From 99c798d87a94838be62976cb1632e7d0a9550df3 Mon Sep 17 00:00:00 2001
From: Michael Brown
Date: Tue, 8 May 2012 10:57:50 +0100
Subject: [crypto] Add x509_append_raw()

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/crypto/cms.c  | 27 ++++++---------------------
 src/crypto/x509.c | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 21 deletions(-)

(limited to 'src/crypto')

diff --git a/src/crypto/cms.c b/src/crypto/cms.c
index 660be69e9..9198d03e4 100644
--- a/src/crypto/cms.c
+++ b/src/crypto/cms.c
@@ -128,38 +128,23 @@ static int cms_parse_certificates ( struct cms_signature *sig,
 	/* Add each certificate */
 	while ( cursor.len ) {
 
-		/* Parse certificate */
-		if ( ( rc = x509_certificate ( cursor.data, cursor.len,
-					       &cert ) ) != 0 ) {
-			DBGC ( sig, "CMS %p could not parse certificate: %s\n",
+		/* Add certificate to chain */
+		if ( ( rc = x509_append_raw ( sig->certificates, cursor.data,
+					      cursor.len ) ) != 0 ) {
+			DBGC ( sig, "CMS %p could not append certificate: %s\n",
 			       sig, strerror ( rc) );
 			DBGC_HDA ( sig, 0, cursor.data, cursor.len );
-			goto err_parse;
+			return rc;
 		}
+		cert = x509_last ( sig->certificates );
 		DBGC ( sig, "CMS %p found certificate %s\n",
 		       sig, cert->subject.name );
 
-		/* Add certificate to list */
-		if ( ( rc = x509_append ( sig->certificates, cert ) ) != 0 ) {
-			DBGC ( sig, "CMS %p could not append certificate: %s\n",
-			       sig, strerror ( rc ) );
-			goto err_append;
-		}
-
-		/* Drop reference to certificate */
-		x509_put ( cert );
-		cert = NULL;
-
 		/* Move to next certificate */
 		asn1_skip_any ( &cursor );
 	}
 
 	return 0;
-
- err_append:
-	x509_put ( cert );
- err_parse:
-	return rc;
 }
 
 /**
diff --git a/src/crypto/x509.c b/src/crypto/x509.c
index 356b60a36..c83cd2777 100644
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@@ -1646,6 +1646,38 @@ int x509_append ( struct x509_chain *chain, struct x509_certificate *cert ) {
 	return 0;
 }
 
+/**
+ * Append X.509 certificate to X.509 certificate chain
+ *
+ * @v chain		X.509 certificate chain
+ * @v data		Raw certificate data
+ * @v len		Length of raw data
+ * @ret rc		Return status code
+ */
+int x509_append_raw ( struct x509_chain *chain, const void *data,
+		      size_t len ) {
+	struct x509_certificate *cert;
+	int rc;
+
+	/* Parse certificate */
+	if ( ( rc = x509_certificate ( data, len, &cert ) ) != 0 )
+		goto err_parse;
+
+	/* Append certificate to chain */
+	if ( ( rc = x509_append ( chain, cert ) ) != 0 )
+		goto err_append;
+
+	/* Drop reference to certificate */
+	x509_put ( cert );
+
+	return 0;
+
+ err_append:
+	x509_put ( cert );
+ err_parse:
+	return rc;
+}
+
 /**
  * Validate X.509 certificate chain
  *
-- 
cgit v1.2.3-55-g7522