Do not allow importing public keys from PKCS #11 private keys for DSA and ECDSA

This prevents the reading of the public key when non-RSA keys are available. This is a much cleaner approach than 5a4e692511dc3a829eda0d7c5a87e56cbc2055f0.
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2015-12-08 10:52:43 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2015-12-08 11:00:48 +0100
commit: 82ad445cb8164eb9e445b3c09e874151ded9f297 (patch)
tree: 4a3f492416e006e761bdb35ffdbde66914867ece
parent: b3dfdd1e9f7457cc5579c30c322848c96c8b357e (diff)
download: gnutls-82ad445cb8164eb9e445b3c09e874151ded9f297.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index 60a131010c..240757ac2a 100644
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -1021,6 +1021,14 @@ _pkcs11_privkey_get_pubkey (gnutls_pkcs11_privkey_t pkey, gnutls_pubkey_t *pub,
 	obj->pk_algorithm = gnutls_pkcs11_privkey_get_pk_algorithm(pkey, 0);
 	obj->type = GNUTLS_PKCS11_OBJ_PUBKEY;
 	pk_to_genmech(obj->pk_algorithm, &key_type);
+
+	/* we can only read the public key from RSA keys */
+	if (key_type != CKK_RSA) {
+		gnutls_assert();
+		ret = GNUTLS_E_UNIMPLEMENTED_FEATURE;
+		goto cleanup;
+	}
+
 	ret = pkcs11_read_pubkey(pkey->sinfo.module, pkey->sinfo.pks, pkey->ref, key_type, obj);
 	if (ret < 0) {
 		gnutls_assert();
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2015-12-08 10:52:43 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2015-12-08 11:00:48 +0100
commit	82ad445cb8164eb9e445b3c09e874151ded9f297 (patch)
tree	4a3f492416e006e761bdb35ffdbde66914867ece
parent	b3dfdd1e9f7457cc5579c30c322848c96c8b357e (diff)
download	gnutls-82ad445cb8164eb9e445b3c09e874151ded9f297.tar.gz