From cf617da4bda4d37ede78651662010d472c244ab0 Mon Sep 17 00:00:00 2001
From: alegon01 <alexandre.gonzalo@trustonic.com>
Date: Fri, 1 Feb 2019 11:37:47 +0100
Subject: [PATCH] Before calling encrypt_decrypt() make sure that the mechanism
 is for RSA and supports decryption, otherwise skip it.

---
 src/tools/pkcs11-tool.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
index 74416561..2f4497f3 100644
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@@ -5461,6 +5461,17 @@ static int test_decrypt(CK_SESSION_HANDLE sess)
 		printf("No OpenSSL support, unable to validate decryption\n");
 #else
 		for (n = 0; n < num_mechs; n++) {
+			switch (mechs[n]) {
+			case CKM_RSA_PKCS:
+			case CKM_RSA_PKCS_OAEP:
+			case CKM_RSA_X_509:
+			//case CKM_RSA_PKCS_TPM_1_1:
+			//case CKM_RSA_PKCS_OAEP_TPM_1_1:
+				break;
+			default:
+				printf(" -- mechanism can't be used to decrypt, skipping\n");
+				continue;
+			}
 
 			errors += encrypt_decrypt(sess, mechs[n], privKeyObject);
 		}