[xmlsec] check the key usage/type in the key match function (attempt to fix bug #728213)
- From: Aleksey Sanin <aleksey src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [xmlsec] check the key usage/type in the key match function (attempt to fix bug #728213)
- Date: Wed, 21 May 2014 02:41:16 +0000 (UTC)
commit 1a801f8539b86cdcb6257b24b3f1df0b04800ae0
Author: Aleksey Sanin <aleksey aleksey com>
Date: Tue May 20 19:41:06 2014 -0700
check the key usage/type in the key match function (attempt to fix bug #728213)
src/keys.c | 27 +++++++++++++++++++++++++++
1 files changed, 27 insertions(+), 0 deletions(-)
---
diff --git a/src/keys.c b/src/keys.c
index 1d2f733..47fa28e 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -456,6 +456,7 @@ xmlSecKeyReqMatchKey(xmlSecKeyReqPtr keyReq, xmlSecKeyPtr key) {
*/
int
xmlSecKeyReqMatchKeyValue(xmlSecKeyReqPtr keyReq, xmlSecKeyDataPtr value) {
+ xmlSecKeyDataType type;
xmlSecAssert2(keyReq != NULL, -1);
xmlSecAssert2(value != NULL, -1);
@@ -470,6 +471,32 @@ xmlSecKeyReqMatchKeyValue(xmlSecKeyReqPtr keyReq, xmlSecKeyDataPtr value) {
return(0);
}
+
+ /* Check Key Type against intended usage */
+ type = xmlSecKeyDataGetType(value);
+ if(type != xmlSecKeyDataTypeUnknown) {
+ if((keyReq->keyUsage & xmlSecKeyUsageSign) != 0) {
+ if((type & (xmlSecKeyDataTypePrivate | xmlSecKeyDataTypeSymmetric)) == 0) {
+ return (0);
+ }
+ }
+ if((keyReq->keyUsage & xmlSecKeyUsageVerify) != 0) {
+ if((type & (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate |
xmlSecKeyDataTypeSymmetric)) == 0) {
+ return (0);
+ }
+ }
+ if((keyReq->keyUsage & xmlSecKeyUsageEncrypt) != 0) {
+ if((type & (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate |
xmlSecKeyDataTypeSymmetric)) == 0) {
+ return (0);
+ }
+ }
+ if((keyReq->keyUsage & xmlSecKeyUsageDecrypt) != 0) {
+ if((type & (xmlSecKeyDataTypePrivate | xmlSecKeyDataTypeSymmetric)) == 0) {
+ return (0);
+ }
+ }
+ }
+
return(1);
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]