From 1f30d575e5b413e522d6b3e95d3e348df9e9c69e Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Thu, 26 Aug 2010 16:08:47 +0200
Subject: Unwrapping keys are restricted the same way as wrapping keys.

---
 ncr-key.c      | 2 +-
 ncr-sessions.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ncr-key.c b/ncr-key.c
index f9fdcf4..295a58e 100644
--- a/ncr-key.c
+++ b/ncr-key.c
@@ -723,7 +723,7 @@ struct key_item_st* newkey = NULL;
 	
 	/* wrapping keys cannot be used for anything except wrapping.
 	 */
-	if (key->flags & NCR_KEY_FLAG_WRAPPING) {
+	if (key->flags & NCR_KEY_FLAG_WRAPPING || key->flags & NCR_KEY_FLAG_UNWRAPPING) {
 		err();
 		ret = -EINVAL;
 		goto fail;
diff --git a/ncr-sessions.c b/ncr-sessions.c
index 0a48b23..e0f8b7b 100644
--- a/ncr-sessions.c
+++ b/ncr-sessions.c
@@ -253,7 +253,7 @@ static int _ncr_session_init(struct ncr_lists* lists, struct ncr_session_st* ses
 			
 			/* wrapping keys cannot be used for encryption or decryption
 			 */
-			if (ns->key->flags & NCR_KEY_FLAG_WRAPPING) {
+			if (ns->key->flags & NCR_KEY_FLAG_WRAPPING || ns->key->flags & NCR_KEY_FLAG_UNWRAPPING) {
 				err();
 				ret = -EINVAL;
 				goto fail;
@@ -331,7 +331,7 @@ static int _ncr_session_init(struct ncr_lists* lists, struct ncr_session_st* ses
 
 				/* wrapping keys cannot be used for anything except wrapping.
 				 */
-				if (ns->key->flags & NCR_KEY_FLAG_WRAPPING) {
+				if (ns->key->flags & NCR_KEY_FLAG_WRAPPING || ns->key->flags & NCR_KEY_FLAG_UNWRAPPING) {
 					err();
 					ret = -EINVAL;
 					goto fail;
-- 
cgit