[crypto] Add x509_is_self_signed() helper function

Signed-off-by: Michael Brown <mcb30@ipxe.org>

3 files changed, 15 insertions, 1 deletions

diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h
index 5cad4597..d2ba49fb 100644
--- a/src/include/ipxe/x509.h
+++ b/src/include/ipxe/x509.h
@@ -374,6 +374,16 @@ x509_root_put ( struct x509_root *root ) {
 	ref_put ( &root->refcnt );
 }
 
+/**
+ * Check if X.509 certificate is self-signed
+ *
+ * @v cert		X.509 certificate
+ * @ret is_self_signed	X.509 certificate is self-signed
+ */
+static inline int x509_is_self_signed ( struct x509_certificate *cert ) {
+	return ( asn1_compare ( &cert->issuer.raw, &cert->subject.raw ) == 0 );
+}
+
 extern const char * x509_name ( struct x509_certificate *cert );
 extern int x509_parse ( struct x509_certificate *cert,
 			const struct asn1_cursor *raw );
diff --git a/src/net/validator.c b/src/net/validator.c
index 693d4464..333c6079 100644
--- a/src/net/validator.c
+++ b/src/net/validator.c
@@ -595,7 +595,7 @@ static void validator_step ( struct validator *validator ) {
 	 * nothing more to do.
 	 */
 	last = x509_last ( validator->chain );
-	if ( asn1_compare ( &last->issuer.raw, &last->subject.raw ) == 0 ) {
+	if ( x509_is_self_signed ( last ) ) {
 		validator_finished ( validator, rc );
 		return;
 	}
diff --git a/src/tests/x509_test.c b/src/tests/x509_test.c
index bc903204..50eb4d78 100644
--- a/src/tests/x509_test.c
+++ b/src/tests/x509_test.c
@@ -1102,6 +1102,10 @@ static void x509_test_exec ( void ) {
 	x509_validate_chain_fail_ok ( &server_chain, test_time,
 				      &empty_store, &test_root );
 
+	/* Check self-signedess */
+	ok ( x509_is_self_signed ( root_crt.cert ) );
+	ok ( ! x509_is_self_signed ( intermediate_crt.cert ) );
+
 	/* Sanity check */
 	assert ( list_empty ( &empty_store.links ) );