diff options
-rw-r--r-- | lib/includes/gnutls/pkcs7.h | 4 | ||||
-rw-r--r-- | lib/x509/pkcs7.c | 20 |
2 files changed, 18 insertions, 6 deletions
diff --git a/lib/includes/gnutls/pkcs7.h b/lib/includes/gnutls/pkcs7.h index 59b788bc96..376f2d1d4b 100644 --- a/lib/includes/gnutls/pkcs7.h +++ b/lib/includes/gnutls/pkcs7.h @@ -55,7 +55,9 @@ int gnutls_pkcs7_export2(gnutls_pkcs7_t pkcs7, gnutls_datum_t * out); int gnutls_pkcs7_get_signature_count(gnutls_pkcs7_t pkcs7); -int gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_datum_t *data); + +#define GNUTLS_PKCS7_EDATA_GET_RAW (1<<24) +int gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned flags, gnutls_datum_t *data); const char * gnutls_pkcs7_get_embedded_data_oid(gnutls_pkcs7_t pkcs7); diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index 0ff6efdc4a..b2de03f2d4 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -891,16 +891,19 @@ static int figure_pkcs7_sigdata(gnutls_pkcs7_t pkcs7, const char *root, /** * gnutls_pkcs7_get_embedded_data: * @pkcs7: should contain a gnutls_pkcs7_t type - * @flags: must be zero + * @flags: must be zero or %GNUTLS_PKCS7_EDATA_GET_RAW * @data: will hold the embedded data in the provided structure * * This function will return the data embedded in the signature of * the PKCS7 structure. If no data are available then * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. * - * Note, that since a PKCS#7 structure may contain embedded data - * for each attached signature, this function accepts and index which - * corresponds to the signature index to get the data from. + * The returned data must be de-allocated using gnutls_free(). + * + * Note, that this function returns the exact same data that are + * authenticated. If the %GNUTLS_PKCS7_EDATA_GET_RAW flag is provided, + * the returned data will be including the wrapping tag/value as + * they are encoded in the structure. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. @@ -917,7 +920,14 @@ gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned flags, if (pkcs7->der_signed_data.size == 0) return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); - return _gnutls_set_datum(data, pkcs7->der_signed_data.data, pkcs7->der_signed_data.size); + if (flags & GNUTLS_PKCS7_EDATA_GET_RAW) { + if (pkcs7->signed_data == NULL) + return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + + return _gnutls_x509_read_value(pkcs7->signed_data, "encapContentInfo.eContent", data); + } else { + return _gnutls_set_datum(data, pkcs7->der_signed_data.data, pkcs7->der_signed_data.size); + } } /** |