-
Type:
Bug
-
Status: Open
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: OpenDNSSEC 2.1
-
Fix Version/s: None
-
Component/s: PKCS#11 Interface, Signer
-
Labels:None
According to the PKCS11 specification 2.40 :
When an object is created or found on a token by an application, Cryptoki assigns it an object handle for that application's sessions to use to access it. A particular object on a token does not necessarily have a handle which is fixed for the lifetime of the object; however, if a particular session can use a particular handle to access a particular object, then that session will continue to be able to use that handle to access that object as long as the session continues to exist, the object continues to exist, and the object continues to be accessible to the session.
But currently the signer uses a different session from the one that searched and found the key.
`hsm_find_key_session` just searches for a session that is on the same module/token. This function should be looking for the same session that found the key handle.