diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-06-16 10:58:55 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-06-16 10:58:55 +0200 |
commit | 1b74ddbabbe8610873b6e6d073a32ec8a0444a2c (patch) | |
tree | 6ee37682be67be92945a60384aecb3aa387c7b04 | |
parent | b8b1569322cfa62175695a3dd247e983e5ed2142 (diff) | |
download | gnutls-1b74ddbabbe8610873b6e6d073a32ec8a0444a2c.tar.gz |
Corrected the writing of serial number in PKCS#11 modules
That is previously the serial number was written in raw format, but
in PKCS#11 the serial number must be set encoded as integer. Report
and fix by Stanislav Zidek.
-rw-r--r-- | lib/pkcs11_write.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index a66bdf62b0..235daf5e7d 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -60,6 +60,7 @@ gnutls_pkcs11_copy_x509_crt(const char *token_url, ck_object_class_t class = CKO_CERTIFICATE; ck_certificate_type_t type = CKC_X_509; ck_object_handle_t obj; + gnutls_datum_t serial_der = {NULL, 0}; int a_val; unsigned long category; struct pkcs11_session_info sinfo; @@ -152,10 +153,13 @@ gnutls_pkcs11_copy_x509_crt(const char *token_url, serial_size = sizeof(serial); if (gnutls_x509_crt_get_serial(crt, serial, &serial_size) >= 0) { - a[a_val].type = CKA_SERIAL_NUMBER; - a[a_val].value = (void *) serial; - a[a_val].value_len = serial_size; - a_val++; + ret = _gnutls_x509_ext_gen_number(serial, serial_size, &serial_der); + if (ret >= 0) { + a[a_val].type = CKA_SERIAL_NUMBER; + a[a_val].value = (void *) serial; + a[a_val].value_len = serial_size; + a_val++; + } } if (label) { @@ -212,6 +216,7 @@ gnutls_pkcs11_copy_x509_crt(const char *token_url, cleanup: gnutls_free(der); + gnutls_free(serial_der.data); pkcs11_close_session(&sinfo); return ret; |