From 4852910824bfc8cfa6b2c7c68590e095bd7153ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Trojnara?= <Michal.Trojnara@stunnel.org>
Date: Mon, 23 Dec 2024 17:39:52 +0100
Subject: [PATCH] Fix from CKK_GENERIC_SECRET keys

According to PKCS#11 version 2.30
(https://www.cryptsoft.com/pkcs11doc/v230/group__SEC__11__6__2__GENERIC__SECRET__KEY__OBJECTS.html)
CKK_GENERIC_SECRET keys are not supposed to support encryption or
decryption.

Fix #499
---
 src/p11_ec.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/p11_ec.c b/src/p11_ec.c
index 88a4cbdf..89cf200d 100644
--- a/src/p11_ec.c
+++ b/src/p11_ec.c
@@ -601,10 +601,9 @@ static int pkcs11_ecdh_derive(unsigned char **out, size_t *outlen,
 		{CKA_CLASS, &newkey_class, sizeof(newkey_class)},
 		{CKA_KEY_TYPE, &newkey_type, sizeof(newkey_type)},
 		{CKA_VALUE_LEN, &newkey_len, sizeof(newkey_len)},
-		{CKA_SENSITIVE, &_false, sizeof(_false) },
-		{CKA_EXTRACTABLE, &_true, sizeof(_true) },
-		{CKA_ENCRYPT, &_true, sizeof(_true)},
-		{CKA_DECRYPT, &_true, sizeof(_true)}
+		{CKA_SENSITIVE, &_false, sizeof(_false)},
+		{CKA_EXTRACTABLE, &_true, sizeof(_true)},
+		{CKA_DERIVE, &_true, sizeof(_true)},
 	};
 
 	memset(&mechanism, 0, sizeof(mechanism));