diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-06-09 08:06:33 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-06-12 10:12:59 +0200 |
commit | 9138682e288a38cf80da51cc81e5a6df70fc2088 (patch) | |
tree | 5d3928186b02d113d3c79ee0563f1bc7c2ad7c08 | |
parent | b5b81be35518cd30e2afed0f6dec67c973bb9cfd (diff) | |
download | gnutls-9138682e288a38cf80da51cc81e5a6df70fc2088.tar.gz |
pkcs11: do not set leading zeros when writing integers
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/pkcs11_write.c | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index 28a8d86528..666b6d1e41 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -279,6 +279,19 @@ gnutls_pkcs11_copy_x509_privkey(const char *token_url, return gnutls_pkcs11_copy_x509_privkey2(token_url, key, label, NULL, key_usage, flags); } +static void skip_leading_zeros(gnutls_datum_t *d) +{ + unsigned nr = 0; + + while(nr < d->size && d->data[nr] == 0) + nr++; + if (nr > 0) { + d->size -= nr; + if (d->size > 0) + memmove(d->data, &d->data[nr], d->size); + } +} + /** * gnutls_pkcs11_copy_x509_privkey2: * @token_url: A PKCS #11 URL specifying a token @@ -447,6 +460,15 @@ gnutls_pkcs11_copy_x509_privkey2(const char *token_url, type = CKK_RSA; + skip_leading_zeros(&m); + skip_leading_zeros(&e); + skip_leading_zeros(&d); + skip_leading_zeros(&p); + skip_leading_zeros(&q); + skip_leading_zeros(&u); + skip_leading_zeros(&exp1); + skip_leading_zeros(&exp2); + a[a_val].type = CKA_MODULUS; a[a_val].value = m.data; a[a_val].value_len = m.size; @@ -501,6 +523,12 @@ gnutls_pkcs11_copy_x509_privkey2(const char *token_url, type = CKK_DSA; + skip_leading_zeros(&p); + skip_leading_zeros(&q); + skip_leading_zeros(&g); + skip_leading_zeros(&y); + skip_leading_zeros(&x); + a[a_val].type = CKA_PRIME; a[a_val].value = p.data; a[a_val].value_len = p.size; @@ -534,8 +562,8 @@ gnutls_pkcs11_copy_x509_privkey2(const char *token_url, } ret = - _gnutls_mpi_dprint_lz(key->params. - params[ECC_K], &x); + _gnutls_mpi_dprint(key->params. + params[ECC_K], &x); if (ret < 0) { gnutls_assert(); goto cleanup; |