[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] Re: Proposal: New CKA_DESTROYABLE attribute
On 12.06.2013 18:52, Michael StJohns wrote: > On 6/12/2013 4:01 AM, Stef Walter wrote: >> On 28.05.2013 11:13, Stef Walter wrote: >>> This defines a new boolean attribute CKA_DESTROYABLE. Currently it is >>> ambiguous whether CKA_MODIFIABLE objects are destroyable with >>> C_DestroyObject. >> <snip> >> >>> | o CKR_NOT_DESTROYABLE: An attempt was made to destroy an object >>> | which is may not be destroyed. >> Related to this. It does not seem that there is a clear CKR_xxx error >> code for when C_SetAttributeValue is called on an object with >> CKA_MODIFIABLE = CK_FALSE. > > Wouldn't you return CKR_ATTRIBUTE_READ_ONLY in this case? Yes, perhaps. It is a misleading error code though. There is a semantic difference between an object that is not modifiable, and attributes that are read-only on an object. Even if we don't change this, we should document CKR_ATTRIBUTE_READ_ONLY as the error code to return in the case of CKA_MODIFIABLE = CK_FALSE. Currently it's left as an exercise to the reader. Cheers, Stef
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]