aboutsummaryrefslogtreecommitdiffstats
path: root/src/crypto/privkey.c
Commit message (Collapse)AuthorAgeFilesLines
* [crypto] Allow private key to be specified as a TLS connection parameterMichael Brown2020-12-151-9/+26
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [arm] Avoid instruction references to symbols defined via ".equ"Michael Brown2016-05-081-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | When building for 64-bit ARM, some symbol references may be resolved via an "adrp" instruction (to obtain the start of the 4kB page containing the symbol) and a separate 12-bit offset. For example (taken from the GNU assembler documentation): adrp x0, foo ldr x0, [x0, #:lo12:foo] We occasionally refer to symbols defined via mechanisms that are not directly visible to gcc. For example: extern char some_magic_symbol[]; __asm__ ( ".equ some_magic_symbol, some_magic_expression" ); The subsequent use of the ":lo12:" prefix on such magically-defined symbols triggers an assertion failure in the assembler. This problem seems to affect only "private_key_len" in the current codebase. Fix by storing this value as static data; this avoids the need to provide the value as a literal within the instruction stream, and so avoids the problematic use of the ":lo12:" prefix. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [build] Allow assembler section type character to vary by architectureMichael Brown2016-03-131-1/+1
| | | | | | | | | | | | | | | On some architectures (such as ARM) the "@" character is used as a comment delimiter. A section type argument such as "@progbits" therefore becomes "%progbits". This is further complicated by the fact that the "%" character has special meaning for inline assembly when input or output operands are used, in which cases "@progbits" becomes "%%progbits". Allow the section type character(s) to be defined via Makefile variables. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [legal] Relicense files under GPL2_OR_LATER_OR_UBDLMichael Brown2015-03-021-1/+5
| | | | | | | Relicense files for which I am the sole author (as identified by util/relicense.pl). Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Generalise X.509 cache to a full certificate storeMichael Brown2014-03-281-0/+118
Expand the concept of the X.509 cache to provide the functionality of a certificate store. Certificates in the store will be automatically used to complete certificate chains where applicable. The certificate store may be prepopulated at build time using the CERT=... build command line option. For example: make bin/ipxe.usb CERT=mycert1.crt,mycert2.crt Certificates within the certificate store are not implicitly trusted; the trust list is specified using TRUST=... as before. For example: make bin/ipxe.usb CERT=root.crt TRUST=root.crt This can be used to embed the full trusted root certificate within the iPXE binary, which is potentially useful in an HTTPS-only environment in which there is no HTTP server from which to automatically download cross-signed certificates or other certificate chain fragments. This usage of CERT= extends the existing use of CERT= to specify the client certificate. The client certificate is now identified automatically by checking for a match against the private key. For example: make bin/ipxe.usb CERT=root.crt,client.crt TRUST=root.crt KEY=client.key Signed-off-by: Michael Brown <mcb30@ipxe.org>
generated by cgit (git 2.34.1) at 2025-02-23 20:28:55 +0000