diff options
Diffstat (limited to 'lib/x509/pkcs7.c')
-rw-r--r-- | lib/x509/pkcs7.c | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index 0ff6efdc4a..b2de03f2d4 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -891,16 +891,19 @@ static int figure_pkcs7_sigdata(gnutls_pkcs7_t pkcs7, const char *root, /** * gnutls_pkcs7_get_embedded_data: * @pkcs7: should contain a gnutls_pkcs7_t type - * @flags: must be zero + * @flags: must be zero or %GNUTLS_PKCS7_EDATA_GET_RAW * @data: will hold the embedded data in the provided structure * * This function will return the data embedded in the signature of * the PKCS7 structure. If no data are available then * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. * - * Note, that since a PKCS#7 structure may contain embedded data - * for each attached signature, this function accepts and index which - * corresponds to the signature index to get the data from. + * The returned data must be de-allocated using gnutls_free(). + * + * Note, that this function returns the exact same data that are + * authenticated. If the %GNUTLS_PKCS7_EDATA_GET_RAW flag is provided, + * the returned data will be including the wrapping tag/value as + * they are encoded in the structure. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. @@ -917,7 +920,14 @@ gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned flags, if (pkcs7->der_signed_data.size == 0) return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); - return _gnutls_set_datum(data, pkcs7->der_signed_data.data, pkcs7->der_signed_data.size); + if (flags & GNUTLS_PKCS7_EDATA_GET_RAW) { + if (pkcs7->signed_data == NULL) + return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + + return _gnutls_x509_read_value(pkcs7->signed_data, "encapContentInfo.eContent", data); + } else { + return _gnutls_set_datum(data, pkcs7->der_signed_data.data, pkcs7->der_signed_data.size); + } } /** |