aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins
diff options
context:
space:
mode:
authorMartin Willi <martin@revosec.ch>2012-11-29 16:35:06 +0100
committerMartin Willi <martin@revosec.ch>2012-12-19 10:32:08 +0100
commit0a344da291105642e7d214433c266559bedd4ba9 (patch)
treea75cfdaad50ba0aa1f27b3985189d49234adb5f1 /src/libstrongswan/plugins
parent71dd4e78954fce85f2891e38e78d38034c443d61 (diff)
downloadstrongswan-0a344da291105642e7d214433c266559bedd4ba9.tar.bz2
strongswan-0a344da291105642e7d214433c266559bedd4ba9.tar.xz
Fix up serialNumber in openssl PKCS#7 if it has a leading MSB set
Diffstat (limited to 'src/libstrongswan/plugins')
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_pkcs7.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c
index 02f866b76..6cd243c61 100644
--- a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c
+++ b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c
@@ -593,6 +593,7 @@ static bool decrypt(private_openssl_pkcs7_t *this,
X509_ALGOR *alg;
X509_NAME *name;
ASN1_INTEGER *sn;
+ u_char zero = 0;
int oid;
if (CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg) == 1 &&
@@ -609,8 +610,12 @@ static bool decrypt(private_openssl_pkcs7_t *this,
{
continue;
}
- serial = identification_create_from_encoding(
- ID_KEY_ID, openssl_asn1_str2chunk(sn));
+ chunk = openssl_asn1_str2chunk(sn);
+ if (chunk.len && chunk.ptr[0] | 0x80)
+ { /* if MSB is set, append a zero to make it non-negative */
+ chunk = chunk_cata("cc", chunk_from_thing(zero), chunk);
+ }
+ serial = identification_create_from_encoding(ID_KEY_ID, chunk);
private = find_private(issuer, serial);
issuer->destroy(issuer);
serial->destroy(serial);
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-26 18:52:30 +0000