|
@@ -175,31 +175,6 @@ cms_find_issuer_serial ( struct cms_signature *sig,
|
175
|
175
|
return NULL;
|
176
|
176
|
}
|
177
|
177
|
|
178
|
|
-/**
|
179
|
|
- * Identify CMS signature certificate by subject
|
180
|
|
- *
|
181
|
|
- * @v sig CMS signature
|
182
|
|
- * @v subject Subject
|
183
|
|
- * @ret cert X.509 certificate, or NULL if not found
|
184
|
|
- */
|
185
|
|
-static struct x509_certificate *
|
186
|
|
-cms_find_subject ( struct cms_signature *sig,
|
187
|
|
- const struct asn1_cursor *subject ) {
|
188
|
|
- struct x509_link *link;
|
189
|
|
- struct x509_certificate *cert;
|
190
|
|
-
|
191
|
|
- /* Scan through certificate list */
|
192
|
|
- list_for_each_entry ( link, &sig->certificates->links, list ) {
|
193
|
|
-
|
194
|
|
- /* Check subject */
|
195
|
|
- cert = link->cert;
|
196
|
|
- if ( asn1_compare ( subject, &cert->subject.raw ) == 0 )
|
197
|
|
- return cert;
|
198
|
|
- }
|
199
|
|
-
|
200
|
|
- return NULL;
|
201
|
|
-}
|
202
|
|
-
|
203
|
178
|
/**
|
204
|
179
|
* Parse CMS signature signer identifier
|
205
|
180
|
*
|
|
@@ -215,7 +190,6 @@ static int cms_parse_signer_identifier ( struct cms_signature *sig,
|
215
|
190
|
struct asn1_cursor serial;
|
216
|
191
|
struct asn1_cursor issuer;
|
217
|
192
|
struct x509_certificate *cert;
|
218
|
|
- struct x509_certificate *previous;
|
219
|
193
|
int rc;
|
220
|
194
|
|
221
|
195
|
/* Enter issuerAndSerialNumber */
|
|
@@ -253,22 +227,20 @@ static int cms_parse_signer_identifier ( struct cms_signature *sig,
|
253
|
227
|
return -ENOENT;
|
254
|
228
|
}
|
255
|
229
|
|
256
|
|
- /* Create certificate chain */
|
257
|
|
- do {
|
258
|
|
- /* Add certificate to chain */
|
259
|
|
- if ( ( rc = x509_append ( info->chain, cert ) ) != 0 ) {
|
260
|
|
- DBGC ( sig, "CMS %p/%p could not append certificate: "
|
261
|
|
- "%s\n", sig, info, strerror ( rc ) );
|
262
|
|
- return rc;
|
263
|
|
- }
|
264
|
|
- DBGC ( sig, "CMS %p/%p added certificate %s\n",
|
265
|
|
- sig, info, cert->subject.name );
|
266
|
|
-
|
267
|
|
- /* Locate next certificate in chain, if any */
|
268
|
|
- previous = cert;
|
269
|
|
- cert = cms_find_subject ( sig, &cert->issuer.raw );
|
|
230
|
+ /* Append certificate to chain */
|
|
231
|
+ if ( ( rc = x509_append ( info->chain, cert ) ) != 0 ) {
|
|
232
|
+ DBGC ( sig, "CMS %p/%p could not append certificate: %s\n",
|
|
233
|
+ sig, info, strerror ( rc ) );
|
|
234
|
+ return rc;
|
|
235
|
+ }
|
270
|
236
|
|
271
|
|
- } while ( ( cert != NULL ) && ( cert != previous ) );
|
|
237
|
+ /* Append remaining certificates to chain */
|
|
238
|
+ if ( ( rc = x509_auto_append ( info->chain,
|
|
239
|
+ sig->certificates ) ) != 0 ) {
|
|
240
|
+ DBGC ( sig, "CMS %p/%p could not append certificates: %s\n",
|
|
241
|
+ sig, info, strerror ( rc ) );
|
|
242
|
+ return rc;
|
|
243
|
+ }
|
272
|
244
|
|
273
|
245
|
return 0;
|
274
|
246
|
}
|