diff options
| author | Andy Zhao <andyzhao@google.com> | 2023-10-23 16:12:45 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-10-23 16:12:45 -0700 |
| commit | d928958b5b9ec0c2d3ce5e97ea5d1f000125ba7b (patch) | |
| tree | 1f0b446d00c5a53117145f2666a89e06c74ea543 | |
| parent | 5192b8e9cff794f454726945ed9aa0a1ada7b778 (diff) | |
| download | googleapis-enterprise-certificate-proxy-d928958b5b9ec0c2d3ce5e97ea5d1f000125ba7b.tar.gz | |
fix: Remove assertion for private key decryption support during pkcs11 init (#109)upstream/v0.3.2
| -rw-r--r-- | internal/signer/linux/pkcs11/pkcs11.go | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/internal/signer/linux/pkcs11/pkcs11.go b/internal/signer/linux/pkcs11/pkcs11.go index 3ff2fea..2544501 100644 --- a/internal/signer/linux/pkcs11/pkcs11.go +++ b/internal/signer/linux/pkcs11/pkcs11.go @@ -109,10 +109,7 @@ func Cred(pkcs11Module string, slotUint32Str string, label string, userPin strin if !ok { return nil, errors.New("PrivateKey does not implement crypto.Signer") } - kdecrypter, ok := privKey.(crypto.Decrypter) - if !ok { - return nil, errors.New("PrivateKey does not implement crypto.Decrypter") - } + kdecrypter, _ := privKey.(crypto.Decrypter) defaultHash := crypto.SHA256 return &Key{ slot: kslot, @@ -188,6 +185,9 @@ func (k *Key) Decrypt(msg []byte, opts crypto.DecrypterOpts) ([]byte, error) { } else { return nil, fmt.Errorf("Unsupported DecrypterOpts: %v", opts) } + if k.decrypter == nil { + return nil, fmt.Errorf("decrypt error: Decrypter is nil") + } publicKey := k.Public() _, ok := publicKey.(*rsa.PublicKey) if ok { |