diff options
Diffstat (limited to 'security/nss/lib/pk11wrap')
-rw-r--r-- | security/nss/lib/pk11wrap/pk11akey.c | 18 | ||||
-rw-r--r-- | security/nss/lib/pk11wrap/pk11pars.c | 8 |
2 files changed, 22 insertions, 4 deletions
diff --git a/security/nss/lib/pk11wrap/pk11akey.c b/security/nss/lib/pk11wrap/pk11akey.c index c45901ec3..346e473a9 100644 --- a/security/nss/lib/pk11wrap/pk11akey.c +++ b/security/nss/lib/pk11wrap/pk11akey.c @@ -804,12 +804,30 @@ PK11_MakePrivKey(PK11SlotInfo *slot, KeyType keyType, /* don't know? look it up */ if (keyType == nullKey) { CK_KEY_TYPE pk11Type = CKK_RSA; + SECItem info; pk11Type = PK11_ReadULongAttribute(slot, privID, CKA_KEY_TYPE); isTemp = (PRBool)!PK11_HasAttributeSet(slot, privID, CKA_TOKEN, PR_FALSE); switch (pk11Type) { case CKK_RSA: keyType = rsaKey; + /* determine RSA key type from the CKA_PUBLIC_KEY_INFO if present */ + rv = PK11_ReadAttribute(slot, privID, CKA_PUBLIC_KEY_INFO, NULL, &info); + if (rv == SECSuccess) { + CERTSubjectPublicKeyInfo *spki; + + spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&info); + if (spki) { + SECOidTag tag; + + tag = SECOID_GetAlgorithmTag(&spki->algorithm); + if (tag == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) + keyType = rsaPssKey; + SECKEY_DestroySubjectPublicKeyInfo(spki); + } + SECITEM_FreeItem(&info, PR_FALSE); + } + break; case CKK_DSA: keyType = dsaKey; diff --git a/security/nss/lib/pk11wrap/pk11pars.c b/security/nss/lib/pk11wrap/pk11pars.c index fc30222b3..c165e1ef2 100644 --- a/security/nss/lib/pk11wrap/pk11pars.c +++ b/security/nss/lib/pk11wrap/pk11pars.c @@ -547,16 +547,16 @@ secmod_applyCryptoPolicy(const char *policyString, for (i = 0; i < PR_ARRAY_SIZE(algOptList); i++) { const oidValDef *algOpt = &algOptList[i]; unsigned name_size = algOpt->name_size; - PRBool newValue = PR_FALSE; + PRBool newOption = PR_FALSE; if ((length >= name_size) && (cipher[name_size] == '/')) { - newValue = PR_TRUE; + newOption = PR_TRUE; } - if ((newValue || algOpt->name_size == length) && + if ((newOption || algOpt->name_size == length) && PORT_Strncasecmp(algOpt->name, cipher, name_size) == 0) { PRUint32 value = algOpt->val; PRUint32 enable, disable; - if (newValue) { + if (newOption) { value = secmod_parsePolicyValue(&cipher[name_size] + 1, length - name_size - 1); } |