pkcs11: mark private key objects as sensitive by defaulttmp-pkcs11-sensitive-fix

That is, to prevent accidentally creating objects which can be exported. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-04-28 11:14:34 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-05-03 09:19:57 +0200
commit: 333864750739df33020a8b48563051565100ba04 (patch)
tree: ed098d666d10feb1dab6ffa483da49bb70d3940f /lib/pkcs11.c
parent: 0ce2a9b327c39a6ef98f411fed5da207091af813 (diff)
download: gnutls-333864750739df33020a8b48563051565100ba04.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index e4d14f9f4b..395a7e59aa 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -1922,8 +1922,12 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class,
 	a[0].value_len = sizeof(b);
 
 	rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1);
-	if (rv == CKR_OK && b != 0)
-		pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE;
+	if (rv == CKR_OK) {
+		if (b != 0)
+			pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE;
+		else
+			pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE;
+	}
 
 	a[0].type = CKA_EXTRACTABLE;
 	a[0].value = &b;
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-04-28 11:14:34 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-05-03 09:19:57 +0200
commit	333864750739df33020a8b48563051565100ba04 (patch)
tree	ed098d666d10feb1dab6ffa483da49bb70d3940f /lib/pkcs11.c
parent	0ce2a9b327c39a6ef98f411fed5da207091af813 (diff)
download	gnutls-333864750739df33020a8b48563051565100ba04.tar.gz