diff options
Diffstat (limited to 'src/crypto/x509/pkcs7.c')
| -rw-r--r-- | src/crypto/x509/pkcs7.c | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/src/crypto/x509/pkcs7.c b/src/crypto/x509/pkcs7.c index 9a4e490..bb86077 100644 --- a/src/crypto/x509/pkcs7.c +++ b/src/crypto/x509/pkcs7.c @@ -19,6 +19,7 @@ #include <openssl/bytestring.h> #include <openssl/err.h> #include <openssl/obj.h> +#include <openssl/pem.h> #include <openssl/stack.h> #include "../bytestring/internal.h" @@ -213,6 +214,50 @@ err: return ret; } +int PKCS7_get_PEM_certificates(STACK_OF(X509) *out_certs, BIO *pem_bio) { + uint8_t *data; + long len; + int ret; + + /* Even though we pass PEM_STRING_PKCS7 as the expected PEM type here, PEM + * internally will actually allow several other values too, including + * "CERTIFICATE". */ + if (!PEM_bytes_read_bio(&data, &len, NULL /* PEM type output */, + PEM_STRING_PKCS7, pem_bio, + NULL /* password callback */, + NULL /* password callback argument */)) { + return 0; + } + + CBS cbs; + CBS_init(&cbs, data, len); + ret = PKCS7_get_certificates(out_certs, &cbs); + OPENSSL_free(data); + return ret; +} + +int PKCS7_get_PEM_CRLs(STACK_OF(X509_CRL) *out_crls, BIO *pem_bio) { + uint8_t *data; + long len; + int ret; + + /* Even though we pass PEM_STRING_PKCS7 as the expected PEM type here, PEM + * internally will actually allow several other values too, including + * "CERTIFICATE". */ + if (!PEM_bytes_read_bio(&data, &len, NULL /* PEM type output */, + PEM_STRING_PKCS7, pem_bio, + NULL /* password callback */, + NULL /* password callback argument */)) { + return 0; + } + + CBS cbs; + CBS_init(&cbs, data, len); + ret = PKCS7_get_CRLs(out_crls, &cbs); + OPENSSL_free(data); + return ret; +} + /* pkcs7_bundle writes a PKCS#7, SignedData structure to |out| and then calls * |cb| with a CBB to which certificate or CRL data can be written, and the * opaque context pointer, |arg|. The callback can return zero to indicate an |