summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/pk11wrap
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/pk11wrap')
-rw-r--r--security/nss/lib/pk11wrap/pk11akey.c18
-rw-r--r--security/nss/lib/pk11wrap/pk11pars.c8
2 files changed, 22 insertions, 4 deletions
diff --git a/security/nss/lib/pk11wrap/pk11akey.c b/security/nss/lib/pk11wrap/pk11akey.c
index c45901ec3..346e473a9 100644
--- a/security/nss/lib/pk11wrap/pk11akey.c
+++ b/security/nss/lib/pk11wrap/pk11akey.c
@@ -804,12 +804,30 @@ PK11_MakePrivKey(PK11SlotInfo *slot, KeyType keyType,
/* don't know? look it up */
if (keyType == nullKey) {
CK_KEY_TYPE pk11Type = CKK_RSA;
+ SECItem info;
pk11Type = PK11_ReadULongAttribute(slot, privID, CKA_KEY_TYPE);
isTemp = (PRBool)!PK11_HasAttributeSet(slot, privID, CKA_TOKEN, PR_FALSE);
switch (pk11Type) {
case CKK_RSA:
keyType = rsaKey;
+ /* determine RSA key type from the CKA_PUBLIC_KEY_INFO if present */
+ rv = PK11_ReadAttribute(slot, privID, CKA_PUBLIC_KEY_INFO, NULL, &info);
+ if (rv == SECSuccess) {
+ CERTSubjectPublicKeyInfo *spki;
+
+ spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&info);
+ if (spki) {
+ SECOidTag tag;
+
+ tag = SECOID_GetAlgorithmTag(&spki->algorithm);
+ if (tag == SEC_OID_PKCS1_RSA_PSS_SIGNATURE)
+ keyType = rsaPssKey;
+ SECKEY_DestroySubjectPublicKeyInfo(spki);
+ }
+ SECITEM_FreeItem(&info, PR_FALSE);
+ }
+
break;
case CKK_DSA:
keyType = dsaKey;
diff --git a/security/nss/lib/pk11wrap/pk11pars.c b/security/nss/lib/pk11wrap/pk11pars.c
index fc30222b3..c165e1ef2 100644
--- a/security/nss/lib/pk11wrap/pk11pars.c
+++ b/security/nss/lib/pk11wrap/pk11pars.c
@@ -547,16 +547,16 @@ secmod_applyCryptoPolicy(const char *policyString,
for (i = 0; i < PR_ARRAY_SIZE(algOptList); i++) {
const oidValDef *algOpt = &algOptList[i];
unsigned name_size = algOpt->name_size;
- PRBool newValue = PR_FALSE;
+ PRBool newOption = PR_FALSE;
if ((length >= name_size) && (cipher[name_size] == '/')) {
- newValue = PR_TRUE;
+ newOption = PR_TRUE;
}
- if ((newValue || algOpt->name_size == length) &&
+ if ((newOption || algOpt->name_size == length) &&
PORT_Strncasecmp(algOpt->name, cipher, name_size) == 0) {
PRUint32 value = algOpt->val;
PRUint32 enable, disable;
- if (newValue) {
+ if (newOption) {
value = secmod_parsePolicyValue(&cipher[name_size] + 1,
length - name_size - 1);
}