efivar/0084-Add-some-x509-helpers.patch
Petr Šabata 974b936917 RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/efivar#9f54d8029387895b7b1389d9a9f9e0bf476a027f
2020-10-14 23:58:29 +02:00

91 lines
2.1 KiB
Diff

From 6ba56d23e489a38f42ed7b518bd25ae2192ed651 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 3 Feb 2020 13:50:49 -0500
Subject: [PATCH 84/86] Add some x509 helpers.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/efisec.h | 2 ++
src/x509.h | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 58 insertions(+)
create mode 100644 src/x509.h
diff --git a/src/efisec.h b/src/efisec.h
index 15d0f6d10e2..ef874da0356 100644
--- a/src/efisec.h
+++ b/src/efisec.h
@@ -8,6 +8,8 @@
#define PRIVATE_EFISEC_H_
#include "efivar.h"
+#include "x509.h"
+
#include <efivar/efisec.h>
#endif /* !PRIVATE_EFISEC_H_ */
diff --git a/src/x509.h b/src/x509.h
new file mode 100644
index 00000000000..16aef081bfa
--- /dev/null
+++ b/src/x509.h
@@ -0,0 +1,56 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
+/*
+ * x509.h - X.509/ASN.1 helper functions
+ * Copyright 2019-2020 Peter M. Jones <pjones@redhat.com>
+ */
+#ifndef EFIVAR_X509_H
+#define EFIVAR_X509_H
+
+#define SMALLEST_POSSIBLE_DER_SEQ 3
+
+static inline int32_t
+__attribute__((unused))
+get_asn1_seq_size(uint8_t *location, uint32_t size)
+{
+ uint8_t i;
+ uint8_t octets;
+ uint32_t der_len = 0;
+
+ if (size < SMALLEST_POSSIBLE_DER_SEQ)
+ return -1;
+
+ // If it's not a CONSTRUCTED SEQUENCE it's not a certificate
+ if (location[0] != 0x30)
+ return -1;
+
+ if (!(location[1] & 0x80)) {
+ // Short form, which is too small to hold a certificate.
+ return -1;
+ }
+
+ // Long form
+ octets = location[1] & 0x7;
+
+ // There is no chance our data is more than 3GB.
+ if (octets > 4 || (octets == 4 && (location[2] & 0x8)))
+ return -1;
+
+ // and if our size won't fit in the data it's wrong as well
+ if (size - 2 < octets)
+ return -1;
+
+ for (i = 0; i < octets; i++) {
+ der_len <<= 8;
+ der_len |= location[i + 2];
+ }
+ // and if der_len is greater than what's left, it's bad too.
+ if (size - 2 - octets < der_len)
+ return -1;
+
+ // or else it's a reasonable certificate from a size point of view.
+ return der_len + 4;
+}
+
+#undef SMALLEST_POSSIBLE_DER_SEQ
+
+#endif
--
2.24.1