summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorMichael Brown2012-03-21 18:14:05 +0100
committerMichael Brown2012-03-22 01:31:22 +0100
commitc28537838858be19a0d9ee903fc3758ec73d756d (patch)
tree334ec41e125e0e704a7d04c0a829b24dc17ca9aa /src
parent[crypto] Define ASN.1 OID-identified algorithms for all supported digests (diff)
downloadipxe-c28537838858be19a0d9ee903fc3758ec73d756d.tar.gz
ipxe-c28537838858be19a0d9ee903fc3758ec73d756d.tar.xz
ipxe-c28537838858be19a0d9ee903fc3758ec73d756d.zip
[crypto] Parse X.509 certificate serial number
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src')
-rw-r--r--src/crypto/x509.c31
-rw-r--r--src/include/ipxe/x509.h8
2 files changed, 37 insertions, 2 deletions
diff --git a/src/crypto/x509.c b/src/crypto/x509.c
index 5ce42f88..978fbd95 100644
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@@ -392,6 +392,31 @@ static int x509_parse_version ( struct x509_certificate *cert,
}
/**
+ * Parse X.509 certificate serial number
+ *
+ * @v cert X.509 certificate
+ * @v raw ASN.1 cursor
+ * @ret rc Return status code
+ */
+static int x509_parse_serial ( struct x509_certificate *cert,
+ const struct asn1_cursor *raw ) {
+ struct x509_serial *serial = &cert->serial;
+ int rc;
+
+ /* Record raw serial number */
+ memcpy ( &serial->raw, raw, sizeof ( serial->raw ) );
+ if ( ( rc = asn1_shrink ( &serial->raw, ASN1_INTEGER ) ) != 0 ) {
+ DBGC ( cert, "X509 %p cannot shrink serialNumber: %s\n",
+ cert, strerror ( rc ) );
+ return rc;
+ }
+ DBGC ( cert, "X509 %p issuer is:\n", cert );
+ DBGC_HDA ( cert, 0, serial->raw.data, serial->raw.len );
+
+ return 0;
+}
+
+/**
* Parse X.509 certificate issuer
*
* @v cert X.509 certificate
@@ -818,8 +843,10 @@ static int x509_parse_tbscertificate ( struct x509_certificate *cert,
asn1_skip_any ( &cursor );
}
- /* Skip serialNumber */
- asn1_skip ( &cursor, ASN1_INTEGER );
+ /* Parse serialNumber */
+ if ( ( rc = x509_parse_serial ( cert, &cursor ) ) != 0 )
+ return rc;
+ asn1_skip_any ( &cursor );
/* Parse signature */
if ( ( rc = x509_parse_signature_algorithm ( cert, algorithm,
diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h
index 45f738cd..ca2912fd 100644
--- a/src/include/ipxe/x509.h
+++ b/src/include/ipxe/x509.h
@@ -24,6 +24,12 @@ struct x509_bit_string {
unsigned int unused;
};
+/** An X.509 serial number */
+struct x509_serial {
+ /** Raw serial number */
+ struct asn1_cursor raw;
+};
+
/** An X.509 issuer */
struct x509_issuer {
/** Raw issuer */
@@ -121,6 +127,8 @@ struct x509_certificate {
struct asn1_cursor raw;
/** Version */
unsigned int version;
+ /** Serial number */
+ struct x509_serial serial;
/** Raw tbsCertificate */
struct asn1_cursor tbs;
/** Signature algorithm */