Skip to content

Commit

Permalink
Fix from CKK_GENERIC_SECRET keys
Browse files Browse the repository at this point in the history 
According to PKCS#11 version 2.30
(https://www.cryptsoft.com/pkcs11doc/v230/group__SEC__11__6__2__GENERIC__SECRET__KEY__OBJECTS.html)
CKK_GENERIC_SECRET keys are not supposed to support encryption or
decryption.

Fix #499
  • Loading branch information
@mtrojnar
mtrojnar committed Dec 23, 2024
1 parent 7300cb8 commit 4852910
Showing 1 changed file with 3 additions and 4 deletions.
7 changes: 3 additions & 4 deletions src/p11_ec.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -601,10 +601,9 @@ static int pkcs11_ecdh_derive(unsigned char **out, size_t *outlen,
{CKA_CLASS, &newkey_class, sizeof(newkey_class)},
{CKA_KEY_TYPE, &newkey_type, sizeof(newkey_type)},
{CKA_VALUE_LEN, &newkey_len, sizeof(newkey_len)},
{CKA_SENSITIVE, &_false, sizeof(_false) },
{CKA_EXTRACTABLE, &_true, sizeof(_true) },
{CKA_ENCRYPT, &_true, sizeof(_true)},
{CKA_DECRYPT, &_true, sizeof(_true)}
{CKA_SENSITIVE, &_false, sizeof(_false)},
{CKA_EXTRACTABLE, &_true, sizeof(_true)},
{CKA_DERIVE, &_true, sizeof(_true)},
};

memset(&mechanism, 0, sizeof(mechanism));
Expand Down

0 comments on commit 4852910

Please sign in to comment.