/* Add each certificate */
while ( cursor.len ) {
- /* Parse certificate */
- if ( ( rc = x509_certificate ( cursor.data, cursor.len,
- &cert ) ) != 0 ) {
- DBGC ( sig, "CMS %p could not parse certificate: %s\n",
+ /* Add certificate to chain */
+ if ( ( rc = x509_append_raw ( sig->certificates, cursor.data,
+ cursor.len ) ) != 0 ) {
+ DBGC ( sig, "CMS %p could not append certificate: %s\n",
sig, strerror ( rc) );
DBGC_HDA ( sig, 0, cursor.data, cursor.len );
- goto err_parse;
+ return rc;
}
+ cert = x509_last ( sig->certificates );
DBGC ( sig, "CMS %p found certificate %s\n",
sig, cert->subject.name );
- /* Add certificate to list */
- if ( ( rc = x509_append ( sig->certificates, cert ) ) != 0 ) {
- DBGC ( sig, "CMS %p could not append certificate: %s\n",
- sig, strerror ( rc ) );
- goto err_append;
- }
-
- /* Drop reference to certificate */
- x509_put ( cert );
- cert = NULL;
-
/* Move to next certificate */
asn1_skip_any ( &cursor );
}
return 0;
-
- err_append:
- x509_put ( cert );
- err_parse:
- return rc;
}
/**
return 0;
}
+/**
+ * Append X.509 certificate to X.509 certificate chain
+ *
+ * @v chain X.509 certificate chain
+ * @v data Raw certificate data
+ * @v len Length of raw data
+ * @ret rc Return status code
+ */
+int x509_append_raw ( struct x509_chain *chain, const void *data,
+ size_t len ) {
+ struct x509_certificate *cert;
+ int rc;
+
+ /* Parse certificate */
+ if ( ( rc = x509_certificate ( data, len, &cert ) ) != 0 )
+ goto err_parse;
+
+ /* Append certificate to chain */
+ if ( ( rc = x509_append ( chain, cert ) ) != 0 )
+ goto err_append;
+
+ /* Drop reference to certificate */
+ x509_put ( cert );
+
+ return 0;
+
+ err_append:
+ x509_put ( cert );
+ err_parse:
+ return rc;
+}
+
/**
* Validate X.509 certificate chain
*
return ( link ? link->cert : NULL );
}
+/**
+ * Get last certificate in X.509 certificate chain
+ *
+ * @v chain X.509 certificate chain
+ * @ret cert X.509 certificate, or NULL
+ */
+static inline __attribute__ (( always_inline )) struct x509_certificate *
+x509_last ( struct x509_chain *chain ) {
+ struct x509_link *link;
+
+ link = list_last_entry ( &chain->links, struct x509_link, list );
+ return ( link ? link->cert : NULL );
+}
+
/** An X.509 extension */
struct x509_extension {
/** Name */
extern struct x509_chain * x509_alloc_chain ( void );
extern int x509_append ( struct x509_chain *chain,
struct x509_certificate *cert );
+extern int x509_append_raw ( struct x509_chain *chain, const void *data,
+ size_t len );
extern int x509_validate_chain ( struct x509_chain *chain, time_t time,
struct x509_root *root );
goto err_overlength;
}
- /* Parse certificate */
- if ( ( rc = x509_certificate ( certificate->data,
- certificate_len,
- &cert ) ) != 0 ) {
- DBGC ( tls, "TLS %p could not parse certificate: %s\n",
+ /* Add certificate to chain */
+ if ( ( rc = x509_append_raw ( tls->chain, certificate->data,
+ certificate_len ) ) != 0 ) {
+ DBGC ( tls, "TLS %p could not append certificate: %s\n",
tls, strerror ( rc ) );
DBGC_HDA ( tls, 0, data, ( end - data ) );
goto err_parse;
}
+ cert = x509_last ( tls->chain );
DBGC ( tls, "TLS %p found certificate %s\n",
tls, cert->subject.name );
- /* Append certificate to chain */
- if ( ( rc = x509_append ( tls->chain, cert ) ) != 0 ) {
- DBGC ( tls, "TLS %p could not append certificate: %s\n",
- tls, strerror ( rc ) );
- goto err_append;
- }
-
- /* Drop reference to certificate */
- x509_put ( cert );
- cert = NULL;
-
/* Move to next certificate in list */
data = next;
}
return 0;
- err_append:
- x509_put ( cert );
err_parse:
err_overlength:
x509_chain_put ( tls->chain );
projects / thirdparty / ipxe.git / commitdiff
