PKCS11: fails with CKR_ATTRIBUTE_READ_ONLY in unwrap_key function
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Barbican |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Setting the attribute CKA_EXTRACTABLE manually for key unwrapping results in
CKR_ATTRIBUTE_
is already set by PKCS#11 automatically, as specified in the PKCS11 standard.
"The CKA_EXTRACTABLE attribute is by default set to CK_TRUE." [1]
Tested with openCryptoki v3.4.1 ICA token, but should be a general issue since the Barbican PKCS#11 plugin does not follow the PKCS11 v2.40 standard.
How to reproduce:
- Start Barbican
- Store a secret
Appears after fix for wrong GCM header has been applied [2].
Otherwise we do not even get this far.
[1] http://
p. 132 - Section 5.13
[2 ]https:/
summary: |
- PKCS11: Use correct attributes for key unwrapping + PKCS11: fails with CKR_ATTRIBUTE_READ_ONLY in unwrap_key function |
description: | updated |
description: | updated |
Fix proposed to branch: master /review. openstack. org/483388
Review: https:/