sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2026-01-10 23:48:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

[crypto] Add x509_auto_append()

Browse Source 
CMS includes an unordered certificate set, from which certificates
must be extracted in order by matching up issuers with subjects.  We
will use the same functionality as part of the automatic download of
cross-signing certificates.  Generalise cms_find_subject() to
x509_find_subject(), and create x509_auto_append().

Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2012-05-08 11:12:09 +01:00
parent 99c798d87a
commit 1a5f025ad8
3 changed files with 81 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
src/crypto/cms.c
View File

@@ -175,31 +175,6 @@ cms_find_issuer_serial ( struct cms_signature *sig,
return NULL;
}
/**
* Identify CMS signature certificate by subject
*
* @v sig CMS signature
* @v subject Subject
* @ret cert X.509 certificate, or NULL if not found
*/
static struct x509_certificate *
cms_find_subject ( struct cms_signature *sig,
const struct asn1_cursor *subject ) {
struct x509_link *link;
struct x509_certificate *cert;
/* Scan through certificate list */
list_for_each_entry ( link, &sig->certificates->links, list ) {
/* Check subject */
cert = link->cert;
if ( asn1_compare ( subject, &cert->subject.raw ) == 0 )
return cert;
}
return NULL;
}
/**
* Parse CMS signature signer identifier
*
@@ -215,7 +190,6 @@ static int cms_parse_signer_identifier ( struct cms_signature *sig,
struct asn1_cursor serial;
struct asn1_cursor issuer;
struct x509_certificate *cert;
struct x509_certificate *previous;
int rc;
/* Enter issuerAndSerialNumber */
@@ -253,22 +227,20 @@ static int cms_parse_signer_identifier ( struct cms_signature *sig,
return -ENOENT;
}
/* Create certificate chain */
do {
/* Add certificate to chain */
if ( ( rc = x509_append ( info->chain, cert ) ) != 0 ) {
DBGC ( sig, "CMS %p/%p could not append certificate: "
"%s\n", sig, info, strerror ( rc ) );
return rc;
}
DBGC ( sig, "CMS %p/%p added certificate %s\n",
sig, info, cert->subject.name );
/* Append certificate to chain */
if ( ( rc = x509_append ( info->chain, cert ) ) != 0 ) {
DBGC ( sig, "CMS %p/%p could not append certificate: %s\n",
sig, info, strerror ( rc ) );
return rc;
}
/* Locate next certificate in chain, if any */
previous = cert;
cert = cms_find_subject ( sig, &cert->issuer.raw );
} while ( ( cert != NULL ) && ( cert != previous ) );
/* Append remaining certificates to chain */
if ( ( rc = x509_auto_append ( info->chain,
sig->certificates ) ) != 0 ) {
DBGC ( sig, "CMS %p/%p could not append certificates: %s\n",
sig, info, strerror ( rc ) );
return rc;
}
return 0;
}