Allow serial numbers to be looked up by either DERSerial or decoded Serial.

Needed for bug 171331.

1 files changed, 38 insertions, 0 deletions

diff --git a/security/nss/lib/ckfw/builtins/bfind.c b/security/nss/lib/ckfw/builtins/bfind.c
index 17b94fa15..13f45166f 100644
--- a/security/nss/lib/ckfw/builtins/bfind.c
+++ b/security/nss/lib/ckfw/builtins/bfind.c
@@ -108,6 +108,33 @@ builtins_mdFindObjects_Next
   return nss_builtins_CreateMDObject(arena, io, pError);
 }
 
+static int
+builtins_derUnwrapInt(unsigned char *src, int size, unsigned char **dest) {
+    unsigned char *start = src;
+    int len = 0;
+
+    if (*src ++ != 2) {
+	return 0;
+    }
+    len = *src++;
+    if (len & 0x80) {
+	int count = len & 0x7f;
+	len =0;
+
+	if (count+2 > size) {
+	    return 0;
+	}
+	while (count-- > 0) {
+	    len = (len << 8) | *src++;
+	}
+    }
+    if (len + (src-start) != size) {
+	return 0;
+    }
+    *dest = src;
+    return len;
+}
+
 static CK_BBOOL
 builtins_attrmatch
 (
@@ -118,6 +145,17 @@ builtins_attrmatch
   PRBool prb;
 
   if( a->ulValueLen != b->size ) {
+    /* match a decoded serial number */
+    if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) {
+	int len;
+	unsigned char *data;
+
+	len = builtins_derUnwrapInt(b->data,b->size,&data);
+	if ((len == a->ulValueLen) && 
+		nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) {
+	    return CK_TRUE;
+	}
+    }
     return CK_FALSE;
   }