diff options
| author | Michael Brown | 2024-08-12 13:26:52 +0200 |
|---|---|---|
| committer | Michael Brown | 2024-08-12 13:38:08 +0200 |
| commit | d85590b6584499569c19f7ee4a1e0c10d5132f70 (patch) | |
| tree | fa99029b98f48054c8469998e2e27141c12fca26 /src/include | |
| parent | [crypto] Extend asn1_enter() to handle partial object cursors (diff) | |
| download | ipxe-d85590b6584499569c19f7ee4a1e0c10d5132f70.tar.gz ipxe-d85590b6584499569c19f7ee4a1e0c10d5132f70.tar.xz ipxe-d85590b6584499569c19f7ee4a1e0c10d5132f70.zip | |
[crypto] Centralise mechanisms for identifying X.509 certificates
Centralise all current mechanisms for identifying an X.509 certificate
(by raw content, by subject, by issuer and serial number, and by
matching public key), and remove the certstore-specific and
CMS-specific variants of these functions.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/ipxe/certstore.h | 4 | ||||
| -rw-r--r-- | src/include/ipxe/x509.h | 19 |
2 files changed, 19 insertions, 4 deletions
diff --git a/src/include/ipxe/certstore.h b/src/include/ipxe/certstore.h index ce96666cf..e276d6792 100644 --- a/src/include/ipxe/certstore.h +++ b/src/include/ipxe/certstore.h @@ -9,14 +9,10 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); -#include <ipxe/asn1.h> #include <ipxe/x509.h> -#include <ipxe/privkey.h> extern struct x509_chain certstore; -extern struct x509_certificate * certstore_find ( struct asn1_cursor *raw ); -extern struct x509_certificate * certstore_find_key ( struct private_key *key ); extern void certstore_add ( struct x509_certificate *cert ); extern void certstore_del ( struct x509_certificate *cert ); diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h index 87323cec0..612743a77 100644 --- a/src/include/ipxe/x509.h +++ b/src/include/ipxe/x509.h @@ -17,6 +17,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <ipxe/list.h> struct image; +struct private_key; /** An X.509 serial number */ struct x509_serial { @@ -201,6 +202,13 @@ struct x509_chain { struct refcnt refcnt; /** List of links */ struct list_head links; + /** Mark certificate as found + * + * @v certs X.509 certificate list + * @v cert X.509 certificate + */ + void ( * found ) ( struct x509_chain *certs, + struct x509_certificate *cert ); }; /** An X.509 certificate */ @@ -424,6 +432,17 @@ extern int x509_append ( struct x509_chain *chain, extern int x509_append_raw ( struct x509_chain *chain, const void *data, size_t len ); extern void x509_truncate ( struct x509_chain *chain, struct x509_link *link ); +extern struct x509_certificate * x509_find ( struct x509_chain *certs, + const struct asn1_cursor *raw ); +extern struct x509_certificate * +x509_find_subject ( struct x509_chain *certs, + const struct asn1_cursor *subject ); +extern struct x509_certificate * +x509_find_issuer_serial ( struct x509_chain *certs, + const struct asn1_cursor *issuer, + const struct asn1_cursor *serial ); +extern struct x509_certificate * x509_find_key ( struct x509_chain *certs, + struct private_key *key ); extern int x509_auto_append ( struct x509_chain *chain, struct x509_chain *certs ); extern int x509_validate_chain ( struct x509_chain *chain, time_t time, |