diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c index 88f47f58..a3aab5b3 100644 --- a/src/pkcs11/framework-pkcs15.c +++ b/src/pkcs11/framework-pkcs15.c @@ -3608,7 +3608,7 @@ pkcs15_prkey_decrypt(struct sc_pkcs11_session *session, void *obj, struct sc_pkcs11_card *p11card = session->slot->p11card; struct pkcs15_fw_data *fw_data = NULL; struct pkcs15_prkey_object *prkey; - unsigned char decrypted[256]; /* FIXME: Will not work for keys above 2048 bits */ + unsigned char decrypted[512]; /* FIXME: Will not work for keys above 4096 bits */ int buff_too_small, rv, flags = 0, prkey_has_path = 0; sc_log(context, "Initiating decryption."); diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index ca49a168..061dec75 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -3901,7 +3901,7 @@ static int test_signature(CK_SESSION_HANDLE sess) CK_MECHANISM_TYPE firstMechType; CK_SESSION_INFO sessionInfo; CK_ULONG i, j; - unsigned char data[256]; + unsigned char data[512]; /* FIXME: Will not work for keys above 4096 bits */ CK_ULONG modLenBytes = 0; CK_ULONG dataLen; unsigned char sig1[1024], sig2[1024]; @@ -4115,7 +4115,7 @@ static int test_signature(CK_SESSION_HANDLE sess) /* 4rd test: the other signature keys */ for (i = 0; mechTypes[i] != 0xffffff; i++) - if (i == firstMechType) + if (mechTypes[i] == firstMechType) break; ck_mech.mechanism = mechTypes[i]; j = 1; /* j-th signature key */ @@ -4126,6 +4126,16 @@ static int test_signature(CK_SESSION_HANDLE sess) modLenBits = get_private_key_length(sess, privKeyObject); modLenBytes = (modLenBits + 7) / 8; + /* Fill in data[0] and dataLens[0] */ + dataLen = modLenBytes; + data[0] = 0x00; + data[1] = 0x01; + memset(data + 2, 0xFF, dataLen - 3 - dataLens[1]); + data[dataLen - 36] = 0x00; + memcpy(data + (dataLen - dataLens[1]), datas[1], dataLens[1]); + datas[0] = data; + dataLens[0] = dataLen; + printf(" testing key %d (%u bits%s%s) with 1 signature mechanism", (int) (j-1), (int) modLenBits,