[crypto] Parse X.509 certificate serial number

author Michael Brown <mcb30@ipxe.org>

Wed, 21 Mar 2012 17:14:05 +0000 (17:14 +0000)

committer Michael Brown <mcb30@ipxe.org>

Thu, 22 Mar 2012 00:31:22 +0000 (00:31 +0000)
author Michael Brown <mcb30@ipxe.org>
Wed, 21 Mar 2012 17:14:05 +0000 (17:14 +0000)
committer Michael Brown <mcb30@ipxe.org>
Thu, 22 Mar 2012 00:31:22 +0000 (00:31 +0000)
diff --git a/src/crypto/x509.c b/src/crypto/x509.c

index 5ce42f88b48ef11cea2e24bef93d46aa02093b64..978fbd953de5f8f2af64d1a79e1e23f2ceb4f0ef 100644 (file)
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@@ -391,6 +391,31 @@ static int x509_parse_version ( struct x509_certificate *cert,
         return 0;
  }
  
+/**
+ * Parse X.509 certificate serial number
+ *
+ * @v cert             X.509 certificate
+ * @v raw              ASN.1 cursor
+ * @ret rc             Return status code
+ */
+static int x509_parse_serial ( struct x509_certificate *cert,
+                              const struct asn1_cursor *raw ) {
+       struct x509_serial *serial = &cert->serial;
+       int rc;
+
+       /* Record raw serial number */
+       memcpy ( &serial->raw, raw, sizeof ( serial->raw ) );
+       if ( ( rc = asn1_shrink ( &serial->raw, ASN1_INTEGER ) ) != 0 ) {
+               DBGC ( cert, "X509 %p cannot shrink serialNumber: %s\n",
+                      cert, strerror ( rc ) );
+               return rc;
+       }
+       DBGC ( cert, "X509 %p issuer is:\n", cert );
+       DBGC_HDA ( cert, 0, serial->raw.data, serial->raw.len );
+
+       return 0;
+}
+
  /**
   * Parse X.509 certificate issuer
   *
@@ -818,8 +843,10 @@ static int x509_parse_tbscertificate ( struct x509_certificate *cert,
                 asn1_skip_any ( &cursor );
         }
  
-       /* Skip serialNumber */
-       asn1_skip ( &cursor, ASN1_INTEGER );
+       /* Parse serialNumber */
+       if ( ( rc = x509_parse_serial ( cert, &cursor ) ) != 0 )
+               return rc;
+       asn1_skip_any ( &cursor );
  
         /* Parse signature */
         if ( ( rc = x509_parse_signature_algorithm ( cert, algorithm,
diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h

index 45f738cd71a8fc4360e599398559423a6c2dd1b8..ca2912fda9789521f850950d53b8b814276eaffa 100644 (file)
--- a/src/include/ipxe/x509.h
+++ b/src/include/ipxe/x509.h
@@ -24,6 +24,12 @@ struct x509_bit_string {
         unsigned int unused;
  };
  
+/** An X.509 serial number */
+struct x509_serial {
+       /** Raw serial number */
+       struct asn1_cursor raw;
+};
+
  /** An X.509 issuer */
  struct x509_issuer {
         /** Raw issuer */
@@ -121,6 +127,8 @@ struct x509_certificate {
         struct asn1_cursor raw;
         /** Version */
         unsigned int version;
+       /** Serial number */
+       struct x509_serial serial;
         /** Raw tbsCertificate */
         struct asn1_cursor tbs;
         /** Signature algorithm */
author	Michael Brown <mcb30@ipxe.org>
	Wed, 21 Mar 2012 17:14:05 +0000 (17:14 +0000)
committer	Michael Brown <mcb30@ipxe.org>
	Thu, 22 Mar 2012 00:31:22 +0000 (00:31 +0000)
src/crypto/x509.c		patch \| blob \| blame \| history
src/include/ipxe/x509.h		patch \| blob \| blame \| history