From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 26 Mar 2015 15:21:28 +0000 (+0100)
Subject: pkcs11: set the CKA_SIGN and CKA_DECRYPT flags when writing a private key
X-Git-Tag: gnutls_3_4_0~114
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ee205a8f1db490bad7b568c7fe5a963201bcda5e;p=thirdparty%2Fgnutls.git

pkcs11: set the CKA_SIGN and CKA_DECRYPT flags when writing a private key
---

diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index 55fc6e5259..f28f0cefe8 100644
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -394,6 +394,8 @@ gnutls_pkcs11_copy_x509_privkey(const char *token_url,
 		return ret;
 	}
 
+	pk = gnutls_x509_privkey_get_pk_algorithm(key);
+
 	/* FIXME: copy key usage flags */
 	a_val = 0;
 	a[a_val].type = CKA_CLASS;
@@ -406,6 +408,18 @@ gnutls_pkcs11_copy_x509_privkey(const char *token_url,
 	a[a_val].value_len = id_size;
 	a_val++;
 
+	a[a_val].type = CKA_SIGN;
+	a[a_val].value = (void*)&tval;
+	a[a_val].value_len = sizeof(tval);
+	a_val++;
+
+	if (pk == GNUTLS_PK_RSA) {
+		a[a_val].type = CKA_DECRYPT;
+		a[a_val].value = (void*)&tval;
+		a[a_val].value_len = sizeof(tval);
+		a_val++;
+	}
+
 	a[a_val].type = CKA_KEY_TYPE;
 	a[a_val].value = &type;
 	a[a_val].value_len = sizeof(type);
@@ -469,7 +483,6 @@ gnutls_pkcs11_copy_x509_privkey(const char *token_url,
 		a_val++;
 	}
 
-	pk = gnutls_x509_privkey_get_pk_algorithm(key);
 	switch (pk) {
 	case GNUTLS_PK_RSA:
 		{