david/ipxe
david/ipxe
Archived
1
0
Fork 0
Code

[crypto] Add x509_append_raw()

Browse Source 
Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown 2012-05-08 10:57:50 +01:00
parent 6c8fcd4bb3
commit 99c798d87a
4 changed files with 59 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/crypto/cms.c
View File

@ -128,38 +128,23 @@ static int cms_parse_certificates ( struct cms_signature *sig,
/* Add each certificate */ /* Add each certificate */
while ( cursor.len ) { while ( cursor.len ) {
/* Parse certificate */ /* Add certificate to chain */
if ( ( rc = x509_certificate ( cursor.data, cursor.len, if ( ( rc = x509_append_raw ( sig->certificates, cursor.data,
&cert ) ) != 0 ) { cursor.len ) ) != 0 ) {
DBGC ( sig, "CMS %p could not parse certificate: %s\n", DBGC ( sig, "CMS %p could not append certificate: %s\n",
sig, strerror ( rc) ); sig, strerror ( rc) );
DBGC_HDA ( sig, 0, cursor.data, cursor.len ); DBGC_HDA ( sig, 0, cursor.data, cursor.len );
goto err_parse; return rc;
} }
cert = x509_last ( sig->certificates );
DBGC ( sig, "CMS %p found certificate %s\n", DBGC ( sig, "CMS %p found certificate %s\n",
sig, cert->subject.name ); sig, cert->subject.name );
/* Add certificate to list */
if ( ( rc = x509_append ( sig->certificates, cert ) ) != 0 ) {
DBGC ( sig, "CMS %p could not append certificate: %s\n",
sig, strerror ( rc ) );
goto err_append;
}
/* Drop reference to certificate */
x509_put ( cert );
cert = NULL;
/* Move to next certificate */ /* Move to next certificate */
asn1_skip_any ( &cursor ); asn1_skip_any ( &cursor );
} }
return 0; return 0;
err_append:
x509_put ( cert );
err_parse:
return rc;
} }
/** /**

32
src/crypto/x509.c
View File

@ -1646,6 +1646,38 @@ int x509_append ( struct x509_chain *chain, struct x509_certificate *cert ) {
return 0; return 0;
} }
/**
* Append X.509 certificate to X.509 certificate chain
*
* @v chain X.509 certificate chain
* @v data Raw certificate data
* @v len Length of raw data
* @ret rc Return status code
*/
int x509_append_raw ( struct x509_chain *chain, const void *data,
size_t len ) {
struct x509_certificate *cert;
int rc;
/* Parse certificate */
if ( ( rc = x509_certificate ( data, len, &cert ) ) != 0 )
goto err_parse;
/* Append certificate to chain */
if ( ( rc = x509_append ( chain, cert ) ) != 0 )
goto err_append;
/* Drop reference to certificate */
x509_put ( cert );
return 0;
err_append:
x509_put ( cert );
err_parse:
return rc;
}
/** /**
* Validate X.509 certificate chain * Validate X.509 certificate chain
* *

16
src/include/ipxe/x509.h
View File

@ -261,6 +261,20 @@ x509_first ( struct x509_chain *chain ) {
return ( link ? link->cert : NULL ); return ( link ? link->cert : NULL );
} }
/**
* Get last certificate in X.509 certificate chain
*
* @v chain X.509 certificate chain
* @ret cert X.509 certificate, or NULL
*/
static inline __attribute__ (( always_inline )) struct x509_certificate *
x509_last ( struct x509_chain *chain ) {
struct x509_link *link;
link = list_last_entry ( &chain->links, struct x509_link, list );
return ( link ? link->cert : NULL );
}
/** An X.509 extension */ /** An X.509 extension */
struct x509_extension { struct x509_extension {
/** Name */ /** Name */
@ -319,6 +333,8 @@ extern int x509_certificate ( const void *data, size_t len,
extern struct x509_chain * x509_alloc_chain ( void ); extern struct x509_chain * x509_alloc_chain ( void );
extern int x509_append ( struct x509_chain *chain, extern int x509_append ( struct x509_chain *chain,
struct x509_certificate *cert ); struct x509_certificate *cert );
extern int x509_append_raw ( struct x509_chain *chain, const void *data,
size_t len );
extern int x509_validate_chain ( struct x509_chain *chain, time_t time, extern int x509_validate_chain ( struct x509_chain *chain, time_t time,
struct x509_root *root ); struct x509_root *root );

23
src/net/tls.c
View File

@ -1312,37 +1312,24 @@ static int tls_parse_chain ( struct tls_session *tls,
goto err_overlength; goto err_overlength;
} }
/* Parse certificate */ /* Add certificate to chain */
if ( ( rc = x509_certificate ( certificate->data, if ( ( rc = x509_append_raw ( tls->chain, certificate->data,
certificate_len, certificate_len ) ) != 0 ) {
&cert ) ) != 0 ) { DBGC ( tls, "TLS %p could not append certificate: %s\n",
DBGC ( tls, "TLS %p could not parse certificate: %s\n",
tls, strerror ( rc ) ); tls, strerror ( rc ) );
DBGC_HDA ( tls, 0, data, ( end - data ) ); DBGC_HDA ( tls, 0, data, ( end - data ) );
goto err_parse; goto err_parse;
} }
cert = x509_last ( tls->chain );
DBGC ( tls, "TLS %p found certificate %s\n", DBGC ( tls, "TLS %p found certificate %s\n",
tls, cert->subject.name ); tls, cert->subject.name );
/* Append certificate to chain */
if ( ( rc = x509_append ( tls->chain, cert ) ) != 0 ) {
DBGC ( tls, "TLS %p could not append certificate: %s\n",
tls, strerror ( rc ) );
goto err_append;
}
/* Drop reference to certificate */
x509_put ( cert );
cert = NULL;
/* Move to next certificate in list */ /* Move to next certificate in list */
data = next; data = next;
} }
return 0; return 0;
err_append:
x509_put ( cert );
err_parse: err_parse:
err_overlength: err_overlength:
x509_chain_put ( tls->chain ); x509_chain_put ( tls->chain );