diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-06-16 10:08:34 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-06-16 10:56:50 +0200 |
commit | cfcdd1c0e532bbd8815a4003311f1cd7ef21156b (patch) | |
tree | ba0528ed8b8e52c33f7cfc682ac8c7f451a1ace5 /lib | |
parent | 16f28ae4f7b64a1346a4e478e62b5359341d833a (diff) | |
download | gnutls-cfcdd1c0e532bbd8815a4003311f1cd7ef21156b.tar.gz |
Corrected the writing of serial number in PKCS#11 modules
That is previously the serial number was written in raw format, but
in PKCS#11 the serial number must be set encoded as integer. Report
and fix by Stanislav Zidek.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/pkcs11_write.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index ed4809c072..29090093c7 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -97,6 +97,7 @@ gnutls_pkcs11_copy_x509_crt2(const char *token_url, struct p11_kit_uri *info = NULL; ck_rv_t rv; size_t der_size, id_size, serial_size; + gnutls_datum_t serial_der = {NULL, 0}; uint8_t *der = NULL; uint8_t serial[128]; uint8_t id[20]; @@ -201,10 +202,13 @@ gnutls_pkcs11_copy_x509_crt2(const char *token_url, serial_size = sizeof(serial); if (gnutls_x509_crt_get_serial(crt, serial, &serial_size) >= 0) { - a[a_val].type = CKA_SERIAL_NUMBER; - a[a_val].value = (void *) serial; - a[a_val].value_len = serial_size; - a_val++; + ret = _gnutls_x509_ext_gen_number(serial, serial_size, &serial_der); + if (ret >= 0) { + a[a_val].type = CKA_SERIAL_NUMBER; + a[a_val].value = (void *) serial_der.data; + a[a_val].value_len = serial_der.size; + a_val++; + } } if (label) { @@ -231,6 +235,7 @@ gnutls_pkcs11_copy_x509_crt2(const char *token_url, cleanup: gnutls_free(der); + gnutls_free(serial_der.data); pkcs11_close_session(&sinfo); return ret; |