);
+             l->size = len;
+
+
             /* jump to the start of the data */
             in     += data_offset;
             *inlen -= data_offset;
--- a/src/pk/asn1/der/sequence/der_sequence_free.c
+++ b/src/pk/asn1/der/sequence/der_sequence_free.c
@ -46,9 +46,7 @@ void der_sequence_free(ltc_asn1_list *in)
      }

      switch (in->type) {
-         case LTC_ASN1_SET:
-         case LTC_ASN1_SETOF:
-         case LTC_ASN1_SEQUENCE: break;
+         case LTC_ASN1_SETOF: break;
         case LTC_ASN1_INTEGER : if (in->data != NULL) { mp_clear(in->data); } break;
         default               : if (in->data != NULL) { XFREE(in->data);    }
      }
--- a/src/pk/asn1/der/sequence/der_sequence_shrink.c
+++ b/src/pk/asn1/der/sequence/der_sequence_shrink.c
@ -0,0 +1,52 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
+ */
+#include "tomcrypt.h"
+
+/**
+  @file der_sequence_shrink.c
+  Free memory allocated for CONSTRUCTED, SET or SEQUENCE elements by der_decode_sequence_flexi(), Steffen Jaeckel
+*/
+
+#ifdef LTC_DER
+
+/**
+  Free memory allocated for CONSTRUCTED,
+  SET or SEQUENCE elements by der_decode_sequence_flexi()
+  @param in     The list to shrink
+*/
+void der_sequence_shrink(ltc_asn1_list *in)
+{
+   if (!in) return;
+
+   /* now walk the list and free stuff */
+   while (in != NULL) {
+      /* is there a child? */
+      if (in->child) {
+         der_sequence_shrink(in->child);
+      }
+
+      switch (in->type) {
+         case LTC_ASN1_CONSTRUCTED:
+         case LTC_ASN1_SET:
+         case LTC_ASN1_SEQUENCE : if (in->data != NULL) { XFREE(in->data); in->data = NULL; } break;
+         default: break;
+      }
+
+      /* move to next and free current */
+      in = in->next;
+   }
+}
+
+#endif
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */
--- a/src/pk/rsa/rsa_free.c
+++ b/src/pk/rsa/rsa_free.c
@ -24,7 +24,7 @@
 void rsa_free(rsa_key *key)
 {
   LTC_ARGCHKVD(key != NULL);
-   mp_clear_multi(key->e, key->d, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL);
+   mp_clear_multi(key->q, key->p, key->qP, key->dP, key->dQ, key->N, key->d, key->e, NULL);
 }

 #endif
--- a/src/pk/rsa/rsa_import_x509.c
+++ b/src/pk/rsa/rsa_import_x509.c
@ -0,0 +1,120 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
+ */
+#include "tomcrypt.h"
+
+/**
+  @file rsa_import.c
+  Import an RSA key from a X.509 certificate, Steffen Jaeckel
+*/
+
+#ifdef LTC_MRSA
+
+/**
+  Import an RSA key from a X.509 certificate
+  @param in      The packet to import from
+  @param inlen   It's length (octets)
+  @param key     [out] Destination for newly imported key
+  @return CRYPT_OK if successful, upon error allocated memory is freed
+*/
+int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key)
+{
+   int           err;
+   unsigned char *tmpbuf=NULL;
+   unsigned long tmpbuf_len, tmp_inlen;
+   ltc_asn1_list *decoded_list = NULL, *l;
+
+   LTC_ARGCHK(in          != NULL);
+   LTC_ARGCHK(key         != NULL);
+   LTC_ARGCHK(ltc_mp.name != NULL);
+
+   /* init key */
+   if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ,
+                            &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) {
+      return err;
+   }
+
+   tmpbuf_len = MAX_RSA_SIZE * 8;
+   tmpbuf = XCALLOC(1, tmpbuf_len);
+   if (tmpbuf == NULL) {
+       err = CRYPT_MEM;
+       goto LBL_ERR;
+   }
+
+   tmp_inlen = inlen;
+   if ((err = der_decode_sequence_flexi(in, &tmp_inlen, &decoded_list)) == CRYPT_OK) {
+      l = decoded_list;
+      /* Move 2 levels up in the tree
+         SEQUENCE
+             SEQUENCE
+                 ...
+       */
+      if (l->type == LTC_ASN1_SEQUENCE && l->child) {
+         l = l->child;
+         if (l->type == LTC_ASN1_SEQUENCE && l->child) {
+            l = l->child;
+
+            err = CRYPT_ERROR;
+
+            /* Move forward in the tree until we find this combination
+                 ...
+                 SEQUENCE
+                     SEQUENCE
+                         OBJECT IDENTIFIER 1.2.840.113549.1.1.1
+                         NULL
+                     BIT STRING
+             */
+            do {
+               /* The additional check for l->data is there to make sure
+                * we won't try to decode a list that has been 'shrunk'
+                */
+               if (l->type == LTC_ASN1_SEQUENCE && l->data && l->child &&
+                     l->child->type == LTC_ASN1_SEQUENCE && l->child->child &&
+                     l->child->child->type == LTC_ASN1_OBJECT_IDENTIFIER && l->child->next &&
+                     l->child->next->type == LTC_ASN1_BIT_STRING) {
+                  err = der_decode_subject_public_key_info(l->data, l->size,
+                       PKA_RSA, tmpbuf, &tmpbuf_len,
+                       LTC_ASN1_NULL, NULL, 0);
+                  if (err == CRYPT_OK) {
+                     /* now it should be SEQUENCE { INTEGER, INTEGER } */
+                     if ((err = der_decode_sequence_multi(tmpbuf, tmpbuf_len,
+                                                          LTC_ASN1_INTEGER, 1UL, key->N,
+                                                          LTC_ASN1_INTEGER, 1UL, key->e,
+                                                          LTC_ASN1_EOL,     0UL, NULL)) != CRYPT_OK) {
+                        goto LBL_ERR;
+                     }
+                     key->type = PK_PUBLIC;
+                     err = CRYPT_OK;
+                     goto LBL_FREE;
+                  }
+               }
+               l = l->next;
+            } while(l);
+         }
+      }
+   }
+
+
+LBL_ERR:
+   rsa_free(key);
+
+LBL_FREE:
+   if (decoded_list) der_free_sequence_flexi(decoded_list);
+   if (tmpbuf != NULL) XFREE(tmpbuf);
+
+   return err;
+}
+
+#endif /* LTC_MRSA */
+
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */
--- a/testprof/der_tests.c
+++ b/testprof/der_tests.c
@ -13,7 +13,36 @@ int der_tests(void)

 #else

-static const unsigned char _der_tests_cacert_root_cert[] =
+static const unsigned char _der_tests_stinky_root_cert[] =
+   "MIIFETCCA/mgAwIBAgIQbv53JNmv518t5lkCHE272jANBgkqhkiG9w0BAQUFADCB\
+    lTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug\
+    Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho\
+    dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHTAbBgNVBAMTFFVUTi1VU0VSRmlyc3Qt\
+    T2JqZWN0MB4XDTA4MDQyOTAwMDAwMFoXDTEwMDQyOTIzNTk1OVowgbUxCzAJBgNV\
+    BAYTAlVTMQ4wDAYDVQQRDAU0NDE0MzELMAkGA1UECAwCT0gxGTAXBgNVBAcMEE1h\
+    eWZpZWxkIFZpbGxhZ2UxEDAOBgNVBAkMB1N1aXRlIEExFDASBgNVBAkMCzc2NyBC\
+    ZXRhIERyMSIwIAYDVQQKDBlQcmVlbXB0aXZlIFNvbHV0aW9ucywgTExDMSIwIAYD\
+    VQQDDBlQcmVlbXB0aXZlIFNvbHV0aW9ucywgTExDMIIBIjANBgkqhkiG9w0BAQEF\
+    AAOCAQ8AMIIBCgKCAQEAzH7ZBkMcBuHx8d2f10RGTHAf7gzzVteGbOihJGH2BwlS\
+    ZvNp6WEE4DfL+s1vp0wzk1XeLN5tRjg2qum9YqyCk7okh7pXGy46f5mWbLQiefGA\
+    j5UXRcr6WJ3xeACdbXxKrYMV0REia+4Jb2UbFA8S81PjhRon6vcRz76ziUWwt8NC\
+    igX+4ZC0skhhKzKszel6KGL7bJCtLG7ukw9DZCrvPCRcKFeM/GwQ6ACMgP88CSCL\
+    t1fbIXDH1vd/x2XM3QlaSDN6hYDbef8m1T+9TCkXVKeqG1GYjSUrHzYnCZUmTRrR\
+    38jgC3qXxiIpDKW105uM0nlXe2XF9c+ot2MdWvV4TwIDAQABo4IBOTCCATUwHwYD\
+    VR0jBBgwFoAU2u1kdBScFDyr3ZmpvVsoTYs8ydgwHQYDVR0OBBYEFK+1HzZE4i28\
+    oLIzuqlFR9SspiCIMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMBMGA1Ud\
+    JQQMMAoGCCsGAQUFBwMDMBEGCWCGSAGG+EIBAQQEAwIEEDBGBgNVHSAEPzA9MDsG\
+    DCsGAQQBsjEBAgEDAjArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21v\
+    ZG8ubmV0L0NQUzBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY3JsLnVzZXJ0cnVz\
+    dC5jb20vVVROLVVTRVJGaXJzdC1PYmplY3QuY3JsMCEGA1UdEQQaMBiBFnN1cHBv\
+    cnRAcHJlZW1wdGl2ZS5jb20wDQYJKoZIhvcNAQEFBQADggEBAC+JM26Dokvonudl\
+    JXe/Yun7IBhimkagZUjbk9l/GQWN6i+v1o95UJ1wGJtBdm2+MxbSaPoNTDZR4B+2\
+    lYL9MW57UVmePrnfUPXQKZZG+8gTRDz8+7ol/CEAKmS3MLKCRcH5oe+J5345sGxi\
+    FC/KWNKedTNraW95xlg8NTlL2yRP7TMsjvBxgLmkbaFUoXzPTbQWmtovIagIT8GC\
+    JeXwdFaRjbamiz3Irl+u7x/mhxdza6RvgBYylXRFMudANpeGsV7gDXlnfzpFDKHQ\
+    niVwB7P5sbPFIlmIc+4/xRItkLIRjCVXaepgN9KYu3VOgiSDI6wXiTwP44/LUXQM\
+    hetwa7s=";
+const unsigned char _der_tests_cacert_root_cert[] =
   "MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\
    IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\
    IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\
@ -53,6 +82,7 @@ static const unsigned char _der_tests_cacert_root_cert[] =
    GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\
    zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\
    omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD";
+const unsigned long _der_tests_cacert_root_cert_size = sizeof(_der_tests_cacert_root_cert);

 /*
 SEQUENCE(3 elem)
@ -195,6 +225,8 @@ SEQUENCE(3 elem)
 #define CHECK_ASN1_HAS_NO_CHILD(l) __CHECK_ASN1_HAS_NO(l, child)
 #define CHECK_ASN1_HAS_NEXT(l) __CHECK_ASN1_HAS(l, next)
 #define CHECK_ASN1_HAS_NO_NEXT(l) __CHECK_ASN1_HAS_NO(l, next)
+#define CHECK_ASN1_HAS_DATA(l) __CHECK_ASN1_HAS(l, data)
+#define CHECK_ASN1_HAS_NO_DATA(l) __CHECK_ASN1_HAS_NO(l, data)

 #ifdef LTC_DER_TESTS_PRINT_FLEXI
 static void _der_tests_print_flexi(ltc_asn1_list* l, unsigned int level)
@ -392,9 +424,22 @@ static void der_cacert_test(void)

  ltc_asn1_list *decoded_list, *l, *l1, *l2;

+  DO(base64_decode(_der_tests_stinky_root_cert, sizeof(_der_tests_stinky_root_cert), buf, &len1));
+  len2 = len1;
+  DO(der_decode_sequence_flexi(buf, &len2, &decoded_list));
+  der_free_sequence_flexi(decoded_list);
+
+  len1 = sizeof(buf);
  DO(base64_decode(_der_tests_cacert_root_cert, sizeof(_der_tests_cacert_root_cert), buf, &len1));
  len2 = len1;
  DO(der_decode_sequence_flexi(buf, &len2, &decoded_list));
+  CHECK_ASN1_TYPE(decoded_list, LTC_ASN1_SEQUENCE);
+  CHECK_ASN1_HAS_DATA(decoded_list);
+
+  der_sequence_shrink(decoded_list);
+
+  CHECK_ASN1_TYPE(decoded_list, LTC_ASN1_SEQUENCE);
+  CHECK_ASN1_HAS_NO_DATA(decoded_list);

 #ifdef LTC_DER_TESTS_PRINT_FLEXI
  printf("\n\n--- test print start ---\n\n");
--- a/testprof/rsa_test.c
+++ b/testprof/rsa_test.c
@ -93,6 +93,9 @@ static const unsigned char openssl_public_rsa_stripped[] = {
   0x60, 0x3f, 0x8b, 0x54, 0x3a, 0xc3, 0x4d, 0x31, 0xe7, 0x94, 0xa4, 0x44, 0xfd, 0x02, 0x03, 0x01,
   0x00, 0x01,  };

+extern const unsigned char _der_tests_cacert_root_cert[];
+extern const unsigned long _der_tests_cacert_root_cert_size;
+
 static int rsa_compat_test(void)
 {
   rsa_key key;
@ -195,7 +198,7 @@ static int rsa_compat_test(void)

 int rsa_test(void)
 {
-   unsigned char in[1024], out[1024], tmp[1024];
+   unsigned char in[1024], out[1024], tmp[3072];
   rsa_key       key, privKey, pubKey;
   int           hash_idx, prng_idx, stat, stat2, i, err;
   unsigned long rsa_msgsize, len, len2, len3, cnt, cnt2;
@ -537,6 +540,11 @@ for (cnt = 0; cnt < len; ) {
     DOX(stat == 0?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, "should fail");
   }

+   len3 = sizeof(tmp);
+   DO(base64_decode(_der_tests_cacert_root_cert, _der_tests_cacert_root_cert_size, tmp, &len3));
+
+   DO(rsa_import_x509(tmp, len3, &key));
+
   /* free the key and return */
   rsa_free(&key);
   rsa_free(&pubKey);