diff options
| author | Michael Brown | 2016-08-25 16:35:44 +0200 |
|---|---|---|
| committer | Michael Brown | 2016-08-25 16:41:25 +0200 |
| commit | e564a4e7d6b5aa0dca94399c695f2d7cac949648 (patch) | |
| tree | 7f34d0aa5d174ce82a396c28eb1978bcf5ac6adc | |
| parent | [pixbuf] Enable PNG format by default (diff) | |
| download | ipxe-e564a4e7d6b5aa0dca94399c695f2d7cac949648.tar.gz ipxe-e564a4e7d6b5aa0dca94399c695f2d7cac949648.tar.xz ipxe-e564a4e7d6b5aa0dca94399c695f2d7cac949648.zip | |
[crypto] Add image_x509() to extract X.509 certificates from image
Signed-off-by: Michael Brown <mcb30@ipxe.org>
| -rw-r--r-- | src/crypto/x509.c | 42 | ||||
| -rw-r--r-- | src/include/ipxe/x509.h | 4 |
2 files changed, 46 insertions, 0 deletions
diff --git a/src/crypto/x509.c b/src/crypto/x509.c index 43a4ca17..28267191 100644 --- a/src/crypto/x509.c +++ b/src/crypto/x509.c @@ -39,6 +39,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <ipxe/certstore.h> #include <ipxe/socket.h> #include <ipxe/in.h> +#include <ipxe/image.h> #include <ipxe/x509.h> #include <config/crypto.h> @@ -1766,6 +1767,47 @@ int x509_validate_chain ( struct x509_chain *chain, time_t time, return -EACCES_USELESS; } +/** + * Extract X.509 certificate object from image + * + * @v image Image + * @v offset Offset within image + * @ret cert X.509 certificate + * @ret next Offset to next image, or negative error + * + * On success, the caller holds a reference to the X.509 certificate, + * and is responsible for ultimately calling x509_put(). + */ +int image_x509 ( struct image *image, size_t offset, + struct x509_certificate **cert ) { + struct asn1_cursor *cursor; + int next; + int rc; + + /* Get ASN.1 object */ + next = image_asn1 ( image, offset, &cursor ); + if ( next < 0 ) { + rc = next; + goto err_asn1; + } + + /* Parse certificate */ + if ( ( rc = x509_certificate ( cursor->data, cursor->len, + cert ) ) != 0 ) + goto err_certificate; + + /* Free ASN.1 object */ + free ( cursor ); + + return next; + + x509_put ( *cert ); + err_certificate: + free ( cursor ); + err_asn1: + return rc; +} + /* Drag in objects via x509_validate() */ REQUIRING_SYMBOL ( x509_validate ); diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h index 0daaf5e5..80c2e3c6 100644 --- a/src/include/ipxe/x509.h +++ b/src/include/ipxe/x509.h @@ -16,6 +16,8 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <ipxe/refcnt.h> #include <ipxe/list.h> +struct image; + /** An X.509 serial number */ struct x509_serial { /** Raw serial number */ @@ -358,6 +360,8 @@ extern int x509_auto_append ( struct x509_chain *chain, extern int x509_validate_chain ( struct x509_chain *chain, time_t time, struct x509_chain *store, struct x509_root *root ); +extern int image_x509 ( struct image *image, size_t offset, + struct x509_certificate **cert ); /* Functions exposed only for unit testing */ extern int x509_check_issuer ( struct x509_certificate *cert, |