diff options
| author | Michael Brown | 2012-05-12 01:58:42 +0200 |
|---|---|---|
| committer | Michael Brown | 2012-05-14 01:14:27 +0200 |
| commit | e5858c1938147a052c72357aacfa01b0b6d67d0f (patch) | |
| tree | 4dfc950965992e1a00bdd51ece130c46b25cb0f5 /src | |
| parent | [crypto] Include "?subject=" in cross-signed certificate URI (diff) | |
| download | ipxe-e5858c1938147a052c72357aacfa01b0b6d67d0f.tar.gz ipxe-e5858c1938147a052c72357aacfa01b0b6d67d0f.tar.xz ipxe-e5858c1938147a052c72357aacfa01b0b6d67d0f.zip | |
[crypto] Parse X.509 raw public key bit string
OCSP requires direct access to the bit string portion of the subject
public key information.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/crypto/x509.c | 10 | ||||
| -rw-r--r-- | src/include/ipxe/x509.h | 4 |
2 files changed, 11 insertions, 3 deletions
diff --git a/src/crypto/x509.c b/src/crypto/x509.c index 6e3cfeada..cfecfde35 100644 --- a/src/crypto/x509.c +++ b/src/crypto/x509.c @@ -632,6 +632,7 @@ static int x509_parse_public_key ( struct x509_certificate *cert, const struct asn1_cursor *raw ) { struct x509_public_key *public_key = &cert->subject.public_key; struct asn1_algorithm **algorithm = &public_key->algorithm; + struct x509_bit_string *raw_bits = &public_key->raw_bits; struct asn1_cursor cursor; int rc; @@ -639,6 +640,8 @@ static int x509_parse_public_key ( struct x509_certificate *cert, memcpy ( &cursor, raw, sizeof ( cursor ) ); asn1_shrink_any ( &cursor ); memcpy ( &public_key->raw, &cursor, sizeof ( public_key->raw ) ); + DBGC2 ( cert, "X509 %p public key is:\n", cert ); + DBGC2_HDA ( cert, 0, public_key->raw.data, public_key->raw.len ); /* Enter subjectPublicKeyInfo */ asn1_enter ( &cursor, ASN1_SEQUENCE ); @@ -649,8 +652,11 @@ static int x509_parse_public_key ( struct x509_certificate *cert, return rc; DBGC2 ( cert, "X509 %p public key algorithm is %s\n", cert, (*algorithm)->name ); - DBGC2 ( cert, "X509 %p public key is:\n", cert ); - DBGC2_HDA ( cert, 0, public_key->raw.data, public_key->raw.len ); + asn1_skip_any ( &cursor ); + + /* Parse bit string */ + if ( ( rc = x509_parse_bit_string ( cert, raw_bits, &cursor ) ) != 0 ) + return rc; return 0; } diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h index 8753bb050..a55511b81 100644 --- a/src/include/ipxe/x509.h +++ b/src/include/ipxe/x509.h @@ -54,10 +54,12 @@ struct x509_validity { /** An X.509 certificate public key */ struct x509_public_key { - /** Raw public key */ + /** Raw public key information */ struct asn1_cursor raw; /** Public key algorithm */ struct asn1_algorithm *algorithm; + /** Raw public key bit string */ + struct x509_bit_string raw_bits; }; /** An X.509 certificate subject */ |