summaryrefslogtreecommitdiff
path: root/trust/parser.c
diff options
context:
space:
mode:
Diffstat (limited to 'trust/parser.c')
-rw-r--r--trust/parser.c32
1 files changed, 19 insertions, 13 deletions
diff --git a/trust/parser.c b/trust/parser.c
index f89092f..6bf8c94 100644
--- a/trust/parser.c
+++ b/trust/parser.c
@@ -507,7 +507,7 @@ parse_openssl_trusted_certificate (p11_parser *parser,
CK_ATTRIBUTE *value;
char *label = NULL;
node_asn *cert;
- node_asn *aux;
+ node_asn *aux = NULL;
ssize_t cert_len;
size_t len;
int start;
@@ -529,10 +529,14 @@ parse_openssl_trusted_certificate (p11_parser *parser,
if (cert == NULL)
return P11_PARSE_UNRECOGNIZED;
- aux = p11_asn1_decode (parser->asn1_defs, "OPENSSL.CertAux", data + cert_len, length - cert_len, message);
- if (aux == NULL) {
- asn1_delete_structure (&cert);
- return P11_PARSE_UNRECOGNIZED;
+ /* OpenSSL sometimes outputs TRUSTED CERTIFICATE format without the CertAux supplement */
+ if (cert_len < length) {
+ aux = p11_asn1_decode (parser->asn1_defs, "OPENSSL.CertAux", data + cert_len,
+ length - cert_len, message);
+ if (aux == NULL) {
+ asn1_delete_structure (&cert);
+ return P11_PARSE_UNRECOGNIZED;
+ }
}
/* The CKA_ID links related objects */
@@ -558,17 +562,19 @@ parse_openssl_trusted_certificate (p11_parser *parser,
value->pValue, value->ulValueLen);
/* Pull the label out of the CertAux */
- len = 0;
- label = p11_asn1_read (aux, "alias", &len);
- if (label != NULL) {
- attrs = p11_attrs_take (attrs, CKA_LABEL, label, strlen (label));
+ if (aux) {
+ len = 0;
+ label = p11_asn1_read (aux, "alias", &len);
+ if (label != NULL) {
+ attrs = p11_attrs_take (attrs, CKA_LABEL, label, strlen (label));
+ return_val_if_fail (attrs != NULL, P11_PARSE_FAILURE);
+ }
+
+ attrs = build_openssl_extensions (parser, attrs, &id, &public_key_info, aux,
+ data + cert_len, length - cert_len);
return_val_if_fail (attrs != NULL, P11_PARSE_FAILURE);
}
- attrs = build_openssl_extensions (parser, attrs, &id, &public_key_info, aux,
- data + cert_len, length - cert_len);
- return_val_if_fail (attrs != NULL, P11_PARSE_FAILURE);
-
sink_object (parser, attrs);
asn1_delete_structure (&aux);