|
|
@@ -28,16 +28,27 @@ static int pkcs7_to_cert(struct hs20_osu_client *ctx, const u8 *pkcs7,
|
|
|
size_t len, char *pem_file, char *der_file)
|
|
|
{
|
|
|
#ifdef OPENSSL_IS_BORINGSSL
|
|
|
- wpa_printf(MSG_ERROR,
|
|
|
- "EST: pkcs7_to_cert not yet supported with BoringSSL");
|
|
|
- return -1;
|
|
|
+ CBS pkcs7_cbs;
|
|
|
#else /* OPENSSL_IS_BORINGSSL */
|
|
|
PKCS7 *p7 = NULL;
|
|
|
const unsigned char *p = pkcs7;
|
|
|
+#endif /* OPENSSL_IS_BORINGSSL */
|
|
|
STACK_OF(X509) *certs;
|
|
|
int i, num, ret = -1;
|
|
|
BIO *out = NULL;
|
|
|
|
|
|
+#ifdef OPENSSL_IS_BORINGSSL
|
|
|
+ certs = sk_X509_new_null();
|
|
|
+ if (!certs)
|
|
|
+ goto fail;
|
|
|
+ CBS_init(&pkcs7_cbs, pkcs7, len);
|
|
|
+ if (!PKCS7_get_certificates(certs, &pkcs7_cbs)) {
|
|
|
+ wpa_printf(MSG_INFO, "Could not parse PKCS#7 object: %s",
|
|
|
+ ERR_error_string(ERR_get_error(), NULL));
|
|
|
+ write_result(ctx, "Could not parse PKCS#7 object from EST");
|
|
|
+ goto fail;
|
|
|
+ }
|
|
|
+#else /* OPENSSL_IS_BORINGSSL */
|
|
|
p7 = d2i_PKCS7(NULL, &p, len);
|
|
|
if (p7 == NULL) {
|
|
|
wpa_printf(MSG_INFO, "Could not parse PKCS#7 object: %s",
|
|
|
@@ -57,6 +68,7 @@ static int pkcs7_to_cert(struct hs20_osu_client *ctx, const u8 *pkcs7,
|
|
|
certs = NULL;
|
|
|
break;
|
|
|
}
|
|
|
+#endif /* OPENSSL_IS_BORINGSSL */
|
|
|
|
|
|
if (!certs || ((num = sk_X509_num(certs)) == 0)) {
|
|
|
wpa_printf(MSG_INFO, "No certificates found in PKCS#7 object");
|
|
|
@@ -89,12 +101,16 @@ static int pkcs7_to_cert(struct hs20_osu_client *ctx, const u8 *pkcs7,
|
|
|
ret = 0;
|
|
|
|
|
|
fail:
|
|
|
+#ifdef OPENSSL_IS_BORINGSSL
|
|
|
+ if (certs)
|
|
|
+ sk_X509_pop_free(certs, X509_free);
|
|
|
+#else /* OPENSSL_IS_BORINGSSL */
|
|
|
PKCS7_free(p7);
|
|
|
+#endif /* OPENSSL_IS_BORINGSSL */
|
|
|
if (out)
|
|
|
BIO_free_all(out);
|
|
|
|
|
|
return ret;
|
|
|
-#endif /* OPENSSL_IS_BORINGSSL */
|
|
|
}
|
|
|
|
|
|
|
Jouni Malinen