robin.thoni
/
ipxe
Volgen 1
Ster 0
Vork 0
Code Kwesties 0 Pull-aanvragen 0 Publicaties 11 Wiki Activiteit
Bladeren bron

[image] Allow "imgtrust" to automatically download cross-signed certificates 

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 13 jaren geleden
bovenliggende
89a354d553
commit
071171e807
1 gewijzigde bestanden met toevoegingen van 13 en 0 verwijderingen
Gecombineerde weergave Toon Diff Stats
  1. 13
    0
      src/usr/imgtrust.c

+ 13
- 0
src/usr/imgtrust.c Bestand weergeven

25 
 #include <ipxe/uaccess.h>
 25 
 #include <ipxe/uaccess.h>
26 
 #include <ipxe/image.h>
 26 
 #include <ipxe/image.h>
27 
 #include <ipxe/cms.h>
 27 
 #include <ipxe/cms.h>
28 
+#include <ipxe/validator.h>
29 
+#include <ipxe/monojob.h>
28 
 #include <usr/imgtrust.h>
 30 
 #include <usr/imgtrust.h>
29
31
30 
 /** @file
 32 
 /** @file
46 
 	size_t len;
 48 
 	size_t len;
47 
 	void *data;
 49 
 	void *data;
48 
 	struct cms_signature *sig;
 50 
 	struct cms_signature *sig;
51 
+	struct cms_signer_info *info;
49 
 	time_t now;
 52 
 	time_t now;
50 
 	int rc;
 53 
 	int rc;
51
54
69 
 	free ( data );
 72 
 	free ( data );
70 
 	data = NULL;
 73 
 	data = NULL;
71
74
75 
+	/* Complete all certificate chains */
76 
+	list_for_each_entry ( info, &sig->info, list ) {
77 
+		if ( ( rc = create_validator ( &monojob, info->chain ) ) != 0 )
78 
+			goto err_create_validator;
79 
+		if ( ( rc = monojob_wait ( NULL ) ) != 0 )
80 
+			goto err_validator_wait;
81 
+	}
82 
+
72 
 	/* Use signature to verify image */
 83 
 	/* Use signature to verify image */
73 
 	now = time ( NULL );
 84 
 	now = time ( NULL );
74 
 	if ( ( rc = cms_verify ( sig, image->data, image->len,
 85 
 	if ( ( rc = cms_verify ( sig, image->data, image->len,
86 
 	return 0;
 97 
 	return 0;
87
98
88 
  err_verify:
 99 
  err_verify:
100 
+ err_validator_wait:
101 
+ err_create_validator:
89 
 	cms_put ( sig );
 102 
 	cms_put ( sig );
90 
  err_parse:
 103 
  err_parse:
91 
 	free ( data );
 104 
 	free ( data );

Schrijf Voorbeeld
Laden…
Annuleren
Opslaan