summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ta/pkcs11/src/object.c18
1 files changed, 18 insertions, 0 deletions
diff --git a/ta/pkcs11/src/object.c b/ta/pkcs11/src/object.c
index a9881260..137eeba0 100644
--- a/ta/pkcs11/src/object.c
+++ b/ta/pkcs11/src/object.c
@@ -402,6 +402,24 @@ enum pkcs11_rc entry_destroy_object(struct pkcs11_client *client,
if (!object)
return PKCS11_CKR_OBJECT_HANDLE_INVALID;
+ /* Only session objects can be destroyed during a read-only session */
+ if (get_bool(object->attributes, PKCS11_CKA_TOKEN) &&
+ !pkcs11_session_is_read_write(session)) {
+ DMSG("Can't destroy persistent object");
+ return PKCS11_CKR_SESSION_READ_ONLY;
+ }
+
+ /*
+ * Only public objects can be destroyed unless normal user is logged in
+ */
+ rc = check_access_attrs_against_token(session, object->attributes);
+ if (rc)
+ return PKCS11_CKR_USER_NOT_LOGGED_IN;
+
+ /* Objects with PKCS11_CKA_DESTROYABLE as false aren't destroyable */
+ if (!get_bool(object->attributes, PKCS11_CKA_DESTROYABLE))
+ return PKCS11_CKR_ACTION_PROHIBITED;
+
destroy_object(session, object, false);
DMSG("PKCS11 session %"PRIu32": destroy object %#"PRIx32,
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-12 11:36:57 +0000