export ncr_key_clear(). And disallow key derivation from wrapping keys.

2 files changed, 11 insertions, 3 deletions

diff --git a/ncr-int.h b/ncr-int.h
index df53ce3..9f7ee0d 100644
--- a/ncr-int.h
+++ b/ncr-int.h
@@ -110,6 +110,8 @@ int ncr_ioctl(struct ncr_lists*, struct file *filp,
 /* key derivation */
 int ncr_key_derive(struct ncr_lists *lst, void __user* arg);
 
+void ncr_key_clear(struct key_item_st* item);
+
 /* key handling */
 int ncr_key_init(struct ncr_lists *lst, void __user* arg);
 int ncr_key_deinit(struct ncr_lists *lst, void __user* arg);
diff --git a/ncr-key.c b/ncr-key.c
index e34367e..4b9b26f 100644
--- a/ncr-key.c
+++ b/ncr-key.c
@@ -32,8 +32,6 @@
 #include "ncr.h"
 #include "ncr-int.h"
 
-static void ncr_key_clear(struct key_item_st* item);
-
 static int key_list_deinit_fn(int id, void *item, void *unused)
 {
 	(void)unused;
@@ -413,7 +411,7 @@ fail:
 	return ret;
 }
 
-static void ncr_key_clear(struct key_item_st* item)
+void ncr_key_clear(struct key_item_st* item)
 {
 	/* clears any previously allocated parameters */
 	if (item->type == NCR_KEY_TYPE_PRIVATE ||
@@ -715,6 +713,14 @@ struct key_item_st* newkey = NULL;
 		err();
 		return ret;
 	}
+	
+	/* wrapping keys cannot be used for anything except wrapping.
+	 */
+	if (key->flags & NCR_KEY_FLAG_WRAPPING) {
+		err();
+		ret = -EINVAL;
+		goto fail;
+	}
 
 	ret = ncr_key_item_get_write( &newkey, lst, data.newkey);
 	if (ret < 0) {