From 7b2f60fb851e7fe728ff80e5f9416b34ba47dde1 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sat, 21 Aug 2010 10:11:38 +0200
Subject: export ncr_key_clear(). And disallow key derivation from wrapping
 keys.

---
 ncr-key.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'ncr-key.c')

diff --git a/ncr-key.c b/ncr-key.c
index e34367e..4b9b26f 100644
--- a/ncr-key.c
+++ b/ncr-key.c
@@ -32,8 +32,6 @@
 #include "ncr.h"
 #include "ncr-int.h"
 
-static void ncr_key_clear(struct key_item_st* item);
-
 static int key_list_deinit_fn(int id, void *item, void *unused)
 {
 	(void)unused;
@@ -413,7 +411,7 @@ fail:
 	return ret;
 }
 
-static void ncr_key_clear(struct key_item_st* item)
+void ncr_key_clear(struct key_item_st* item)
 {
 	/* clears any previously allocated parameters */
 	if (item->type == NCR_KEY_TYPE_PRIVATE ||
@@ -715,6 +713,14 @@ struct key_item_st* newkey = NULL;
 		err();
 		return ret;
 	}
+	
+	/* wrapping keys cannot be used for anything except wrapping.
+	 */
+	if (key->flags & NCR_KEY_FLAG_WRAPPING) {
+		err();
+		ret = -EINVAL;
+		goto fail;
+	}
 
 	ret = ncr_key_item_get_write( &newkey, lst, data.newkey);
 	if (ret < 0) {
-- 
cgit