diff options
author | Ruchika Gupta <ruchika.gupta@linaro.org> | 2020-12-29 13:09:19 +0530 |
---|---|---|
committer | Jérôme Forissier <jerome@forissier.org> | 2021-01-04 15:21:16 +0100 |
commit | fab914923b94fccbb1e77538a355a8cdcad6b9a4 (patch) | |
tree | 4b1a4bc5fe304de05de2c7811af09c8c033dc98c /ta/pkcs11/Makefile | |
parent | 08774c86eb563be7b69aab2aa38d3ef6f9de3eb5 (diff) |
ta: pkcs11: Add more checks before destroying object in a session
Few checks were missing in the implementaion of C_DestroyObject()
as per PKCS#11 Specification. These have been added now.
These checks are
- only session objects can be destroyed during a read only session
- only public objects can be destroyed unless the normal user is
logged in
- Certain objects may not be destroyed. Calling C_DestroyObject on
such objects will result in the CKR_ACTION_PROHIBITED error code.
An application can consult the object's CKA_DESTROYABLE
attribute to determine if an object may be destroyed or not.
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Diffstat (limited to 'ta/pkcs11/Makefile')
0 files changed, 0 insertions, 0 deletions