diff options
Diffstat (limited to 'src/certificate.c')
-rw-r--r-- | src/certificate.c | 33 |
1 files changed, 23 insertions, 10 deletions
diff --git a/src/certificate.c b/src/certificate.c index acb7b37..36e6b5b 100644 --- a/src/certificate.c +++ b/src/certificate.c @@ -17,7 +17,7 @@ test_x509_name(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, { CK_BYTE_PTR ptr, encoded; CK_ATTRIBUTE attr; - X509_NAME* name; + const char *msg; CK_RV rv; int len; @@ -40,13 +40,9 @@ test_x509_name(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, if(rv != CKR_OK) return p11t_msg_rv(rv); - /* Let openssl parse it */ - ptr = attr.pValue; - name = d2i_X509_NAME(NULL, (const unsigned char**)&ptr, attr.ulValueLen); - if(name == NULL) - return p11t_msg_openssl(); - if(ptr - (CK_BYTE_PTR)attr.pValue != attr.ulValueLen) - return "Extra trailing bytes"; + msg = p11t_certificate_validate_dn(attr.pValue, attr.ulValueLen); + if(msg != NULL) + return msg; /* Serialize the compare one */ len = i2d_X509_NAME(compare, NULL); @@ -63,8 +59,6 @@ test_x509_name(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, free(attr.pValue); free(encoded); - X509_NAME_free(name); - return NULL; } @@ -355,3 +349,22 @@ p11t_certificate_tests(void) p11t_session_close(session); } } + +const char* +p11t_certificate_validate_dn(CK_BYTE_PTR der, CK_ULONG n_der) +{ + CK_BYTE_PTR ptr; + X509_NAME* name; + + /* Let openssl parse it */ + ptr = der; + name = d2i_X509_NAME(NULL, (const unsigned char**)&ptr, n_der); + if(name == NULL) + return p11t_msg_openssl(); + if(ptr - der != n_der) + return "Extra trailing bytes"; + + X509_NAME_free(name); + + return NULL; +} |