summaryrefslogtreecommitdiffstats
path: root/src/crypto
diff options
context:
space:
mode:
authorMichael Brown2014-03-25 17:09:16 +0100
committerMichael Brown2014-03-25 17:30:43 +0100
commite1ebc50f81eb1ad24218a5e69d42565a9d8cc035 (patch)
tree4ccc865359dd1f65e7382e663a80e90d7b0db3b6 /src/crypto
parent[crypto] Remove dynamically-allocated storage for certificate name (diff)
downloadipxe-e1ebc50f81eb1ad24218a5e69d42565a9d8cc035.tar.gz
ipxe-e1ebc50f81eb1ad24218a5e69d42565a9d8cc035.tar.xz
ipxe-e1ebc50f81eb1ad24218a5e69d42565a9d8cc035.zip
[crypto] Remove dynamically-allocated storage for certificate OCSP URI
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/crypto')
-rw-r--r--src/crypto/ocsp.c17
-rw-r--r--src/crypto/x509.c33
2 files changed, 17 insertions, 33 deletions
diff --git a/src/crypto/ocsp.c b/src/crypto/ocsp.c
index 1b39fd0d..75d9a092 100644
--- a/src/crypto/ocsp.c
+++ b/src/crypto/ocsp.c
@@ -206,17 +206,17 @@ static int ocsp_request ( struct ocsp_check *ocsp ) {
* @ret rc Return status code
*/
static int ocsp_uri_string ( struct ocsp_check *ocsp ) {
+ struct x509_ocsp_responder *responder =
+ &ocsp->cert->extensions.auth_info.ocsp;
struct uri path_uri;
- char *base_uri_string;
char *path_base64_string;
char *path_uri_string;
size_t path_len;
- int len;
+ size_t len;
int rc;
/* Sanity check */
- base_uri_string = ocsp->cert->extensions.auth_info.ocsp.uri;
- if ( ! base_uri_string ) {
+ if ( ! responder->uri.len ) {
DBGC ( ocsp, "OCSP %p \"%s\" has no OCSP URI\n",
ocsp, x509_name ( ocsp->cert ) );
rc = -ENOTTY;
@@ -244,11 +244,14 @@ static int ocsp_uri_string ( struct ocsp_check *ocsp ) {
}
/* Construct URI string */
- if ( ( len = asprintf ( &ocsp->uri_string, "%s/%s", base_uri_string,
- path_uri_string ) ) < 0 ) {
- rc = len;
+ len = ( responder->uri.len + strlen ( path_uri_string ) + 1 /* NUL */ );
+ ocsp->uri_string = zalloc ( len );
+ if ( ! ocsp->uri_string ) {
+ rc = -ENOMEM;
goto err_ocsp_uri;
}
+ memcpy ( ocsp->uri_string, responder->uri.data, responder->uri.len );
+ strcpy ( &ocsp->uri_string[responder->uri.len], path_uri_string );
DBGC2 ( ocsp, "OCSP %p \"%s\" URI is %s\n",
ocsp, x509_name ( ocsp->cert ), ocsp->uri_string );
diff --git a/src/crypto/x509.c b/src/crypto/x509.c
index eb7d5029..29bb2296 100644
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@@ -131,20 +131,6 @@ const char * x509_name ( struct x509_certificate *cert ) {
}
/**
- * Free X.509 certificate
- *
- * @v refcnt Reference count
- */
-static void x509_free ( struct refcnt *refcnt ) {
- struct x509_certificate *cert =
- container_of ( refcnt, struct x509_certificate, refcnt );
-
- DBGC2 ( cert, "X509 %p freed\n", cert );
- free ( cert->extensions.auth_info.ocsp.uri );
- free ( cert );
-}
-
-/**
* Discard a cached certificate
*
* @ret discarded Number of cached items discarded
@@ -626,24 +612,19 @@ static int x509_parse_extended_key_usage ( struct x509_certificate *cert,
static int x509_parse_ocsp ( struct x509_certificate *cert,
const struct asn1_cursor *raw ) {
struct x509_ocsp_responder *ocsp = &cert->extensions.auth_info.ocsp;
- struct asn1_cursor cursor;
+ struct asn1_cursor *uri = &ocsp->uri;
int rc;
/* Enter accessLocation */
- memcpy ( &cursor, raw, sizeof ( cursor ) );
- if ( ( rc = asn1_enter ( &cursor, ASN1_IMPLICIT_TAG ( 6 ) ) ) != 0 ) {
+ memcpy ( uri, raw, sizeof ( *uri ) );
+ if ( ( rc = asn1_enter ( uri, ASN1_IMPLICIT_TAG ( 6 ) ) ) != 0 ) {
DBGC ( cert, "X509 %p OCSP does not contain "
"uniformResourceIdentifier:\n", cert );
DBGC_HDA ( cert, 0, raw->data, raw->len );
return rc;
}
-
- /* Record URI */
- ocsp->uri = zalloc ( cursor.len + 1 /* NUL */ );
- if ( ! ocsp->uri )
- return -ENOMEM;
- memcpy ( ocsp->uri, cursor.data, cursor.len );
- DBGC2 ( cert, "X509 %p OCSP URI is %s:\n", cert, ocsp->uri );
+ DBGC2 ( cert, "X509 %p OCSP URI is:\n", cert );
+ DBGC2_HDA ( cert, 0, uri->data, uri->len );
return 0;
}
@@ -1073,7 +1054,7 @@ int x509_certificate ( const void *data, size_t len,
*cert = zalloc ( sizeof ( **cert ) + cursor.len );
if ( ! *cert )
return -ENOMEM;
- ref_init ( &(*cert)->refcnt, x509_free );
+ ref_init ( &(*cert)->refcnt, NULL );
INIT_LIST_HEAD ( &(*cert)->list );
raw = ( *cert + 1 );
@@ -1363,7 +1344,7 @@ int x509_validate ( struct x509_certificate *cert,
}
/* Fail if OCSP is required */
- if ( cert->extensions.auth_info.ocsp.uri &&
+ if ( cert->extensions.auth_info.ocsp.uri.len &&
( ! cert->extensions.auth_info.ocsp.good ) ) {
DBGC ( cert, "X509 %p \"%s\" requires an OCSP check\n",
cert, x509_name ( cert ) );