diff options
| author | Martin Willi <martin@revosec.ch> | 2012-11-29 11:39:49 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-12-19 10:32:08 +0100 |
| commit | 804ba5bb5051289e54f09ff5a127427b75317db9 (patch) | |
| tree | 257b88e33b47793624d185987b5e1e28a796e2bf /src/libstrongswan/plugins/openssl | |
| parent | 063ae4e52ab1e522694a5e2d4853db5d63a673c0 (diff) | |
| download | strongswan-804ba5bb5051289e54f09ff5a127427b75317db9.tar.bz2 strongswan-804ba5bb5051289e54f09ff5a127427b75317db9.tar.xz | |
Implement get_attribute() in openssl PKCS#7 backend
Diffstat (limited to 'src/libstrongswan/plugins/openssl')
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_pkcs7.c | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c index 95bb93ec6..73748051c 100644 --- a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c +++ b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c @@ -59,9 +59,10 @@ struct CMS_SignerInfo_st { }; /** - * We can't include asn1.h, declare function prototype directly + * We can't include asn1.h, declare function prototypes directly */ chunk_t asn1_wrap(int, const char *mode, ...); +int asn1_unwrap(chunk_t*, chunk_t*); /** * Enumerator for signatures @@ -274,6 +275,39 @@ METHOD(pkcs7_t, get_attribute, bool, private_openssl_pkcs7_t *this, int oid, enumerator_t *enumerator, chunk_t *value) { + signature_enumerator_t *e; + CMS_SignerInfo *si; + X509_ATTRIBUTE *attr; + ASN1_TYPE *type; + chunk_t chunk, wrapped; + int i; + + e = (signature_enumerator_t*)enumerator; + if (e->i <= 0) + { + return FALSE; + } + + /* "i" gets incremeneted after enumerate(), hence read from previous */ + si = sk_CMS_SignerInfo_value(e->signers, e->i - 1); + for (i = 0; i < CMS_signed_get_attr_count(si); i++) + { + attr = CMS_signed_get_attr(si, i); + if (!attr->single && sk_ASN1_TYPE_num(attr->value.set) == 1 && + openssl_asn1_known_oid(attr->object) == oid) + { + /* get first value in SET */ + type = sk_ASN1_TYPE_value(attr->value.set, 0); + chunk = wrapped = openssl_i2chunk(ASN1_TYPE, type); + if (asn1_unwrap(&chunk, &chunk) != 0x100 /* ASN1_INVALID */) + { + *value = chunk_clone(chunk); + free(wrapped.ptr); + return TRUE; + } + free(wrapped.ptr); + } + } return FALSE; } |