diff --git a/ykcs11/token_vendors.c b/ykcs11/token_vendors.c index 2f2ad7d..aa50ad2 100644 --- a/ykcs11/token_vendors.c +++ b/ykcs11/token_vendors.c @@ -158,7 +158,7 @@ static CK_RV COMMON_token_generate_key(ykpiv_state *state, CK_BBOOL rsa, static CK_RV COMMON_token_import_cert(ykpiv_state *state, CK_ULONG cert_id, CK_BYTE_PTR in) { - unsigned char certdata[2100]; + unsigned char certdata[3072]; unsigned char *certptr; CK_ULONG cert_len; @@ -168,7 +168,7 @@ static CK_RV COMMON_token_import_cert(ykpiv_state *state, CK_ULONG cert_id, CK_B if ((rv = do_check_cert(in, &cert_len)) != CKR_OK) return rv; - if (cert_len > 2100) + if (cert_len > 3072) return CKR_FUNCTION_FAILED; certptr = certdata; diff --git a/ykcs11/ykcs11.c b/ykcs11/ykcs11.c index cbb56b1..e0e4497 100644 --- a/ykcs11/ykcs11.c +++ b/ykcs11/ykcs11.c @@ -438,7 +438,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)( CK_RV rv; piv_obj_id_t *cert_ids; CK_ULONG i; - CK_BYTE cert_data[2100]; // Max cert value for ykpiv + CK_BYTE cert_data[3072]; // Max cert value for ykpiv CK_ULONG cert_len = sizeof(cert_data); DIN; // TODO: pApplication and Notify @@ -2115,7 +2115,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GenerateKeyPair)( CK_ULONG pvtk_id; CK_ULONG pubk_id; piv_obj_id_t *obj_ptr; - CK_BYTE cert_data[2100]; + CK_BYTE cert_data[3072]; CK_ULONG cert_len; DIN;