export ncr_key_clear(). And disallow key derivation from wrapping keys.

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2010-08-21 10:11:38 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2010-08-21 10:12:56 +0200
commit: 7b2f60fb851e7fe728ff80e5f9416b34ba47dde1 (patch)
tree: 07e9c00eb8a1fc1adf56d5602e670e0f908431ca /ncr-key.c
parent: 5543826bf1a2b550d8ce4fe116288178537ec902 (diff)
download: cryptodev-linux-7b2f60fb851e7fe728ff80e5f9416b34ba47dde1.tar.gz
cryptodev-linux-7b2f60fb851e7fe728ff80e5f9416b34ba47dde1.tar.xz
cryptodev-linux-7b2f60fb851e7fe728ff80e5f9416b34ba47dde1.zip
1 files changed, 9 insertions, 3 deletions
diff --git a/ncr-key.c b/ncr-key.c
index e34367e..4b9b26f 100644
--- a/ncr-key.c
+++ b/ncr-key.c
@@ -32,8 +32,6 @@
 #include "ncr.h"
 #include "ncr-int.h"
 
-static void ncr_key_clear(struct key_item_st* item);
-
 static int key_list_deinit_fn(int id, void *item, void *unused)
 {
 	(void)unused;
@@ -413,7 +411,7 @@ fail:
 	return ret;
 }
 
-static void ncr_key_clear(struct key_item_st* item)
+void ncr_key_clear(struct key_item_st* item)
 {
 	/* clears any previously allocated parameters */
 	if (item->type == NCR_KEY_TYPE_PRIVATE ||
@@ -715,6 +713,14 @@ struct key_item_st* newkey = NULL;
 		err();
 		return ret;
 	}
+	
+	/* wrapping keys cannot be used for anything except wrapping.
+	 */
+	if (key->flags & NCR_KEY_FLAG_WRAPPING) {
+		err();
+		ret = -EINVAL;
+		goto fail;
+	}
 
 	ret = ncr_key_item_get_write( &newkey, lst, data.newkey);
 	if (ret < 0) {
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2010-08-21 10:11:38 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2010-08-21 10:12:56 +0200
commit	7b2f60fb851e7fe728ff80e5f9416b34ba47dde1 (patch)
tree	07e9c00eb8a1fc1adf56d5602e670e0f908431ca /ncr-key.c
parent	5543826bf1a2b550d8ce4fe116288178537ec902 (diff)
download	cryptodev-linux-7b2f60fb851e7fe728ff80e5f9416b34ba47dde1.tar.gz cryptodev-linux-7b2f60fb851e7fe728ff80e5f9416b34ba47dde1.tar.xz cryptodev-linux-7b2f60fb851e7fe728ff80e5f9416b34ba47dde1.zip