Searched hist:fab914923b94fccbb1e77538a355a8cdcad6b9a4 (Results 1 – 1 of 1) sorted by relevance
| /optee_os/ta/pkcs11/src/ |
| H A D | object.c | fab914923b94fccbb1e77538a355a8cdcad6b9a4 Tue Dec 29 07:39:19 UTC 2020 Ruchika Gupta <ruchika.gupta@linaro.org> ta: pkcs11: Add more checks before destroying object in a session
Few checks were missing in the implementaion of C_DestroyObject()
as per PKCS#11 Specification. These have been added now.
These checks are
- only session objects can be destroyed during a read only session
- only public objects can be destroyed unless the normal user is
logged in
- Certain objects may not be destroyed. Calling C_DestroyObject on
such objects will result in the CKR_ACTION_PROHIBITED error code.
An application can consult the object's CKA_DESTROYABLE
attribute to determine if an object may be destroyed or not.
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|