summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Brown2016-08-25 16:35:44 +0200
committerMichael Brown2016-08-25 16:41:25 +0200
commite564a4e7d6b5aa0dca94399c695f2d7cac949648 (patch)
tree7f34d0aa5d174ce82a396c28eb1978bcf5ac6adc
parent[pixbuf] Enable PNG format by default (diff)
downloadipxe-e564a4e7d6b5aa0dca94399c695f2d7cac949648.tar.gz
ipxe-e564a4e7d6b5aa0dca94399c695f2d7cac949648.tar.xz
ipxe-e564a4e7d6b5aa0dca94399c695f2d7cac949648.zip
[crypto] Add image_x509() to extract X.509 certificates from image
Signed-off-by: Michael Brown <mcb30@ipxe.org>
-rw-r--r--src/crypto/x509.c42
-rw-r--r--src/include/ipxe/x509.h4
2 files changed, 46 insertions, 0 deletions
diff --git a/src/crypto/x509.c b/src/crypto/x509.c
index 43a4ca17..28267191 100644
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@@ -39,6 +39,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
#include <ipxe/certstore.h>
#include <ipxe/socket.h>
#include <ipxe/in.h>
+#include <ipxe/image.h>
#include <ipxe/x509.h>
#include <config/crypto.h>
@@ -1766,6 +1767,47 @@ int x509_validate_chain ( struct x509_chain *chain, time_t time,
return -EACCES_USELESS;
}
+/**
+ * Extract X.509 certificate object from image
+ *
+ * @v image Image
+ * @v offset Offset within image
+ * @ret cert X.509 certificate
+ * @ret next Offset to next image, or negative error
+ *
+ * On success, the caller holds a reference to the X.509 certificate,
+ * and is responsible for ultimately calling x509_put().
+ */
+int image_x509 ( struct image *image, size_t offset,
+ struct x509_certificate **cert ) {
+ struct asn1_cursor *cursor;
+ int next;
+ int rc;
+
+ /* Get ASN.1 object */
+ next = image_asn1 ( image, offset, &cursor );
+ if ( next < 0 ) {
+ rc = next;
+ goto err_asn1;
+ }
+
+ /* Parse certificate */
+ if ( ( rc = x509_certificate ( cursor->data, cursor->len,
+ cert ) ) != 0 )
+ goto err_certificate;
+
+ /* Free ASN.1 object */
+ free ( cursor );
+
+ return next;
+
+ x509_put ( *cert );
+ err_certificate:
+ free ( cursor );
+ err_asn1:
+ return rc;
+}
+
/* Drag in objects via x509_validate() */
REQUIRING_SYMBOL ( x509_validate );
diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h
index 0daaf5e5..80c2e3c6 100644
--- a/src/include/ipxe/x509.h
+++ b/src/include/ipxe/x509.h
@@ -16,6 +16,8 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
#include <ipxe/refcnt.h>
#include <ipxe/list.h>
+struct image;
+
/** An X.509 serial number */
struct x509_serial {
/** Raw serial number */
@@ -358,6 +360,8 @@ extern int x509_auto_append ( struct x509_chain *chain,
extern int x509_validate_chain ( struct x509_chain *chain, time_t time,
struct x509_chain *store,
struct x509_root *root );
+extern int image_x509 ( struct image *image, size_t offset,
+ struct x509_certificate **cert );
/* Functions exposed only for unit testing */
extern int x509_check_issuer ( struct x509_certificate *cert,