diff options
author | Adam Langley <agl@google.com> | 2015-02-27 13:04:41 -0800 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2015-02-27 13:04:41 -0800 |
commit | 13a2c994a655cbabc53ccaae76c83d6ece01e183 (patch) | |
tree | 72221e6482fb0d327fdcfa9eff0d66d1cb79c39a /src/crypto/x509/pkcs7.c | |
parent | 46ba7161f20f8b1e6729384a98e1b9973ed3c908 (diff) | |
download | external_boringssl-13a2c994a655cbabc53ccaae76c83d6ece01e183.zip external_boringssl-13a2c994a655cbabc53ccaae76c83d6ece01e183.tar.gz external_boringssl-13a2c994a655cbabc53ccaae76c83d6ece01e183.tar.bz2 |
Add support for reading PKCS#7 data from PEM files.
(This is a backport of upstream BoringSSL's
4e581b5378d7ef435c9abe39ad5c2a334bd7b6e9.)
Change-Id: If799791f28cd37ce810c0065939cf1942771c7f7
Diffstat (limited to 'src/crypto/x509/pkcs7.c')
-rw-r--r-- | src/crypto/x509/pkcs7.c | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/src/crypto/x509/pkcs7.c b/src/crypto/x509/pkcs7.c index 9a4e490..bb86077 100644 --- a/src/crypto/x509/pkcs7.c +++ b/src/crypto/x509/pkcs7.c @@ -19,6 +19,7 @@ #include <openssl/bytestring.h> #include <openssl/err.h> #include <openssl/obj.h> +#include <openssl/pem.h> #include <openssl/stack.h> #include "../bytestring/internal.h" @@ -213,6 +214,50 @@ err: return ret; } +int PKCS7_get_PEM_certificates(STACK_OF(X509) *out_certs, BIO *pem_bio) { + uint8_t *data; + long len; + int ret; + + /* Even though we pass PEM_STRING_PKCS7 as the expected PEM type here, PEM + * internally will actually allow several other values too, including + * "CERTIFICATE". */ + if (!PEM_bytes_read_bio(&data, &len, NULL /* PEM type output */, + PEM_STRING_PKCS7, pem_bio, + NULL /* password callback */, + NULL /* password callback argument */)) { + return 0; + } + + CBS cbs; + CBS_init(&cbs, data, len); + ret = PKCS7_get_certificates(out_certs, &cbs); + OPENSSL_free(data); + return ret; +} + +int PKCS7_get_PEM_CRLs(STACK_OF(X509_CRL) *out_crls, BIO *pem_bio) { + uint8_t *data; + long len; + int ret; + + /* Even though we pass PEM_STRING_PKCS7 as the expected PEM type here, PEM + * internally will actually allow several other values too, including + * "CERTIFICATE". */ + if (!PEM_bytes_read_bio(&data, &len, NULL /* PEM type output */, + PEM_STRING_PKCS7, pem_bio, + NULL /* password callback */, + NULL /* password callback argument */)) { + return 0; + } + + CBS cbs; + CBS_init(&cbs, data, len); + ret = PKCS7_get_CRLs(out_crls, &cbs); + OPENSSL_free(data); + return ret; +} + /* pkcs7_bundle writes a PKCS#7, SignedData structure to |out| and then calls * |cb| with a CBB to which certificate or CRL data can be written, and the * opaque context pointer, |arg|. The callback can return zero to indicate an |