Przeglądaj źródła

[crypto] Parse X.509 raw public key bit string

OCSP requires direct access to the bit string portion of the subject
public key information.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 12 lat temu
rodzic
commit
e5858c1938
2 zmienionych plików z 11 dodań i 3 usunięć
  1. 8
    2
      src/crypto/x509.c
  2. 3
    1
      src/include/ipxe/x509.h

+ 8
- 2
src/crypto/x509.c Wyświetl plik

@@ -632,6 +632,7 @@ static int x509_parse_public_key ( struct x509_certificate *cert,
632 632
 				   const struct asn1_cursor *raw ) {
633 633
 	struct x509_public_key *public_key = &cert->subject.public_key;
634 634
 	struct asn1_algorithm **algorithm = &public_key->algorithm;
635
+	struct x509_bit_string *raw_bits = &public_key->raw_bits;
635 636
 	struct asn1_cursor cursor;
636 637
 	int rc;
637 638
 
@@ -639,6 +640,8 @@ static int x509_parse_public_key ( struct x509_certificate *cert,
639 640
 	memcpy ( &cursor, raw, sizeof ( cursor ) );
640 641
 	asn1_shrink_any ( &cursor );
641 642
 	memcpy ( &public_key->raw, &cursor, sizeof ( public_key->raw ) );
643
+	DBGC2 ( cert, "X509 %p public key is:\n", cert );
644
+	DBGC2_HDA ( cert, 0, public_key->raw.data, public_key->raw.len );
642 645
 
643 646
 	/* Enter subjectPublicKeyInfo */
644 647
 	asn1_enter ( &cursor, ASN1_SEQUENCE );
@@ -649,8 +652,11 @@ static int x509_parse_public_key ( struct x509_certificate *cert,
649 652
 		return rc;
650 653
 	DBGC2 ( cert, "X509 %p public key algorithm is %s\n",
651 654
 		cert, (*algorithm)->name );
652
-	DBGC2 ( cert, "X509 %p public key is:\n", cert );
653
-	DBGC2_HDA ( cert, 0, public_key->raw.data, public_key->raw.len );
655
+	asn1_skip_any ( &cursor );
656
+
657
+	/* Parse bit string */
658
+	if ( ( rc = x509_parse_bit_string ( cert, raw_bits, &cursor ) ) != 0 )
659
+		return rc;
654 660
 
655 661
 	return 0;
656 662
 }

+ 3
- 1
src/include/ipxe/x509.h Wyświetl plik

@@ -54,10 +54,12 @@ struct x509_validity {
54 54
 
55 55
 /** An X.509 certificate public key */
56 56
 struct x509_public_key {
57
-	/** Raw public key */
57
+	/** Raw public key information */
58 58
 	struct asn1_cursor raw;
59 59
 	/** Public key algorithm */
60 60
 	struct asn1_algorithm *algorithm;
61
+	/** Raw public key bit string */
62
+	struct x509_bit_string raw_bits;
61 63
 };
62 64
 
63 65
 /** An X.509 certificate subject */

Ładowanie…
Anuluj
Zapisz