Store raw SubjectPublicKeyInfo when parsing cert

Modify the x509_crt.c and pkparse.c slightly so that the certificate
parsing (and mbedtls_x509_crt) keeps a pointer to the raw DER structure
containing the SubjectPublicKeyInfo. This improves the efficiency of
the OCSP response verification because we have to take the hash of the
certificate's key.

include/mbedtls/pk.h

@@ -44,6 +44,8 @@
 #include "ecdsa.h"
 #endif
 
+#include "asn1.h"
+
 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
     !defined(inline) && !defined(__cplusplus)
 #define inline __inline
@@ -584,6 +586,22 @@ int mbedtls_pk_write_key_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_
  */
 int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
                         mbedtls_pk_context *pk );
+
+/**
+ * \brief           Parse a SubjectPublicKeyInfo DER structure and store a
+ *                  pointer to the raw data
+ *
+ * \param p         the position in the ASN.1 data
+ * \param end       end of the buffer
+ * \param pk        the key to fill
+ * \param buf       the ASN.1 buffer pointing to the start of the raw DER
+ *
+ * \return          0 if successful, or a specific PK error code
+ */
+int mbedtls_pk_parse_subpubkey_with_buf( unsigned char **p,
+                                         const unsigned char *end,
+                                         mbedtls_pk_context *pk,
+                                         mbedtls_asn1_buf *buf );
 #endif /* MBEDTLS_PK_PARSE_C */
 
 #if defined(MBEDTLS_PK_WRITE_C)

include/mbedtls/x509_crt.h

@@ -67,6 +67,7 @@ typedef struct mbedtls_x509_crt
     mbedtls_x509_time valid_from;       /**< Start time of certificate validity. */
     mbedtls_x509_time valid_to;         /**< End time of certificate validity. */
 
+    mbedtls_x509_buf pk_raw;
     mbedtls_pk_context pk;              /**< Container for the public key context. */
 
     mbedtls_x509_buf issuer_id;         /**< Optional X.509 v2/v3 issuer unique identifier. */