pkcs11: mark private key objects as sensitive by defaulttmp-pkcs11-sensitive-fix

That is, to prevent accidentally creating objects which can be exported. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-04-28 11:14:34 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-05-03 09:19:57 +0200
commit: 333864750739df33020a8b48563051565100ba04 (patch)
tree: ed098d666d10feb1dab6ffa483da49bb70d3940f /NEWS
parent: 0ce2a9b327c39a6ef98f411fed5da207091af813 (diff)
download: gnutls-333864750739df33020a8b48563051565100ba04.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 361df5b64e..4858dab6aa 100644
--- a/NEWS
+++ b/NEWS
@@ -40,6 +40,11 @@ See the end for copying conditions.
    as TLS1.2 requires specific ordering of the groups based on the ciphersuite ordering,
    making group order unpredictable under TLS1.3.
 
+** libgnutls: gnutls_pkcs11_copy_secret_key, gnutls_pkcs11_copy_x509_privkey2,
+   gnutls_pkcs11_privkey_generate3 will mark objects as sensitive by default
+   unless GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE is specified. This is an API
+   change for these functions which make them err towards safety.
+
 ** API and ABI modifications:
 gnutls_fips140_set_mode: Added
 gnutls_session_key_update: Added
@@ -56,6 +61,7 @@ gnutls_certificate_get_ocsp_expiration: Added
 gnutls_record_send2: Added
 gnutls_ext_raw_parse: Added
 GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS: Added
+GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE: Added
 
 
 * Version 3.6.2 (released 2018-02-16)
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-04-28 11:14:34 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-05-03 09:19:57 +0200
commit	333864750739df33020a8b48563051565100ba04 (patch)
tree	ed098d666d10feb1dab6ffa483da49bb70d3940f /NEWS
parent	0ce2a9b327c39a6ef98f411fed5da207091af813 (diff)
download	gnutls-333864750739df33020a8b48563051565100ba04.tar.gz