From 2d9d0adc4e7539c45a2a0f387bcf60a1f96ed79c Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Wed, 21 Mar 2012 16:48:08 +0000 Subject: [PATCH] [crypto] Add previous certificate in chain as a parameter to parse_next() Signed-off-by: Michael Brown --- src/crypto/x509.c | 10 ++++++---- src/include/ipxe/x509.h | 1 + src/net/tls.c | 5 ++++- src/tests/x509_test.c | 6 +++++- 4 files changed, 16 insertions(+), 6 deletions(-) diff --git a/src/crypto/x509.c b/src/crypto/x509.c index 978fbd95..eb485522 100644 --- a/src/crypto/x509.c +++ b/src/crypto/x509.c @@ -1143,8 +1143,10 @@ int x509_validate_time ( struct x509_certificate *cert, time_t time ) { * @v first Initial X.509 certificate to fill in, or NULL * @ret rc Return status code */ -int x509_validate_chain ( int ( * parse_next ) ( struct x509_certificate *cert, - void *context ), +int x509_validate_chain ( int ( * parse_next ) + ( struct x509_certificate *cert, + const struct x509_certificate *previous, + void *context ), void *context, time_t time, struct x509_root *root, struct x509_certificate *first ) { struct x509_certificate temp[2]; @@ -1159,7 +1161,7 @@ int x509_validate_chain ( int ( * parse_next ) ( struct x509_certificate *cert, root = &root_certificates; /* Get first certificate in chain */ - if ( ( rc = parse_next ( current, context ) ) != 0 ) { + if ( ( rc = parse_next ( current, NULL, context ) ) != 0 ) { DBGC ( context, "X509 chain %p could not get first " "certificate: %s\n", context, strerror ( rc ) ); return rc; @@ -1181,7 +1183,7 @@ int x509_validate_chain ( int ( * parse_next ) ( struct x509_certificate *cert, return 0; /* Get next certificate in chain */ - if ( ( rc = parse_next ( next, context ) ) != 0 ) { + if ( ( rc = parse_next ( next, current, context ) ) != 0 ) { DBGC ( context, "X509 chain %p could not get next " "certificate: %s\n", context, strerror ( rc ) ); return rc; diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h index ca2912fd..427f7955 100644 --- a/src/include/ipxe/x509.h +++ b/src/include/ipxe/x509.h @@ -183,6 +183,7 @@ extern int x509_validate_root ( struct x509_certificate *cert, extern int x509_validate_time ( struct x509_certificate *cert, time_t time ); extern int x509_validate_chain ( int ( * parse_next ) ( struct x509_certificate *cert, + const struct x509_certificate *previous, void *context ), void *context, time_t time, struct x509_root *root, diff --git a/src/net/tls.c b/src/net/tls.c index 4b5891e4..6475f78d 100644 --- a/src/net/tls.c +++ b/src/net/tls.c @@ -1281,10 +1281,13 @@ struct tls_certificate_context { * Parse next certificate in TLS certificate list * * @v cert X.509 certificate to fill in + * @v previous Previous X.509 certificate, or NULL * @v ctx Context * @ret rc Return status code */ -static int tls_parse_next ( struct x509_certificate *cert, void *ctx ) { +static int tls_parse_next ( struct x509_certificate *cert, + const struct x509_certificate *previous __unused, + void *ctx ) { struct tls_certificate_context *context = ctx; struct tls_session *tls = context->tls; const struct { diff --git a/src/tests/x509_test.c b/src/tests/x509_test.c index 6076d9aa..7803315e 100644 --- a/src/tests/x509_test.c +++ b/src/tests/x509_test.c @@ -695,10 +695,14 @@ struct x509_test_chain_context { * Parse next certificate in chain * * @v cert X.509 certificate to parse + * @v previous Previous X.509 certificate, or NULL * @v ctx Chain context * @ret rc Return status code */ -static int x509_test_parse_next ( struct x509_certificate *cert, void *ctx ) { +static int +x509_test_parse_next ( struct x509_certificate *cert, + const struct x509_certificate *previous __unused, + void *ctx ) { struct x509_test_chain_context *context = ctx; struct x509_test_certificate *test_cert;