Sfoglia il codice sorgente

[crypto] Add x509_append_raw()

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 12 anni fa
parent
commit
99c798d87a
4 ha cambiato i file con 59 aggiunte e 39 eliminazioni
  1. 6
    21
      src/crypto/cms.c
  2. 32
    0
      src/crypto/x509.c
  3. 16
    0
      src/include/ipxe/x509.h
  4. 5
    18
      src/net/tls.c

+ 6
- 21
src/crypto/cms.c Vedi File

@@ -128,38 +128,23 @@ static int cms_parse_certificates ( struct cms_signature *sig,
128 128
 	/* Add each certificate */
129 129
 	while ( cursor.len ) {
130 130
 
131
-		/* Parse certificate */
132
-		if ( ( rc = x509_certificate ( cursor.data, cursor.len,
133
-					       &cert ) ) != 0 ) {
134
-			DBGC ( sig, "CMS %p could not parse certificate: %s\n",
131
+		/* Add certificate to chain */
132
+		if ( ( rc = x509_append_raw ( sig->certificates, cursor.data,
133
+					      cursor.len ) ) != 0 ) {
134
+			DBGC ( sig, "CMS %p could not append certificate: %s\n",
135 135
 			       sig, strerror ( rc) );
136 136
 			DBGC_HDA ( sig, 0, cursor.data, cursor.len );
137
-			goto err_parse;
137
+			return rc;
138 138
 		}
139
+		cert = x509_last ( sig->certificates );
139 140
 		DBGC ( sig, "CMS %p found certificate %s\n",
140 141
 		       sig, cert->subject.name );
141 142
 
142
-		/* Add certificate to list */
143
-		if ( ( rc = x509_append ( sig->certificates, cert ) ) != 0 ) {
144
-			DBGC ( sig, "CMS %p could not append certificate: %s\n",
145
-			       sig, strerror ( rc ) );
146
-			goto err_append;
147
-		}
148
-
149
-		/* Drop reference to certificate */
150
-		x509_put ( cert );
151
-		cert = NULL;
152
-
153 143
 		/* Move to next certificate */
154 144
 		asn1_skip_any ( &cursor );
155 145
 	}
156 146
 
157 147
 	return 0;
158
-
159
- err_append:
160
-	x509_put ( cert );
161
- err_parse:
162
-	return rc;
163 148
 }
164 149
 
165 150
 /**

+ 32
- 0
src/crypto/x509.c Vedi File

@@ -1646,6 +1646,38 @@ int x509_append ( struct x509_chain *chain, struct x509_certificate *cert ) {
1646 1646
 	return 0;
1647 1647
 }
1648 1648
 
1649
+/**
1650
+ * Append X.509 certificate to X.509 certificate chain
1651
+ *
1652
+ * @v chain		X.509 certificate chain
1653
+ * @v data		Raw certificate data
1654
+ * @v len		Length of raw data
1655
+ * @ret rc		Return status code
1656
+ */
1657
+int x509_append_raw ( struct x509_chain *chain, const void *data,
1658
+		      size_t len ) {
1659
+	struct x509_certificate *cert;
1660
+	int rc;
1661
+
1662
+	/* Parse certificate */
1663
+	if ( ( rc = x509_certificate ( data, len, &cert ) ) != 0 )
1664
+		goto err_parse;
1665
+
1666
+	/* Append certificate to chain */
1667
+	if ( ( rc = x509_append ( chain, cert ) ) != 0 )
1668
+		goto err_append;
1669
+
1670
+	/* Drop reference to certificate */
1671
+	x509_put ( cert );
1672
+
1673
+	return 0;
1674
+
1675
+ err_append:
1676
+	x509_put ( cert );
1677
+ err_parse:
1678
+	return rc;
1679
+}
1680
+
1649 1681
 /**
1650 1682
  * Validate X.509 certificate chain
1651 1683
  *

+ 16
- 0
src/include/ipxe/x509.h Vedi File

@@ -261,6 +261,20 @@ x509_first ( struct x509_chain *chain ) {
261 261
 	return ( link ? link->cert : NULL );
262 262
 }
263 263
 
264
+/**
265
+ * Get last certificate in X.509 certificate chain
266
+ *
267
+ * @v chain		X.509 certificate chain
268
+ * @ret cert		X.509 certificate, or NULL
269
+ */
270
+static inline __attribute__ (( always_inline )) struct x509_certificate *
271
+x509_last ( struct x509_chain *chain ) {
272
+	struct x509_link *link;
273
+
274
+	link = list_last_entry ( &chain->links, struct x509_link, list );
275
+	return ( link ? link->cert : NULL );
276
+}
277
+
264 278
 /** An X.509 extension */
265 279
 struct x509_extension {
266 280
 	/** Name */
@@ -319,6 +333,8 @@ extern int x509_certificate ( const void *data, size_t len,
319 333
 extern struct x509_chain * x509_alloc_chain ( void );
320 334
 extern int x509_append ( struct x509_chain *chain,
321 335
 			 struct x509_certificate *cert );
336
+extern int x509_append_raw ( struct x509_chain *chain, const void *data,
337
+			     size_t len );
322 338
 extern int x509_validate_chain ( struct x509_chain *chain, time_t time,
323 339
 				 struct x509_root *root );
324 340
 

+ 5
- 18
src/net/tls.c Vedi File

@@ -1312,37 +1312,24 @@ static int tls_parse_chain ( struct tls_session *tls,
1312 1312
 			goto err_overlength;
1313 1313
 		}
1314 1314
 
1315
-		/* Parse certificate */
1316
-		if ( ( rc = x509_certificate ( certificate->data,
1317
-					       certificate_len,
1318
-					       &cert ) ) != 0 ) {
1319
-			DBGC ( tls, "TLS %p could not parse certificate: %s\n",
1315
+		/* Add certificate to chain */
1316
+		if ( ( rc = x509_append_raw ( tls->chain, certificate->data,
1317
+					      certificate_len ) ) != 0 ) {
1318
+			DBGC ( tls, "TLS %p could not append certificate: %s\n",
1320 1319
 			       tls, strerror ( rc ) );
1321 1320
 			DBGC_HDA ( tls, 0, data, ( end - data ) );
1322 1321
 			goto err_parse;
1323 1322
 		}
1323
+		cert = x509_last ( tls->chain );
1324 1324
 		DBGC ( tls, "TLS %p found certificate %s\n",
1325 1325
 		       tls, cert->subject.name );
1326 1326
 
1327
-		/* Append certificate to chain */
1328
-		if ( ( rc = x509_append ( tls->chain, cert ) ) != 0 ) {
1329
-			DBGC ( tls, "TLS %p could not append certificate: %s\n",
1330
-			       tls, strerror ( rc ) );
1331
-			goto err_append;
1332
-		}
1333
-
1334
-		/* Drop reference to certificate */
1335
-		x509_put ( cert );
1336
-		cert = NULL;
1337
-
1338 1327
 		/* Move to next certificate in list */
1339 1328
 		data = next;
1340 1329
 	}
1341 1330
 
1342 1331
 	return 0;
1343 1332
 
1344
- err_append:
1345
-	x509_put ( cert );
1346 1333
  err_parse:
1347 1334
  err_overlength:
1348 1335
 	x509_chain_put ( tls->chain );

Loading…
Annulla
Salva