summaryrefslogtreecommitdiffstats
path: root/src/crypto/x509/pkcs7.c
diff options
context:
space:
mode:
authorAdam Langley <agl@google.com>2015-02-27 13:04:41 -0800
committerAdam Langley <agl@google.com>2015-02-27 13:04:41 -0800
commit13a2c994a655cbabc53ccaae76c83d6ece01e183 (patch)
tree72221e6482fb0d327fdcfa9eff0d66d1cb79c39a /src/crypto/x509/pkcs7.c
parent46ba7161f20f8b1e6729384a98e1b9973ed3c908 (diff)
downloadexternal_boringssl-13a2c994a655cbabc53ccaae76c83d6ece01e183.zip
external_boringssl-13a2c994a655cbabc53ccaae76c83d6ece01e183.tar.gz
external_boringssl-13a2c994a655cbabc53ccaae76c83d6ece01e183.tar.bz2
Add support for reading PKCS#7 data from PEM files.
(This is a backport of upstream BoringSSL's 4e581b5378d7ef435c9abe39ad5c2a334bd7b6e9.) Change-Id: If799791f28cd37ce810c0065939cf1942771c7f7
Diffstat (limited to 'src/crypto/x509/pkcs7.c')
-rw-r--r--src/crypto/x509/pkcs7.c45
1 files changed, 45 insertions, 0 deletions
diff --git a/src/crypto/x509/pkcs7.c b/src/crypto/x509/pkcs7.c
index 9a4e490..bb86077 100644
--- a/src/crypto/x509/pkcs7.c
+++ b/src/crypto/x509/pkcs7.c
@@ -19,6 +19,7 @@
#include <openssl/bytestring.h>
#include <openssl/err.h>
#include <openssl/obj.h>
+#include <openssl/pem.h>
#include <openssl/stack.h>
#include "../bytestring/internal.h"
@@ -213,6 +214,50 @@ err:
return ret;
}
+int PKCS7_get_PEM_certificates(STACK_OF(X509) *out_certs, BIO *pem_bio) {
+ uint8_t *data;
+ long len;
+ int ret;
+
+ /* Even though we pass PEM_STRING_PKCS7 as the expected PEM type here, PEM
+ * internally will actually allow several other values too, including
+ * "CERTIFICATE". */
+ if (!PEM_bytes_read_bio(&data, &len, NULL /* PEM type output */,
+ PEM_STRING_PKCS7, pem_bio,
+ NULL /* password callback */,
+ NULL /* password callback argument */)) {
+ return 0;
+ }
+
+ CBS cbs;
+ CBS_init(&cbs, data, len);
+ ret = PKCS7_get_certificates(out_certs, &cbs);
+ OPENSSL_free(data);
+ return ret;
+}
+
+int PKCS7_get_PEM_CRLs(STACK_OF(X509_CRL) *out_crls, BIO *pem_bio) {
+ uint8_t *data;
+ long len;
+ int ret;
+
+ /* Even though we pass PEM_STRING_PKCS7 as the expected PEM type here, PEM
+ * internally will actually allow several other values too, including
+ * "CERTIFICATE". */
+ if (!PEM_bytes_read_bio(&data, &len, NULL /* PEM type output */,
+ PEM_STRING_PKCS7, pem_bio,
+ NULL /* password callback */,
+ NULL /* password callback argument */)) {
+ return 0;
+ }
+
+ CBS cbs;
+ CBS_init(&cbs, data, len);
+ ret = PKCS7_get_CRLs(out_crls, &cbs);
+ OPENSSL_free(data);
+ return ret;
+}
+
/* pkcs7_bundle writes a PKCS#7, SignedData structure to |out| and then calls
* |cb| with a CBB to which certificate or CRL data can be written, and the
* opaque context pointer, |arg|. The callback can return zero to indicate an