diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-04-28 11:14:34 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-05-03 09:19:57 +0200 |
commit | 333864750739df33020a8b48563051565100ba04 (patch) | |
tree | ed098d666d10feb1dab6ffa483da49bb70d3940f /lib/pkcs11.c | |
parent | 0ce2a9b327c39a6ef98f411fed5da207091af813 (diff) | |
download | gnutls-333864750739df33020a8b48563051565100ba04.tar.gz |
pkcs11: mark private key objects as sensitive by defaulttmp-pkcs11-sensitive-fix
That is, to prevent accidentally creating objects which can
be exported.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'lib/pkcs11.c')
-rw-r--r-- | lib/pkcs11.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/pkcs11.c b/lib/pkcs11.c index e4d14f9f4b..395a7e59aa 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -1922,8 +1922,12 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class, a[0].value_len = sizeof(b); rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1); - if (rv == CKR_OK && b != 0) - pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE; + if (rv == CKR_OK) { + if (b != 0) + pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE; + else + pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE; + } a[0].type = CKA_EXTRACTABLE; a[0].value = &b; |