diff options
| author | Michael Brown <mcb30@ipxe.org> | 2020-12-15 16:11:34 +0000 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2020-12-15 16:54:06 +0000 |
| commit | f43a8f8b9f808fb0a8347663abf6efe6908821ed (patch) | |
| tree | 012d6ffcb49d4c4744e12b8a8cbc207f13d3bf65 /src/crypto | |
| parent | 6a8664d9ec8010a717855ca92173c63c3c166c4e (diff) | |
| download | ipxe-f43a8f8b9f808fb0a8347663abf6efe6908821ed.tar.gz | |
[crypto] Allow private key to be specified as a TLS connection parameter
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/crypto')
| -rw-r--r-- | src/crypto/certstore.c | 4 | ||||
| -rw-r--r-- | src/crypto/privkey.c | 35 |
2 files changed, 28 insertions, 11 deletions
diff --git a/src/crypto/certstore.c b/src/crypto/certstore.c index cdf6fb4dd..2676c7e1e 100644 --- a/src/crypto/certstore.c +++ b/src/crypto/certstore.c @@ -116,13 +116,13 @@ struct x509_certificate * certstore_find ( struct asn1_cursor *raw ) { * @v key Private key * @ret cert X.509 certificate, or NULL if not found */ -struct x509_certificate * certstore_find_key ( struct asn1_cursor *key ) { +struct x509_certificate * certstore_find_key ( struct private_key *key ) { struct x509_certificate *cert; /* Search for certificate within store */ list_for_each_entry ( cert, &certstore.links, store.list ) { if ( pubkey_match ( cert->signature_algorithm->pubkey, - key->data, key->len, + key->builder.data, key->builder.len, cert->subject.public_key.raw.data, cert->subject.public_key.raw.len ) == 0 ) return certstore_found ( cert ); diff --git a/src/crypto/privkey.c b/src/crypto/privkey.c index 7ef04880f..c15edf130 100644 --- a/src/crypto/privkey.c +++ b/src/crypto/privkey.c @@ -64,9 +64,12 @@ __asm__ ( ".section \".rodata\", \"a\", " PROGBITS "\n\t" ".previous\n\t" ); /** Private key */ -struct asn1_cursor private_key = { - .data = private_key_data, - .len = ( ( size_t ) private_key_len ), +struct private_key private_key = { + .refcnt = REF_INIT ( ref_no_free ), + .builder = { + .data = private_key_data, + .len = ( ( size_t ) private_key_len ), + }, }; /** Default private key */ @@ -84,6 +87,19 @@ static struct setting privkey_setting __setting ( SETTING_CRYPTO, privkey ) = { }; /** + * Free private key + * + * @v refcnt Reference counter + */ +void privkey_free ( struct refcnt *refcnt ) { + struct private_key *key = + container_of ( refcnt, struct private_key, refcnt ); + + free ( key->builder.data ); + free ( key ); +} + +/** * Apply private key configuration settings * * @ret rc Return status code @@ -98,23 +114,24 @@ static int privkey_apply_settings ( void ) { if ( ALLOW_KEY_OVERRIDE ) { /* Restore default private key */ - memcpy ( &private_key, &default_private_key, - sizeof ( private_key ) ); + memcpy ( &private_key.builder, &default_private_key, + sizeof ( private_key.builder ) ); /* Fetch new private key, if any */ free ( key_data ); if ( ( len = fetch_raw_setting_copy ( NULL, &privkey_setting, &key_data ) ) >= 0 ) { - private_key.data = key_data; - private_key.len = len; + private_key.builder.data = key_data; + private_key.builder.len = len; } } /* Debug */ - if ( private_key.len ) { + if ( private_key.builder.len ) { DBGC ( &private_key, "PRIVKEY using %s private key:\n", ( key_data ? "external" : "built-in" ) ); - DBGC_HDA ( &private_key, 0, private_key.data, private_key.len ); + DBGC_HDA ( &private_key, 0, private_key.builder.data, + private_key.builder.len ); } else { DBGC ( &private_key, "PRIVKEY has no private key\n" ); } |