diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-12-08 10:52:43 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-12-08 10:53:03 +0100 |
commit | 52fc6ac3242415a5dbd87370720e4f978a5c30ad (patch) | |
tree | a3647654d3b0b89c22001103bc75cc5326e7856a | |
parent | 4c95a73caeafb8c0cfa928dd412763c2b98c0abe (diff) | |
download | gnutls-52fc6ac3242415a5dbd87370720e4f978a5c30ad.tar.gz |
Do not allow importing public keys from PKCS #11 private keys for DSA and ECDSA
This prevents the reading of the public key when non-RSA keys are available. This
is a much cleaner approach than 5a4e692511dc3a829eda0d7c5a87e56cbc2055f0.
-rw-r--r-- | lib/pkcs11_privkey.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index a512534edc..237af98c18 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -1021,6 +1021,14 @@ _pkcs11_privkey_get_pubkey (gnutls_pkcs11_privkey_t pkey, gnutls_pubkey_t *pub, obj->pk_algorithm = gnutls_pkcs11_privkey_get_pk_algorithm(pkey, 0); obj->type = GNUTLS_PKCS11_OBJ_PUBKEY; pk_to_genmech(obj->pk_algorithm, &key_type); + + /* we can only read the public key from RSA keys */ + if (key_type != CKK_RSA) { + gnutls_assert(); + ret = GNUTLS_E_UNIMPLEMENTED_FEATURE; + goto cleanup; + } + ret = pkcs11_read_pubkey(pkey->sinfo.module, pkey->sinfo.pks, pkey->ref, key_type, obj); if (ret < 0) { gnutls_assert(); |