[crypto] Parse X.509 raw public key bit string

OCSP requires direct access to the bit string portion of the subject public key information. Signed-off-by: Michael Brown <mcb30@ipxe.org>
ipxe · May 13, 2012 · e5858c1 · e5858c1
1 parent 4855e86
commit e5858c1
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/src/crypto/x509.c b/src/crypto/x509.c
@@ -632,13 +632,16 @@ static int x509_parse_public_key ( struct x509_certificate *cert,
 				   const struct asn1_cursor *raw ) {
 	struct x509_public_key *public_key = &cert->subject.public_key;
 	struct asn1_algorithm **algorithm = &public_key->algorithm;
+	struct x509_bit_string *raw_bits = &public_key->raw_bits;
 	struct asn1_cursor cursor;
 	int rc;
 
 	/* Record raw subjectPublicKeyInfo */
 	memcpy ( &cursor, raw, sizeof ( cursor ) );
 	asn1_shrink_any ( &cursor );
 	memcpy ( &public_key->raw, &cursor, sizeof ( public_key->raw ) );
+	DBGC2 ( cert, "X509 %p public key is:\n", cert );
+	DBGC2_HDA ( cert, 0, public_key->raw.data, public_key->raw.len );
 
 	/* Enter subjectPublicKeyInfo */
 	asn1_enter ( &cursor, ASN1_SEQUENCE );
@@ -649,8 +652,11 @@ static int x509_parse_public_key ( struct x509_certificate *cert,
 		return rc;
 	DBGC2 ( cert, "X509 %p public key algorithm is %s\n",
 		cert, (*algorithm)->name );
-	DBGC2 ( cert, "X509 %p public key is:\n", cert );
-	DBGC2_HDA ( cert, 0, public_key->raw.data, public_key->raw.len );
+	asn1_skip_any ( &cursor );
+
+	/* Parse bit string */
+	if ( ( rc = x509_parse_bit_string ( cert, raw_bits, &cursor ) ) != 0 )
+		return rc;
 
 	return 0;
 }

diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h
@@ -54,10 +54,12 @@ struct x509_validity {
 
 /** An X.509 certificate public key */
 struct x509_public_key {
-	/** Raw public key */
+	/** Raw public key information */
 	struct asn1_cursor raw;
 	/** Public key algorithm */
 	struct asn1_algorithm *algorithm;
+	/** Raw public key bit string */
+	struct x509_bit_string raw_bits;
 };
 
 /** An X.509 certificate subject */