p11tool crashes when trying to display very long CKA_IDs
Description of problem:
p11tool is able to display the PKCS#11 URI for an object with a CKA_ID longer than 42 bytes, but crashes when displaying the colon-delimited version.
As far as I know, the PKCS#11 spec puts no limit on the size of a CKA_ID.
Version of gnutls used:
3.6.2-3.fc28
Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Fedora 28
How reproducible:
Steps to Reproduce:
- Using some other tool, create an object with an pretty long CKA_ID. I triggered this with a 68 byte ID.
- Invoke
p11tool --list-all
on the token.
Actual results:
$ p11tool --list-all 'pkcs11:model=SLB9670'
Object 0:
URL: pkcs11:model=SLB9670;manufacturer=IFX;serial=;token=TPM2.0;id=%30%30%30%62%30%37%62%63%34%37%66%33%37%33%63%35%36%37%64%38%32%31%61%61%30%63%61%34%63%38%36%36%37%65%66%62%66%39%36%62%32%62%64%34%32%37%34%61%36%39%36%30%30%66%33%65%65%39%37%35%37%32%38%38%31%31%30%34;type=public
Type: Public key
Label:
Error in pkcs11_list:333: The given memory buffer is too short to hold parameters.
Expected results:
After truncating the CKA_ID to 42 bytes with the PKCS#11 library I wrote, I can get it to print the ID. So the expected result would be this for Object 0, but longer.
$ p11tool --list-all 'pkcs11:model=SLB9670'
Object 0:
URL: pkcs11:model=SLB9670;manufacturer=IFX;serial=;token=TPM2.0;id=%30%30%30%62%30%37%62%63%34%37%66%33%37%33%63%35%36%37%64%38%32%31%61%61%30%63%61%34%63%38%36%36%37%65%66%62%66%39%36%62%32%62;type=public
Type: Public key
Label:
ID: 30:30:30:62:30:37:62:63:34:37:66:33:37:33:63:35:36:37:64:38:32:31:61:61:30:63:61:34:63:38:36:36:37:65:66:62:66:39:36:62:32:62
Edited by Mark Ignacio