pkcs11: on object import always check for a support public key algorithm

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-07-04 15:19:32 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-07-04 15:19:32 +0200
commit: 8fcaf65b5e736f7c8a15e65992ec77176b3288cb (patch)
tree: 176f1cef16c26908255b30b4796cb7256ebf300b
parent: 568935848dd6b82b9315d8b6c529d00e2605e03d (diff)
download: gnutls-8fcaf65b5e736f7c8a15e65992ec77176b3288cb.tar.gz
1 files changed, 8 insertions, 6 deletions
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index 84de556734..7c36094f00 100644
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -445,6 +445,7 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
 
 	FIND_OBJECT(pkey);
 
+	pkey->pk_algorithm = GNUTLS_PK_UNKNOWN;
 	a[0].type = CKA_KEY_TYPE;
 	a[0].value = &key_type;
 	a[0].value_len = sizeof(key_type);
@@ -452,12 +453,13 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
 	if (pkcs11_get_attribute_value(pkey->sinfo.module, pkey->sinfo.pks, pkey->ref, a, 1)
 	    == CKR_OK) {
 		pkey->pk_algorithm = key_type_to_pk(key_type);
-		if (pkey->pk_algorithm == GNUTLS_PK_UNKNOWN) {
-			_gnutls_debug_log
-			    ("Cannot determine PKCS #11 key algorithm\n");
-			ret = GNUTLS_E_UNKNOWN_ALGORITHM;
-			goto cleanup;
-		}
+	}
+
+	if (pkey->pk_algorithm == GNUTLS_PK_UNKNOWN) {
+		_gnutls_debug_log
+		    ("Cannot determine PKCS #11 key algorithm\n");
+		ret = GNUTLS_E_UNKNOWN_ALGORITHM;
+		goto cleanup;
 	}
 
 	a[0].type = CKA_ALWAYS_AUTHENTICATE;
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-07-04 15:19:32 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-07-04 15:19:32 +0200
commit	8fcaf65b5e736f7c8a15e65992ec77176b3288cb (patch)
tree	176f1cef16c26908255b30b4796cb7256ebf300b
parent	568935848dd6b82b9315d8b6c529d00e2605e03d (diff)
download	gnutls-8fcaf65b5e736f7c8a15e65992ec77176b3288cb.tar.gz