diff options
| author | Michael Brown | 2012-05-08 11:57:50 +0200 |
|---|---|---|
| committer | Michael Brown | 2012-05-08 13:49:01 +0200 |
| commit | 99c798d87a94838be62976cb1632e7d0a9550df3 (patch) | |
| tree | 1284efc5b8a511f820dc72f4dbfa0f14a114048b /src/crypto | |
| parent | [crypto] Check that common name contains no NUL characters (diff) | |
| download | ipxe-99c798d87a94838be62976cb1632e7d0a9550df3.tar.gz ipxe-99c798d87a94838be62976cb1632e7d0a9550df3.tar.xz ipxe-99c798d87a94838be62976cb1632e7d0a9550df3.zip | |
[crypto] Add x509_append_raw()
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/crypto')
| -rw-r--r-- | src/crypto/cms.c | 27 | ||||
| -rw-r--r-- | src/crypto/x509.c | 32 |
2 files changed, 38 insertions, 21 deletions
diff --git a/src/crypto/cms.c b/src/crypto/cms.c index 660be69e..9198d03e 100644 --- a/src/crypto/cms.c +++ b/src/crypto/cms.c @@ -128,38 +128,23 @@ static int cms_parse_certificates ( struct cms_signature *sig, /* Add each certificate */ while ( cursor.len ) { - /* Parse certificate */ - if ( ( rc = x509_certificate ( cursor.data, cursor.len, - &cert ) ) != 0 ) { - DBGC ( sig, "CMS %p could not parse certificate: %s\n", + /* Add certificate to chain */ + if ( ( rc = x509_append_raw ( sig->certificates, cursor.data, + cursor.len ) ) != 0 ) { + DBGC ( sig, "CMS %p could not append certificate: %s\n", sig, strerror ( rc) ); DBGC_HDA ( sig, 0, cursor.data, cursor.len ); - goto err_parse; + return rc; } + cert = x509_last ( sig->certificates ); DBGC ( sig, "CMS %p found certificate %s\n", sig, cert->subject.name ); - /* Add certificate to list */ - if ( ( rc = x509_append ( sig->certificates, cert ) ) != 0 ) { - DBGC ( sig, "CMS %p could not append certificate: %s\n", - sig, strerror ( rc ) ); - goto err_append; - } - - /* Drop reference to certificate */ - x509_put ( cert ); - cert = NULL; - /* Move to next certificate */ asn1_skip_any ( &cursor ); } return 0; - - err_append: - x509_put ( cert ); - err_parse: - return rc; } /** diff --git a/src/crypto/x509.c b/src/crypto/x509.c index 356b60a3..c83cd277 100644 --- a/src/crypto/x509.c +++ b/src/crypto/x509.c @@ -1647,6 +1647,38 @@ int x509_append ( struct x509_chain *chain, struct x509_certificate *cert ) { } /** + * Append X.509 certificate to X.509 certificate chain + * + * @v chain X.509 certificate chain + * @v data Raw certificate data + * @v len Length of raw data + * @ret rc Return status code + */ +int x509_append_raw ( struct x509_chain *chain, const void *data, + size_t len ) { + struct x509_certificate *cert; + int rc; + + /* Parse certificate */ + if ( ( rc = x509_certificate ( data, len, &cert ) ) != 0 ) + goto err_parse; + + /* Append certificate to chain */ + if ( ( rc = x509_append ( chain, cert ) ) != 0 ) + goto err_append; + + /* Drop reference to certificate */ + x509_put ( cert ); + + return 0; + + err_append: + x509_put ( cert ); + err_parse: + return rc; +} + +/** * Validate X.509 certificate chain * * @v chain X.509 certificate chain |