From: Nikos Mavrogiannopoulos Date: Tue, 1 Jul 2014 13:17:38 +0000 (+0200) Subject: gnutls_pkcs11_privkey_generate2(): corrected public key extraction (for ECDSA keys) X-Git-Tag: gnutls_3_3_6~87 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9920da566c0a1ba97a5322b824019c6de00a0d52;p=thirdparty%2Fgnutls.git gnutls_pkcs11_privkey_generate2(): corrected public key extraction (for ECDSA keys) --- diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 38630839b6..c4b84cde92 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -1393,6 +1393,7 @@ int pkcs11_read_pubkey(struct ck_function_list *module, break; default: + _gnutls_debug_log("requested reading public key of unsupported type %u\n", (unsigned)key_type); ret = gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); goto cleanup; } diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h index f94473e26c..478b63627e 100644 --- a/lib/pkcs11_int.h +++ b/lib/pkcs11_int.h @@ -162,14 +162,18 @@ static inline gnutls_pk_algorithm_t mech_to_pk(ck_key_type_t m) return GNUTLS_PK_UNKNOWN; } -static inline int pk_to_genmech(gnutls_pk_algorithm_t pk) +static inline int pk_to_genmech(gnutls_pk_algorithm_t pk, ck_key_type_t *type) { - if (pk == GNUTLS_PK_DSA) + if (pk == GNUTLS_PK_DSA) { + *type = CKK_DSA; return CKM_DSA_KEY_PAIR_GEN; - else if (pk == GNUTLS_PK_EC) + } else if (pk == GNUTLS_PK_EC) { + *type = CKK_ECDSA; return CKM_ECDSA_KEY_PAIR_GEN; - else + } else { + *type = CKK_RSA; return CKM_RSA_PKCS_KEY_PAIR_GEN; + } } ck_rv_t diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index 1a3ee22c6a..fcdae3551a 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -621,6 +621,7 @@ gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk, struct ck_mechanism mech; gnutls_pubkey_t pkey = NULL; gnutls_pkcs11_obj_t obj = NULL; + ck_key_type_t key_type; PKCS11_CHECK_INIT; @@ -648,7 +649,7 @@ gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk, a_val = p_val = 0; mech.parameter = NULL; mech.parameter_len = 0; - mech.mechanism = pk_to_genmech(pk); + mech.mechanism = pk_to_genmech(pk, &key_type); switch (pk) { case GNUTLS_PK_RSA: @@ -785,7 +786,7 @@ gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk, obj->type = GNUTLS_PKCS11_OBJ_PUBKEY; ret = pkcs11_read_pubkey(sinfo.module, sinfo.pks, pub, - mech.mechanism, obj->pubkey); + key_type, obj->pubkey); if (ret < 0) { gnutls_assert(); goto cleanup;