|
@@ -39,6 +39,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
|
39
|
39
|
#include <ipxe/certstore.h>
|
40
|
40
|
#include <ipxe/socket.h>
|
41
|
41
|
#include <ipxe/in.h>
|
|
42
|
+#include <ipxe/image.h>
|
42
|
43
|
#include <ipxe/x509.h>
|
43
|
44
|
#include <config/crypto.h>
|
44
|
45
|
|
|
@@ -1766,6 +1767,47 @@ int x509_validate_chain ( struct x509_chain *chain, time_t time,
|
1766
|
1767
|
return -EACCES_USELESS;
|
1767
|
1768
|
}
|
1768
|
1769
|
|
|
1770
|
+/**
|
|
1771
|
+ * Extract X.509 certificate object from image
|
|
1772
|
+ *
|
|
1773
|
+ * @v image Image
|
|
1774
|
+ * @v offset Offset within image
|
|
1775
|
+ * @ret cert X.509 certificate
|
|
1776
|
+ * @ret next Offset to next image, or negative error
|
|
1777
|
+ *
|
|
1778
|
+ * On success, the caller holds a reference to the X.509 certificate,
|
|
1779
|
+ * and is responsible for ultimately calling x509_put().
|
|
1780
|
+ */
|
|
1781
|
+int image_x509 ( struct image *image, size_t offset,
|
|
1782
|
+ struct x509_certificate **cert ) {
|
|
1783
|
+ struct asn1_cursor *cursor;
|
|
1784
|
+ int next;
|
|
1785
|
+ int rc;
|
|
1786
|
+
|
|
1787
|
+ /* Get ASN.1 object */
|
|
1788
|
+ next = image_asn1 ( image, offset, &cursor );
|
|
1789
|
+ if ( next < 0 ) {
|
|
1790
|
+ rc = next;
|
|
1791
|
+ goto err_asn1;
|
|
1792
|
+ }
|
|
1793
|
+
|
|
1794
|
+ /* Parse certificate */
|
|
1795
|
+ if ( ( rc = x509_certificate ( cursor->data, cursor->len,
|
|
1796
|
+ cert ) ) != 0 )
|
|
1797
|
+ goto err_certificate;
|
|
1798
|
+
|
|
1799
|
+ /* Free ASN.1 object */
|
|
1800
|
+ free ( cursor );
|
|
1801
|
+
|
|
1802
|
+ return next;
|
|
1803
|
+
|
|
1804
|
+ x509_put ( *cert );
|
|
1805
|
+ err_certificate:
|
|
1806
|
+ free ( cursor );
|
|
1807
|
+ err_asn1:
|
|
1808
|
+ return rc;
|
|
1809
|
+}
|
|
1810
|
+
|
1769
|
1811
|
/* Drag in objects via x509_validate() */
|
1770
|
1812
|
REQUIRING_SYMBOL ( x509_validate );
|
1771
|
1813
|
|