]> git.ipfire.org Git - thirdparty/ipxe.git/commitdiff
projects / thirdparty / ipxe.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3e721e0)
[crypto] Add x509_is_self_signed() helper function
authorMichael Brown <mcb30@ipxe.org>
Thu, 15 Feb 2024 12:43:51 +0000 (12:43 +0000)
committerMichael Brown <mcb30@ipxe.org>
Thu, 15 Feb 2024 12:45:58 +0000 (12:45 +0000)
Signed-off-by: Michael Brown <mcb30@ipxe.org>
src/include/ipxe/x509.h patch | blob | blame | history
src/net/validator.c patch | blob | blame | history
src/tests/x509_test.c patch | blob | blame | history

diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h
index 5cad4597ddf45ca44e8964399269da225746a6e0..d2ba49fbb3c72f7706211c4d0b2c7ac04ce35946 100644 (file)
--- a/src/include/ipxe/x509.h
+++ b/src/include/ipxe/x509.h
@@ -374,6 +374,16 @@ x509_root_put ( struct x509_root *root ) {
        ref_put ( &root->refcnt );
 }
 
+/**
+ * Check if X.509 certificate is self-signed
+ *
+ * @v cert             X.509 certificate
+ * @ret is_self_signed X.509 certificate is self-signed
+ */
+static inline int x509_is_self_signed ( struct x509_certificate *cert ) {
+       return ( asn1_compare ( &cert->issuer.raw, &cert->subject.raw ) == 0 );
+}
+
 extern const char * x509_name ( struct x509_certificate *cert );
 extern int x509_parse ( struct x509_certificate *cert,
                        const struct asn1_cursor *raw );
diff --git a/src/net/validator.c b/src/net/validator.c
index 693d4464b36ab2cbe6606648e6ce3637bba9413b..333c60798050c5b0e91c216adb45b30fb71ee3a6 100644 (file)
--- a/src/net/validator.c
+++ b/src/net/validator.c
@@ -595,7 +595,7 @@ static void validator_step ( struct validator *validator ) {
         * nothing more to do.
         */
        last = x509_last ( validator->chain );
-       if ( asn1_compare ( &last->issuer.raw, &last->subject.raw ) == 0 ) {
+       if ( x509_is_self_signed ( last ) ) {
                validator_finished ( validator, rc );
                return;
        }
diff --git a/src/tests/x509_test.c b/src/tests/x509_test.c
index bc90320414240245ae1e1914408bef3caabc0b66..50eb4d7871a194584015b294ebc995d2fe06001f 100644 (file)
--- a/src/tests/x509_test.c
+++ b/src/tests/x509_test.c
@@ -1102,6 +1102,10 @@ static void x509_test_exec ( void ) {
        x509_validate_chain_fail_ok ( &server_chain, test_time,
                                      &empty_store, &test_root );
 
+       /* Check self-signedess */
+       ok ( x509_is_self_signed ( root_crt.cert ) );
+       ok ( ! x509_is_self_signed ( intermediate_crt.cert ) );
+
        /* Sanity check */
        assert ( list_empty ( &empty_store.links ) );
 
Mirror of https://github.com/ipxe/ipxe.git