C_DestroyObject fails with CKR_ACTION_PROHIBITED when trying to delete key pair

[tougantium]

After generating a key pair with C_GenerateKeyPair a call to C_DestroyObject fails with CKR_ACTION_PROHIBITED. The reason seems to be the check if PKCS11_OBJECT_FLAG_DESTROYABLE is set in the pkcs11_object_destroy function (which obviously is not the case). The flag is set when the key pair is created in the pkcs11_config_key function, but seems to be overridden later with pObject->flags = PKCS11_OBJECT_FLAG_KEY_CACHE; in the pkcs11_config_init_private function - this change was introduced with v3.7.3 of cryptoauthlib.

Changing the above line to pObject->flags |= PKCS11_OBJECT_FLAG_KEY_CACHE; only partially fixes the problem. The 0.2.conf file is deleted from the filesystem, but in an internal cache of cryptoauthlib the key pair still seems to be there - at least I can still load the key after deleting it (if still in the same running process) and don't get an error.

[Srinivas-E]

Hi @tougantium , Thank you for reporting this issue. We shall work on this in our upcoming releases and keep the thread updated with progress.