david/ipxe
david/ipxe
Archived
1
0
Fork 0
Code

[crypto] Add x509_append_raw()

Browse Source 
Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown 2012-05-08 10:57:50 +01:00
parent 6c8fcd4bb3
commit 99c798d87a
4 changed files with 59 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
src/crypto/cms.c
View File

@ -128,38 +128,23 @@ static int cms_parse_certificates ( struct cms_signature *sig,
/* Add each certificate */
while ( cursor.len ) {
/* Parse certificate */
if ( ( rc = x509_certificate ( cursor.data, cursor.len,
&cert ) ) != 0 ) {
DBGC ( sig, "CMS %p could not parse certificate: %s\n",
sig, strerror ( rc) );
DBGC_HDA ( sig, 0, cursor.data, cursor.len );
goto err_parse;
}
DBGC ( sig, "CMS %p found certificate %s\n",
sig, cert->subject.name );
/* Add certificate to list */
if ( ( rc = x509_append ( sig->certificates, cert ) ) != 0 ) {
/* Add certificate to chain */
if ( ( rc = x509_append_raw ( sig->certificates, cursor.data,
cursor.len ) ) != 0 ) {
DBGC ( sig, "CMS %p could not append certificate: %s\n",
sig, strerror ( rc) );
goto err_append;
DBGC_HDA ( sig, 0, cursor.data, cursor.len );
return rc;
}
/* Drop reference to certificate */
x509_put ( cert );
cert = NULL;
cert = x509_last ( sig->certificates );
DBGC ( sig, "CMS %p found certificate %s\n",
sig, cert->subject.name );
/* Move to next certificate */
asn1_skip_any ( &cursor );
}
return 0;
err_append:
x509_put ( cert );
err_parse:
return rc;
}
/**

32
src/crypto/x509.c
View File

@ -1646,6 +1646,38 @@ int x509_append ( struct x509_chain *chain, struct x509_certificate *cert ) {
return 0;
}
/**
* Append X.509 certificate to X.509 certificate chain
*
* @v chain X.509 certificate chain
* @v data Raw certificate data
* @v len Length of raw data
* @ret rc Return status code
*/
int x509_append_raw ( struct x509_chain *chain, const void *data,
size_t len ) {
struct x509_certificate *cert;
int rc;
/* Parse certificate */
if ( ( rc = x509_certificate ( data, len, &cert ) ) != 0 )
goto err_parse;
/* Append certificate to chain */
if ( ( rc = x509_append ( chain, cert ) ) != 0 )
goto err_append;
/* Drop reference to certificate */
x509_put ( cert );
return 0;
err_append:
x509_put ( cert );
err_parse:
return rc;
}
/**
* Validate X.509 certificate chain
*

16
src/include/ipxe/x509.h
View File

@ -261,6 +261,20 @@ x509_first ( struct x509_chain *chain ) {
return ( link ? link->cert : NULL );
}
/**
* Get last certificate in X.509 certificate chain
*
* @v chain X.509 certificate chain
* @ret cert X.509 certificate, or NULL
*/
static inline __attribute__ (( always_inline )) struct x509_certificate *
x509_last ( struct x509_chain *chain ) {
struct x509_link *link;
link = list_last_entry ( &chain->links, struct x509_link, list );
return ( link ? link->cert : NULL );
}
/** An X.509 extension */
struct x509_extension {
/** Name */
@ -319,6 +333,8 @@ extern int x509_certificate ( const void *data, size_t len,
extern struct x509_chain * x509_alloc_chain ( void );
extern int x509_append ( struct x509_chain *chain,
struct x509_certificate *cert );
extern int x509_append_raw ( struct x509_chain *chain, const void *data,
size_t len );
extern int x509_validate_chain ( struct x509_chain *chain, time_t time,
struct x509_root *root );

23
src/net/tls.c
View File

@ -1312,37 +1312,24 @@ static int tls_parse_chain ( struct tls_session *tls,
goto err_overlength;
}
/* Parse certificate */
if ( ( rc = x509_certificate ( certificate->data,
certificate_len,
&cert ) ) != 0 ) {
DBGC ( tls, "TLS %p could not parse certificate: %s\n",
/* Add certificate to chain */
if ( ( rc = x509_append_raw ( tls->chain, certificate->data,
certificate_len ) ) != 0 ) {
DBGC ( tls, "TLS %p could not append certificate: %s\n",
tls, strerror ( rc ) );
DBGC_HDA ( tls, 0, data, ( end - data ) );
goto err_parse;
}
cert = x509_last ( tls->chain );
DBGC ( tls, "TLS %p found certificate %s\n",
tls, cert->subject.name );
/* Append certificate to chain */
if ( ( rc = x509_append ( tls->chain, cert ) ) != 0 ) {
DBGC ( tls, "TLS %p could not append certificate: %s\n",
tls, strerror ( rc ) );
goto err_append;
}
/* Drop reference to certificate */
x509_put ( cert );
cert = NULL;
/* Move to next certificate in list */
data = next;
}
return 0;
err_append:
x509_put ( cert );
err_parse:
err_overlength:
x509_chain_put ( tls->chain );