diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-12-08 10:52:43 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-12-08 11:00:48 +0100 |
commit | 82ad445cb8164eb9e445b3c09e874151ded9f297 (patch) | |
tree | 4a3f492416e006e761bdb35ffdbde66914867ece | |
parent | b3dfdd1e9f7457cc5579c30c322848c96c8b357e (diff) | |
download | gnutls-82ad445cb8164eb9e445b3c09e874151ded9f297.tar.gz |
Do not allow importing public keys from PKCS #11 private keys for DSA and ECDSA
This prevents the reading of the public key when non-RSA keys are available. This
is a much cleaner approach than 5a4e692511dc3a829eda0d7c5a87e56cbc2055f0.
-rw-r--r-- | lib/pkcs11_privkey.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index 60a131010c..240757ac2a 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -1021,6 +1021,14 @@ _pkcs11_privkey_get_pubkey (gnutls_pkcs11_privkey_t pkey, gnutls_pubkey_t *pub, obj->pk_algorithm = gnutls_pkcs11_privkey_get_pk_algorithm(pkey, 0); obj->type = GNUTLS_PKCS11_OBJ_PUBKEY; pk_to_genmech(obj->pk_algorithm, &key_type); + + /* we can only read the public key from RSA keys */ + if (key_type != CKK_RSA) { + gnutls_assert(); + ret = GNUTLS_E_UNIMPLEMENTED_FEATURE; + goto cleanup; + } + ret = pkcs11_read_pubkey(pkey->sinfo.module, pkey->sinfo.pks, pkey->ref, key_type, obj); if (ret < 0) { gnutls_assert(); |