[crypto] Remove dynamically-allocated storage for certificate name

iPXE currently allocates a copy the certificate's common name as a
string.  This string is used by the TLS and CMS code to check
certificate names against an expected name, and also appears in
debugging messages.

Provide a function x509_check_name() to centralise certificate name
checking (in preparation for adding subjectAlternativeName support),
and a function x509_name() to provide a name to be used in debugging
messages, and remove the dynamically allocated string.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

1 files changed, 4 insertions, 1 deletions

diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h
index a47942a75..3e4bcd205 100644
--- a/src/include/ipxe/x509.h
+++ b/src/include/ipxe/x509.h
@@ -65,7 +65,7 @@ struct x509_subject {
 	/** Raw subject */
 	struct asn1_cursor raw;
 	/** Common name */
-	char *name;
+	struct asn1_cursor common_name;
 	/** Public key information */
 	struct x509_public_key public_key;
 };
@@ -330,11 +330,14 @@ struct x509_root {
 	const void *fingerprints;
 };
 
+extern const char * x509_name ( struct x509_certificate *cert );
+
 extern int x509_certificate ( const void *data, size_t len,
 			      struct x509_certificate **cert );
 extern int x509_validate ( struct x509_certificate *cert,
 			   struct x509_certificate *issuer,
 			   time_t time, struct x509_root *root );
+extern int x509_check_name ( struct x509_certificate *cert, const char *name );
 
 extern struct x509_chain * x509_alloc_chain ( void );
 extern int x509_append ( struct x509_chain *chain,