diff options
| author | Michael Brown <mcb30@ipxe.org> | 2024-08-09 16:33:51 +0100 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2024-08-13 12:30:51 +0100 |
| commit | 3b4d0cb555a01df8b56f422d9d17522ae60e17be (patch) | |
| tree | f085a0d253cfaee090554191278fabac270924c6 /src/include | |
| parent | 96fb7a0a9395cec423a58069e1b49535e8ceceef (diff) | |
| download | ipxe-3b4d0cb555a01df8b56f422d9d17522ae60e17be.tar.gz | |
[crypto] Pass image as parameter to CMS functions
The cms_signature() and cms_verify() functions currently accept raw
data pointers. This will not be possible for cms_decrypt(), which
will need the ability to extract fragments of ASN.1 data from a
potentially large image.
Change cms_signature() and cms_verify() to accept an image as an input
parameter, and move the responsibility for setting the image trust
flag within cms_verify() since that now becomes a more natural fit.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/ipxe/cms.h | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/include/ipxe/cms.h b/src/include/ipxe/cms.h index 7adf724b2..cca7779c5 100644 --- a/src/include/ipxe/cms.h +++ b/src/include/ipxe/cms.h @@ -16,6 +16,8 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <ipxe/refcnt.h> #include <ipxe/uaccess.h> +struct image; + /** CMS signer information */ struct cms_signer_info { /** List of signer information blocks */ @@ -67,9 +69,9 @@ cms_put ( struct cms_signature *sig ) { ref_put ( &sig->refcnt ); } -extern int cms_signature ( const void *data, size_t len, +extern int cms_signature ( struct image *image, struct cms_signature **sig ); -extern int cms_verify ( struct cms_signature *sig, userptr_t data, size_t len, +extern int cms_verify ( struct cms_signature *sig, struct image *image, const char *name, time_t time, struct x509_chain *store, struct x509_root *root ); |