Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[crypto] Add x509_append_raw()
Signed-off-by: Michael Brown <mcb30@ipxe.org>
  • Loading branch information
mcb30 committed May 8, 2012
1 parent 6c8fcd4 commit 99c798d
Show file tree
Hide file tree
Showing 4 changed files with 59 additions and 39 deletions.
27 changes: 6 additions & 21 deletions src/crypto/cms.c
Expand Up @@ -128,38 +128,23 @@ static int cms_parse_certificates ( struct cms_signature *sig,
/* Add each certificate */
while ( cursor.len ) {

/* Parse certificate */
if ( ( rc = x509_certificate ( cursor.data, cursor.len,
&cert ) ) != 0 ) {
DBGC ( sig, "CMS %p could not parse certificate: %s\n",
/* Add certificate to chain */
if ( ( rc = x509_append_raw ( sig->certificates, cursor.data,
cursor.len ) ) != 0 ) {
DBGC ( sig, "CMS %p could not append certificate: %s\n",
sig, strerror ( rc) );
DBGC_HDA ( sig, 0, cursor.data, cursor.len );
goto err_parse;
return rc;
}
cert = x509_last ( sig->certificates );
DBGC ( sig, "CMS %p found certificate %s\n",
sig, cert->subject.name );

/* Add certificate to list */
if ( ( rc = x509_append ( sig->certificates, cert ) ) != 0 ) {
DBGC ( sig, "CMS %p could not append certificate: %s\n",
sig, strerror ( rc ) );
goto err_append;
}

/* Drop reference to certificate */
x509_put ( cert );
cert = NULL;

/* Move to next certificate */
asn1_skip_any ( &cursor );
}

return 0;

err_append:
x509_put ( cert );
err_parse:
return rc;
}

/**
Expand Down
32 changes: 32 additions & 0 deletions src/crypto/x509.c
Expand Up @@ -1646,6 +1646,38 @@ int x509_append ( struct x509_chain *chain, struct x509_certificate *cert ) {
return 0;
}

/**
* Append X.509 certificate to X.509 certificate chain
*
* @v chain X.509 certificate chain
* @v data Raw certificate data
* @v len Length of raw data
* @ret rc Return status code
*/
int x509_append_raw ( struct x509_chain *chain, const void *data,
size_t len ) {
struct x509_certificate *cert;
int rc;

/* Parse certificate */
if ( ( rc = x509_certificate ( data, len, &cert ) ) != 0 )
goto err_parse;

/* Append certificate to chain */
if ( ( rc = x509_append ( chain, cert ) ) != 0 )
goto err_append;

/* Drop reference to certificate */
x509_put ( cert );

return 0;

err_append:
x509_put ( cert );
err_parse:
return rc;
}

/**
* Validate X.509 certificate chain
*
Expand Down
16 changes: 16 additions & 0 deletions src/include/ipxe/x509.h
Expand Up @@ -261,6 +261,20 @@ x509_first ( struct x509_chain *chain ) {
return ( link ? link->cert : NULL );
}

/**
* Get last certificate in X.509 certificate chain
*
* @v chain X.509 certificate chain
* @ret cert X.509 certificate, or NULL
*/
static inline __attribute__ (( always_inline )) struct x509_certificate *
x509_last ( struct x509_chain *chain ) {
struct x509_link *link;

link = list_last_entry ( &chain->links, struct x509_link, list );
return ( link ? link->cert : NULL );
}

/** An X.509 extension */
struct x509_extension {
/** Name */
Expand Down Expand Up @@ -319,6 +333,8 @@ extern int x509_certificate ( const void *data, size_t len,
extern struct x509_chain * x509_alloc_chain ( void );
extern int x509_append ( struct x509_chain *chain,
struct x509_certificate *cert );
extern int x509_append_raw ( struct x509_chain *chain, const void *data,
size_t len );
extern int x509_validate_chain ( struct x509_chain *chain, time_t time,
struct x509_root *root );

Expand Down
23 changes: 5 additions & 18 deletions src/net/tls.c
Expand Up @@ -1312,37 +1312,24 @@ static int tls_parse_chain ( struct tls_session *tls,
goto err_overlength;
}

/* Parse certificate */
if ( ( rc = x509_certificate ( certificate->data,
certificate_len,
&cert ) ) != 0 ) {
DBGC ( tls, "TLS %p could not parse certificate: %s\n",
/* Add certificate to chain */
if ( ( rc = x509_append_raw ( tls->chain, certificate->data,
certificate_len ) ) != 0 ) {
DBGC ( tls, "TLS %p could not append certificate: %s\n",
tls, strerror ( rc ) );
DBGC_HDA ( tls, 0, data, ( end - data ) );
goto err_parse;
}
cert = x509_last ( tls->chain );
DBGC ( tls, "TLS %p found certificate %s\n",
tls, cert->subject.name );

/* Append certificate to chain */
if ( ( rc = x509_append ( tls->chain, cert ) ) != 0 ) {
DBGC ( tls, "TLS %p could not append certificate: %s\n",
tls, strerror ( rc ) );
goto err_append;
}

/* Drop reference to certificate */
x509_put ( cert );
cert = NULL;

/* Move to next certificate in list */
data = next;
}

return 0;

err_append:
x509_put ( cert );
err_parse:
err_overlength:
x509_chain_put ( tls->chain );
Expand Down

0 comments on commit 99c798d

Please sign in to comment.