From d928958b5b9ec0c2d3ce5e97ea5d1f000125ba7b Mon Sep 17 00:00:00 2001 From: Andy Zhao Date: Mon, 23 Oct 2023 16:12:45 -0700 Subject: [PATCH] fix: Remove assertion for private key decryption support during pkcs11 init (#109) --- internal/signer/linux/pkcs11/pkcs11.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/signer/linux/pkcs11/pkcs11.go b/internal/signer/linux/pkcs11/pkcs11.go index 3ff2fea..2544501 100644 --- a/internal/signer/linux/pkcs11/pkcs11.go +++ b/internal/signer/linux/pkcs11/pkcs11.go @@ -109,10 +109,7 @@ func Cred(pkcs11Module string, slotUint32Str string, label string, userPin strin if !ok { return nil, errors.New("PrivateKey does not implement crypto.Signer") } - kdecrypter, ok := privKey.(crypto.Decrypter) - if !ok { - return nil, errors.New("PrivateKey does not implement crypto.Decrypter") - } + kdecrypter, _ := privKey.(crypto.Decrypter) defaultHash := crypto.SHA256 return &Key{ slot: kslot, @@ -188,6 +185,9 @@ func (k *Key) Decrypt(msg []byte, opts crypto.DecrypterOpts) ([]byte, error) { } else { return nil, fmt.Errorf("Unsupported DecrypterOpts: %v", opts) } + if k.decrypter == nil { + return nil, fmt.Errorf("decrypt error: Decrypter is nil") + } publicKey := k.Public() _, ok := publicKey.(*rsa.PublicKey) if ok {