API Reference | developer.brewmp.com API Reference | developer.brewmp.com

Developer

API Reference

ICERTBAG_ADDCERT()

Brew Release
Brew MP 1.0.2
See Also
Error Codes ICertBag ICertBag_AddOpt() CERTDATAOPT
Description
The preferred alternate to ICertBag_AddOpt() to add certs.
Params
pif
[]:
The interface pointer.
nCertType
[]:
CERTDATAOPT_ROOT_CERTS, CERTDATAOPT_LEAF_CERT or CERTDATAOPT_BRANCH_CERTS.
cpCert
[]:
Pointer to DER encoded certificate in buffer.
nDataLen
[in]:
Length of input buffer cpCert.
pnCertLen
[out]:
Length of certificate actually added.
Interface
Prototype
  •     int ICertBag_AddCert
        (
           ICertBag *pif,
           int32 nCertType,
           const uint8 *cpCert,
           int nDataLen,
           int *pnCertLen
        );
    
Return
  • AEE_SUCCESS: Certificate was successfully added. AEE_ENOMEMORY: Can't add due to lack of memory. AEE_EMEMPTR: ASN.1/DER length of object greater than nDataLen. AEE_EREADONLY: Cert bag is read only and certs can't be added.
    Other implementation specific error codes
Side Effect
  • None
Comments
ASN.1/DER formatted certs can be added directly with ICertBag_AddOpt(), however there is no proper buffer length checking when that is done and this may result in a buffer overrun if a corrupt cert is added. Often certificates come from untrusted servers so one cannot generally assume certs are not corrupt. nDataLen gives the length of the data buffer the cert is in and is assumed to all be valid memory. It may be the length of a buffer that contains several certs or a cert and some other data. This function parses the first few bytes of the buffer assuming it is DER encoded TLV (Type, Length & Value). It decodes the length and returns it in pnCertLen if it is not NULL. It also checks that the cert length is less than nDataLen. If not, it returns AEE_EMEMPTR. The value returned in pnCertLen can be used to determine how much of the buffer was consumed out of the buffer. Note that the length of the DER cert is returned even if AEE_EMEMPTR is returned as long as the TLV can be parsed. It returns 0 if it can't be. If the data is not in the ASN.1/DER format you'll probably get the AEE_EMEMPTR error. No other checking is performed other than the length check.