summaryrefslogtreecommitdiffstats
path: root/src/crypto/x509/pkcs7.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/crypto/x509/pkcs7.c')
-rw-r--r--src/crypto/x509/pkcs7.c45
1 files changed, 45 insertions, 0 deletions
diff --git a/src/crypto/x509/pkcs7.c b/src/crypto/x509/pkcs7.c
index 9a4e490..bb86077 100644
--- a/src/crypto/x509/pkcs7.c
+++ b/src/crypto/x509/pkcs7.c
@@ -19,6 +19,7 @@
#include <openssl/bytestring.h>
#include <openssl/err.h>
#include <openssl/obj.h>
+#include <openssl/pem.h>
#include <openssl/stack.h>
#include "../bytestring/internal.h"
@@ -213,6 +214,50 @@ err:
return ret;
}
+int PKCS7_get_PEM_certificates(STACK_OF(X509) *out_certs, BIO *pem_bio) {
+ uint8_t *data;
+ long len;
+ int ret;
+
+ /* Even though we pass PEM_STRING_PKCS7 as the expected PEM type here, PEM
+ * internally will actually allow several other values too, including
+ * "CERTIFICATE". */
+ if (!PEM_bytes_read_bio(&data, &len, NULL /* PEM type output */,
+ PEM_STRING_PKCS7, pem_bio,
+ NULL /* password callback */,
+ NULL /* password callback argument */)) {
+ return 0;
+ }
+
+ CBS cbs;
+ CBS_init(&cbs, data, len);
+ ret = PKCS7_get_certificates(out_certs, &cbs);
+ OPENSSL_free(data);
+ return ret;
+}
+
+int PKCS7_get_PEM_CRLs(STACK_OF(X509_CRL) *out_crls, BIO *pem_bio) {
+ uint8_t *data;
+ long len;
+ int ret;
+
+ /* Even though we pass PEM_STRING_PKCS7 as the expected PEM type here, PEM
+ * internally will actually allow several other values too, including
+ * "CERTIFICATE". */
+ if (!PEM_bytes_read_bio(&data, &len, NULL /* PEM type output */,
+ PEM_STRING_PKCS7, pem_bio,
+ NULL /* password callback */,
+ NULL /* password callback argument */)) {
+ return 0;
+ }
+
+ CBS cbs;
+ CBS_init(&cbs, data, len);
+ ret = PKCS7_get_CRLs(out_crls, &cbs);
+ OPENSSL_free(data);
+ return ret;
+}
+
/* pkcs7_bundle writes a PKCS#7, SignedData structure to |out| and then calls
* |cb| with a CBB to which certificate or CRL data can be written, and the
* opaque context pointer, |arg|. The callback can return zero to indicate an