142 return ( cert ?
x509_name ( cert ) :
"<empty>" );
224 .description =
"Cross-signed certificate source",
226 .type = &setting_type_string,
271 goto err_alloc_certs;
283 goto err_certificateset;
287 while ( cursor.
len ) {
291 cursor.
len ) ) != 0 ) {
317 goto err_auto_append;
364 const char *crosscert;
365 char *crosscert_copy;
367 size_t uri_string_len;
375 if ( ! crosscert[0] ) {
377 goto err_check_uri_string;
381 uri_string_len = (
strlen ( crosscert ) + 22
383 uri_string =
zalloc ( uri_string_len );
384 if ( ! uri_string ) {
386 goto err_alloc_uri_string;
393 len =
snprintf ( uri_string, uri_string_len,
"%s/%08x.der?subject=",
396 ( uri_string_len -
len ) );
409 uri_string ) ) != 0 ) {
413 goto err_open_uri_string;
418 free ( crosscert_copy );
426 err_alloc_uri_string:
427 err_check_uri_string:
428 free ( crosscert_copy );
452 DBGC (
validator,
"VALIDATOR %p \"%s\" could not fetch OCSP " 460 DBGC (
validator,
"VALIDATOR %p \"%s\" could not record OCSP " 505 const char *uri_string;
511 DBGC (
validator,
"VALIDATOR %p \"%s\" could not create OCSP " 528 uri_string ) ) != 0 ) {
701 link->cert ) ) == 0 ) {
790 DBGC2 (
validator,
"VALIDATOR %p \"%s\" validating X509 chain %p\n",
static void x509_chain_put(struct x509_chain *chain)
Drop reference to X.509 certificate chain.
static void validator_step(struct validator *validator)
Certificate validation process.
#define EINVAL
Invalid argument.
An object interface operation.
struct arbelprm_rc_send_wqe rc
void intf_close(struct interface *intf, int rc)
Close an object interface.
struct asn1_cursor raw
Raw issuer.
void intf_restart(struct interface *intf, int rc)
Shut down and restart an object interface.
Dynamic Host Configuration Protocol.
int xferbuf_deliver(struct xfer_buffer *xferbuf, struct io_buffer *iobuf, struct xfer_metadata *meta)
Add received data to data transfer buffer.
void intf_shutdown(struct interface *intf, int rc)
Shut down an object interface.
static struct x509_chain * x509_chain_get(struct x509_chain *chain)
Get reference to X.509 certificate chain.
static void validator_ocsp_validate(struct validator *validator, int rc)
Validate OCSP response.
struct process process
Process.
static struct interface_operation validator_xfer_operations[]
Certificate validator data transfer interface operations.
static struct interface_operation validator_job_operations[]
Certificate validator job control interface operations.
int asn1_enter(struct asn1_cursor *cursor, unsigned int type)
Enter ASN.1 object.
struct stp_switch root
Root switch.
A certificate validator action.
struct refcnt refcnt
Reference count.
struct list_head links
List of links.
#define ref_init(refcnt, free)
Initialise a reference counter.
struct list_head list
List of links.
struct x509_issuer issuer
Issuer.
int x509_append_raw(struct x509_chain *chain, const void *data, size_t len)
Append X.509 certificate to X.509 certificate chain.
#define list_for_each_entry_continue(pos, head, member)
Iterate over entries in a list, starting after current position.
static void process_init(struct process *process, struct process_descriptor *desc, struct refcnt *refcnt)
Initialise process and add to process list.
const void * data
Start of data.
struct x509_chain * x509_alloc_chain(void)
Allocate X.509 certificate chain.
void intf_plug_plug(struct interface *a, struct interface *b)
Plug two object interfaces together.
static void x509_root_put(struct x509_root *root)
Drop reference to X.509 root certificate list.
struct x509_chain * chain
X.509 certificate chain.
struct x509_certificate * cert
Certificate.
void(* done)(struct validator *validator, int rc)
Action to take upon completed transfer.
int ocsp_validate(struct ocsp_check *ocsp, time_t time)
Validate OCSP response.
void x509_truncate(struct x509_chain *chain, struct x509_link *link)
Truncate X.509 certificate chain.
#define PROC_DESC_ONCE(object_type, process, _step)
Define a process descriptor for a process that runs only once.
int x509_is_valid(struct x509_certificate *cert, struct x509_root *root)
Check if X.509 certificate is valid.
static int validator_start_download(struct validator *validator, struct x509_link *link)
Start download of cross-signing certificate.
static int ocsp_required(struct x509_certificate *cert)
Check if X.509 certificate requires an OCSP check.
void xferbuf_free(struct xfer_buffer *xferbuf)
Free data transfer buffer.
void process_del(struct process *process)
Remove process from process list.
int asn1_skip_any(struct asn1_cursor *cursor)
Skip ASN.1 object of any type.
static const char crosscert_default[]
Default cross-signed certificate source.
#define ASN1_SET
ASN.1 set.
Dynamic memory allocation.
Data transfer interfaces.
size_t len
Length of data.
u32 crc32_le(u32 seed, const void *data, size_t len)
Calculate 32-bit little-endian CRC checksum.
static int validator_progress(struct validator *validator, struct job_progress *progress)
Report job progress.
#define DHCP_EB_CROSS_CERT
Cross-signed certificate source.
struct interface xfer
Data transfer interface.
static int x509_is_self_signed(struct x509_certificate *cert)
Check if X.509 certificate is self-signed.
static size_t base64_encoded_len(size_t raw_len)
Calculate length of base64-encoded data.
An X.509 certificate chain.
#define ENOMEM
Not enough space.
#define iob_disown(iobuf)
Disown an I/O buffer.
static int validator_start_ocsp(struct validator *validator, struct x509_certificate *cert, struct x509_certificate *issuer)
Start OCSP check.
int create_validator(struct interface *job, struct x509_chain *chain, struct x509_root *root)
Instantiate a certificate validator.
assert((readw(&hdr->flags) &(GTF_reading|GTF_writing))==0)
#define container_of(ptr, type, field)
Get containing structure.
struct ocsp_check * ocsp
OCSP check.
#define list_for_each_entry(pos, head, member)
Iterate over entries in a list.
static struct interface_descriptor validator_xfer_desc
Certificate validator data transfer interface descriptor.
const struct validator_action * action
Current action.
static struct process_descriptor validator_process_desc
Certificate validator process descriptor.
static void xferbuf_malloc_init(struct xfer_buffer *xferbuf)
Initialise malloc()-based data transfer buffer.
u32 link
Link to next descriptor.
static struct x509_root * x509_root_get(struct x509_root *root)
Get reference to X.509 root certificate list.
int fetch_string_setting_copy(struct settings *settings, const struct setting *setting, char **data)
Fetch value of string setting.
static void validator_free(struct refcnt *refcnt)
Free certificate validator.
void process_add(struct process *process)
Add process to process list.
int x509_validate_chain(struct x509_chain *chain, time_t time, struct x509_chain *store, struct x509_root *root)
Validate X.509 certificate chain.
static int validator_xfer_deliver(struct validator *validator, struct io_buffer *iobuf, struct xfer_metadata *meta)
Receive data.
struct xfer_buffer buffer
Data buffer.
An object interface descriptor.
A link in an X.509 certificate chain.
int x509_auto_append(struct x509_chain *chain, struct x509_chain *store)
Append X.509 certificates to X.509 certificate chain.
static struct x509_certificate * x509_last(struct x509_chain *chain)
Get last certificate in X.509 certificate chain.
char * strerror(int errno)
Retrieve string representation of error number.
static void(* free)(struct refcnt *refcnt))
void * zalloc(size_t size)
Allocate cleared memory.
#define INTF_OP(op_type, object_type, op_func)
Define an object interface operation.
static struct interface_descriptor validator_job_desc
Certificate validator job control interface descriptor.
static void ocsp_put(struct ocsp_check *ocsp)
Drop reference to OCSP check.
int xfer_deliver(struct interface *intf, struct io_buffer *iobuf, struct xfer_metadata *meta)
Deliver datagram.
int rc
Most relevant status code.
size_t strlen(const char *src)
Get length of string.
Data transfer interface opening.
Online Certificate Status Protocol.
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
Cryptographic configuration.
#define CROSSCERT
Default cross-signed certificate source.
static void validator_xfer_close(struct validator *validator, int rc)
Close data transfer interface.
char message[32]
Message (optional)
An X.509 root certificate list.
struct x509_certificate * cert
Current certificate (for progress reporting)
#define list_for_each_entry_continue_reverse(pos, head, member)
Iterate over entries in a list in reverse, starting after current position.
static const struct validator_action validator_ocsp
OCSP validator action.
#define INTF_DESC(object_type, intf, operations)
Define an object interface descriptor.
const char * x509_name(struct x509_certificate *cert)
Get X.509 certificate display name.
struct x509_root * root
Root of trust (or NULL to use default)
const struct setting crosscert_setting __setting(SETTING_CRYPTO, crosscert)
Cross-signed certificate source setting.
static struct x509_certificate * x509_first(struct x509_chain *chain)
Get first certificate in X.509 certificate chain.
static void validator_append(struct validator *validator, int rc)
Append cross-signing certificates to certificate chain.
uint8_t data[48]
Additional event data.
struct interface job
Job control interface.
static void validator_finished(struct validator *validator, int rc)
Mark certificate validation as finished.
int snprintf(char *buf, size_t size, const char *fmt,...)
Write a formatted string to a buffer.
#define SETTING_CRYPTO
Cryptography settings.
struct x509_link * link
Current link within certificate chain.
static void intf_init(struct interface *intf, struct interface_descriptor *desc, struct refcnt *refcnt)
Initialise an object interface.
int xfer_open_uri_string(struct interface *intf, const char *uri_string)
Open URI string.
int64_t time_t
Seconds since the Epoch.
#define NULL
NULL pointer (VOID *)
#define list_is_head_entry(entry, head, member)
Test if entry is the list head.
size_t base64_encode(const void *raw, size_t raw_len, char *data, size_t len)
Base64-encode data.
Cross-signed certificate download has been attempted.
#define ref_put(refcnt)
Drop reference to object.
char * uri_string
URI string.
static const struct validator_action validator_crosscert
Cross-signing certificate download validator action.
static const char * validator_name(struct validator *validator)
Get validator name (for debug messages)