From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Mon, 4 Jul 2016 13:19:32 +0000 (+0200)
Subject: pkcs11: on object import always check for a support public key algorithm
X-Git-Tag: gnutls_3_5_2~11
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8fcaf65b5e736f7c8a15e65992ec77176b3288cb;p=thirdparty%2Fgnutls.git

pkcs11: on object import always check for a support public key algorithm
---

diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index 84de556734..7c36094f00 100644
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -445,6 +445,7 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
 
 	FIND_OBJECT(pkey);
 
+	pkey->pk_algorithm = GNUTLS_PK_UNKNOWN;
 	a[0].type = CKA_KEY_TYPE;
 	a[0].value = &key_type;
 	a[0].value_len = sizeof(key_type);
@@ -452,12 +453,13 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
 	if (pkcs11_get_attribute_value(pkey->sinfo.module, pkey->sinfo.pks, pkey->ref, a, 1)
 	    == CKR_OK) {
 		pkey->pk_algorithm = key_type_to_pk(key_type);
-		if (pkey->pk_algorithm == GNUTLS_PK_UNKNOWN) {
-			_gnutls_debug_log
-			    ("Cannot determine PKCS #11 key algorithm\n");
-			ret = GNUTLS_E_UNKNOWN_ALGORITHM;
-			goto cleanup;
-		}
+	}
+
+	if (pkey->pk_algorithm == GNUTLS_PK_UNKNOWN) {
+		_gnutls_debug_log
+		    ("Cannot determine PKCS #11 key algorithm\n");
+		ret = GNUTLS_E_UNKNOWN_ALGORITHM;
+		goto cleanup;
 	}
 
 	a[0].type = CKA_ALWAYS_AUTHENTICATE;