diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-12-08 10:52:43 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-12-08 13:09:10 +0100 |
commit | 9520ca1a8ebb9c57154915edba8fd0c9534b9016 (patch) | |
tree | e231d81115db1f20325b0fdf76a8765655755881 | |
parent | 3b66fabaa789b0ff4774054e75b6f8fa7b7d2a74 (diff) | |
download | gnutls-9520ca1a8ebb9c57154915edba8fd0c9534b9016.tar.gz |
Do not allow importing public keys from PKCS #11 private keys for DSA and ECDSA
This prevents the reading of the public key when non-RSA keys are available. This
is a much cleaner approach than 5a4e692511dc3a829eda0d7c5a87e56cbc2055f0.
-rw-r--r-- | lib/pkcs11_privkey.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index fbbf49365e..fb6e776bfb 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -907,6 +907,14 @@ _pkcs11_privkey_get_pubkey (gnutls_pkcs11_privkey_t pkey, gnutls_pubkey_t *pub, obj->pk_algorithm = gnutls_pkcs11_privkey_get_pk_algorithm(pkey, 0); obj->type = GNUTLS_PKCS11_OBJ_PUBKEY; pk_to_genmech(obj->pk_algorithm, &key_type); + + /* we can only read the public key from RSA keys */ + if (key_type != CKK_RSA) { + gnutls_assert(); + ret = GNUTLS_E_UNIMPLEMENTED_FEATURE; + goto cleanup; + } + ret = pkcs11_read_pubkey(pkey->sinfo.module, pkey->sinfo.pks, pkey->ref, key_type, obj); if (ret < 0) { gnutls_assert(); |