From 4d3b5473f850f9c0ba7107cff397cfca4972d679 Mon Sep 17 00:00:00 2001
From: Michael Brown
Date: Sun, 18 Mar 2012 17:25:55 +0000
Subject: [tls] Add full X.509 certificate parsing

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/net/tls.c | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

(limited to 'src/net/tls.c')

diff --git a/src/net/tls.c b/src/net/tls.c
index 7ec5745f..5e2bbdc4 100644
--- a/src/net/tls.c
+++ b/src/net/tls.c
@@ -1026,8 +1026,10 @@ static int tls_new_certificate ( struct tls_session *tls,
 	const void *end = ( certificate->certificates + elements_len );
 	struct tls_cipherspec *cipherspec = &tls->tx_cipherspec_pending;
 	struct pubkey_algorithm *pubkey = cipherspec->suite->pubkey;
-	struct asn1_cursor cursor;
-	struct x509_rsa_public_key key;
+	struct x509_certificate cert;
+	struct x509_public_key *key = &cert.subject.public_key;
+	const void *cert_data;
+	size_t cert_len;
 	int rc;
 
 	/* Sanity check */
@@ -1040,9 +1042,9 @@ static int tls_new_certificate ( struct tls_session *tls,
 
 	/* Traverse certificate chain */
 	do {
-		cursor.data = element->certificate;
-		cursor.len = tls_uint24 ( element->length );
-		if ( ( cursor.data + cursor.len ) > end ) {
+		cert_data = element->certificate;
+		cert_len = tls_uint24 ( element->length );
+		if ( ( cert_data + cert_len ) > end ) {
 			DBGC ( tls, "TLS %p received corrupt Server "
 			       "Certificate\n", tls );
 			DBGC_HD ( tls, data, len );
@@ -1050,23 +1052,23 @@ static int tls_new_certificate ( struct tls_session *tls,
 		}
 
 		// HACK
-		if ( ( rc = x509_rsa_public_key ( &cursor, &key ) ) != 0 ) {
-			DBGC ( tls, "TLS %p cannot parse public key: %s\n",
+
+		/* Parse certificate */
+		if ( ( rc = x509_parse ( &cert, cert_data, cert_len ) ) != 0 ) {
+			DBGC ( tls, "TLS %p cannot parse certificate: %s\n",
 			       tls, strerror ( rc ) );
 			return rc;
 		}
 
 		/* Initialise public key algorithm */
 		if ( ( rc = pubkey_init ( pubkey, cipherspec->pubkey_ctx,
-					  key.raw.data, key.raw.len ) ) != 0){
+					  key->raw.data, key->raw.len ) ) != 0){
 			DBGC ( tls, "TLS %p cannot initialise public key: %s\n",
 			       tls, strerror ( rc ) );
 			return rc;
 		}
 
 		return 0;
-
-		element = ( cursor.data + cursor.len );
 	} while ( element != end );
 
 	return -EINVAL;
-- 
cgit v1.2.3-55-g7522