From 942b798c8d143042fc17c7fadea528fee5cbebc2 Mon Sep 17 00:00:00 2001
From: Michael Brown <mcb30@ipxe.org>
Date: Fri, 29 Jul 2016 15:40:39 +0100
Subject: [PATCH] [crypto] Enable both DER and PEM formats by default

Enable both IMAGE_DER and IMAGE_PEM by default, and drag in the
relevant objects only when image_asn1() is present in the binary.

This allows "imgverify" to transparently use either DER or PEM
signature files.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/config/config.c      |  6 ------
 src/config/config_asn1.c | 39 +++++++++++++++++++++++++++++++++++++
 src/config/general.h     |  4 ++--
 src/core/image.c         | 35 ---------------------------------
 src/crypto/asn1.c        | 42 ++++++++++++++++++++++++++++++++++++++++
 5 files changed, 83 insertions(+), 43 deletions(-)
 create mode 100644 src/config/config_asn1.c

diff --git a/src/config/config.c b/src/config/config.c
index c24b58d5..e24cfe0d 100644
--- a/src/config/config.c
+++ b/src/config/config.c
@@ -188,12 +188,6 @@ REQUIRE_OBJECT ( pnm );
 #ifdef IMAGE_PNG
 REQUIRE_OBJECT ( png );
 #endif
-#ifdef IMAGE_DER
-REQUIRE_OBJECT ( der );
-#endif
-#ifdef IMAGE_PEM
-REQUIRE_OBJECT ( pem );
-#endif
 
 /*
  * Drag in all requested commands
diff --git a/src/config/config_asn1.c b/src/config/config_asn1.c
new file mode 100644
index 00000000..c4419d04
--- /dev/null
+++ b/src/config/config_asn1.c
@@ -0,0 +1,39 @@
+/*
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ * You can also choose to distribute this program under the terms of
+ * the Unmodified Binary Distribution Licence (as given in the file
+ * COPYING.UBDL), provided that you have satisfied its requirements.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+#include <config/general.h>
+
+/** @file
+ *
+ * ASN.1 file format configuration
+ *
+ */
+
+PROVIDE_REQUIRING_SYMBOL();
+
+#ifdef IMAGE_DER
+REQUIRE_OBJECT ( der );
+#endif
+#ifdef IMAGE_PEM
+REQUIRE_OBJECT ( pem );
+#endif
diff --git a/src/config/general.h b/src/config/general.h
index efded483..38d629cc 100644
--- a/src/config/general.h
+++ b/src/config/general.h
@@ -112,8 +112,8 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 //#define	IMAGE_SDI		/* SDI image support */
 //#define	IMAGE_PNM		/* PNM image support */
 //#define	IMAGE_PNG		/* PNG image support */
-//#define	IMAGE_DER		/* DER image support */
-//#define	IMAGE_PEM		/* PEM image support */
+#define	IMAGE_DER		/* DER image support */
+#define	IMAGE_PEM		/* PEM image support */
 
 /*
  * Command-line commands to include
diff --git a/src/core/image.c b/src/core/image.c
index b4785269..a185b82f 100644
--- a/src/core/image.c
+++ b/src/core/image.c
@@ -505,38 +505,3 @@ int image_pixbuf ( struct image *image, struct pixel_buffer **pixbuf ) {
 
 	return 0;
 }
-
-/**
- * Extract ASN.1 object from image
- *
- * @v image		Image
- * @v offset		Offset within image
- * @v cursor		ASN.1 cursor to fill in
- * @ret next		Offset to next image, or negative error
- *
- * The caller is responsible for eventually calling free() on the
- * allocated ASN.1 cursor.
- */
-int image_asn1 ( struct image *image, size_t offset,
-		 struct asn1_cursor **cursor ) {
-	int next;
-	int rc;
-
-	/* Sanity check */
-	assert ( offset <= image->len );
-
-	/* Check that this image can be used to extract an ASN.1 object */
-	if ( ! ( image->type && image->type->asn1 ) )
-		return -ENOTSUP;
-
-	/* Try creating ASN.1 cursor */
-	next = image->type->asn1 ( image, offset, cursor );
-	if ( next < 0 ) {
-		rc = next;
-		DBGC ( image, "IMAGE %s could not extract ASN.1 object: %s\n",
-		       image->name, strerror ( rc ) );
-		return rc;
-	}
-
-	return next;
-}
diff --git a/src/crypto/asn1.c b/src/crypto/asn1.c
index 03eb18f7..ff56e1f3 100644
--- a/src/crypto/asn1.c
+++ b/src/crypto/asn1.c
@@ -31,6 +31,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <errno.h>
 #include <time.h>
 #include <ipxe/tables.h>
+#include <ipxe/image.h>
 #include <ipxe/asn1.h>
 
 /** @file
@@ -838,3 +839,44 @@ int asn1_wrap ( struct asn1_builder *builder, unsigned int type ) {
 
 	return 0;
 }
+
+/**
+ * Extract ASN.1 object from image
+ *
+ * @v image		Image
+ * @v offset		Offset within image
+ * @v cursor		ASN.1 cursor to fill in
+ * @ret next		Offset to next image, or negative error
+ *
+ * The caller is responsible for eventually calling free() on the
+ * allocated ASN.1 cursor.
+ */
+int image_asn1 ( struct image *image, size_t offset,
+		 struct asn1_cursor **cursor ) {
+	int next;
+	int rc;
+
+	/* Sanity check */
+	assert ( offset <= image->len );
+
+	/* Check that this image can be used to extract an ASN.1 object */
+	if ( ! ( image->type && image->type->asn1 ) )
+		return -ENOTSUP;
+
+	/* Try creating ASN.1 cursor */
+	next = image->type->asn1 ( image, offset, cursor );
+	if ( next < 0 ) {
+		rc = next;
+		DBGC ( image, "IMAGE %s could not extract ASN.1 object: %s\n",
+		       image->name, strerror ( rc ) );
+		return rc;
+	}
+
+	return next;
+}
+
+/* Drag in objects via image_asn1() */
+REQUIRING_SYMBOL ( image_asn1 );
+
+/* Drag in ASN.1 image formats */
+REQUIRE_OBJECT ( config_asn1 );