summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Brown2016-07-28 17:22:08 +0200
committerMichael Brown2016-07-29 16:03:20 +0200
commit829fedafcb107d41fb0753361acae5efee376c58 (patch)
tree00d5493682a0ff4144c38d5cc86355e6602f821d
parent[crypto] Add PEM image format (diff)
downloadipxe-829fedafcb107d41fb0753361acae5efee376c58.tar.gz
ipxe-829fedafcb107d41fb0753361acae5efee376c58.tar.xz
ipxe-829fedafcb107d41fb0753361acae5efee376c58.zip
[image] Use image_asn1() to extract data from CMS signature images
Signed-off-by: Michael Brown <mcb30@ipxe.org>
-rw-r--r--src/hci/commands/image_trust_cmd.c1
-rw-r--r--src/usr/imgtrust.c22
2 files changed, 11 insertions, 12 deletions
diff --git a/src/hci/commands/image_trust_cmd.c b/src/hci/commands/image_trust_cmd.c
index f9d6b5b3..03e3e443 100644
--- a/src/hci/commands/image_trust_cmd.c
+++ b/src/hci/commands/image_trust_cmd.c
@@ -181,3 +181,4 @@ REQUIRE_OBJECT ( rsa );
REQUIRE_OBJECT ( md5 );
REQUIRE_OBJECT ( sha1 );
REQUIRE_OBJECT ( sha256 );
+REQUIRE_OBJECT ( der );
diff --git a/src/usr/imgtrust.c b/src/usr/imgtrust.c
index a269833a..595ea6b2 100644
--- a/src/usr/imgtrust.c
+++ b/src/usr/imgtrust.c
@@ -50,30 +50,28 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
*/
int imgverify ( struct image *image, struct image *signature,
const char *name ) {
- size_t len;
- void *data;
+ struct asn1_cursor *data;
struct cms_signature *sig;
struct cms_signer_info *info;
time_t now;
+ int next;
int rc;
/* Mark image as untrusted */
image_untrust ( image );
- /* Copy signature to internal memory */
- len = signature->len;
- data = malloc ( len );
- if ( ! data ) {
- rc = -ENOMEM;
- goto err_alloc;
+ /* Get raw signature data */
+ next = image_asn1 ( signature, 0, &data );
+ if ( next < 0 ) {
+ rc = next;
+ goto err_asn1;
}
- copy_from_user ( data, signature->data, 0, len );
/* Parse signature */
- if ( ( rc = cms_signature ( data, len, &sig ) ) != 0 )
+ if ( ( rc = cms_signature ( data->data, data->len, &sig ) ) != 0 )
goto err_parse;
- /* Free internal copy of signature */
+ /* Free raw signature data */
free ( data );
data = NULL;
@@ -107,7 +105,7 @@ int imgverify ( struct image *image, struct image *signature,
cms_put ( sig );
err_parse:
free ( data );
- err_alloc:
+ err_asn1:
syslog ( LOG_ERR, "Image \"%s\" signature bad: %s\n",
image->name, strerror ( rc ) );
return rc;