@@ -513,12 +513,12 @@ const pkcs11_attrib_model pkcs11_key_private_attributes[] = {
513513 { CKA_SIGN_RECOVER , NULL_PTR },
514514 /** CK_TRUE if key supports unwrapping (i.e., can be used to unwrap other keys)9 */
515515 { CKA_UNWRAP , NULL_PTR },
516- /** CK_TRUE if key is extractable and can be wrapped 9 */
517- { CKA_EXTRACTABLE , NULL_PTR },
516+ /** CK_TRUE if key is extractable and can be wrapped */
517+ { CKA_EXTRACTABLE , pkcs11_attrib_false },
518518 /** CK_TRUE if key has always had the CKA_SENSITIVE attribute set to CK_TRUE */
519519 { CKA_ALWAYS_SENSITIVE , pkcs11_token_get_access_type },
520520 /** CK_TRUE if key has never had the CKA_EXTRACTABLE attribute set to CK_TRUE */
521- { CKA_NEVER_EXTRACTABLE , NULL_PTR },
521+ { CKA_NEVER_EXTRACTABLE , pkcs11_token_get_access_type },
522522 /** CK_TRUE if the key can only be wrapped with a wrapping key that has CKA_TRUSTED set to CK_TRUE. Default is CK_FALSE. */
523523 { CKA_WRAP_WITH_TRUSTED , NULL_PTR },
524524 /** For wrapping keys. The attribute template to match against any keys
@@ -639,11 +639,11 @@ const pkcs11_attrib_model pkcs11_key_secret_attributes[] = {
639639 /** CK_TRUE if key supports unwrapping (i.e., can be used to unwrap other keys) */
640640 { CKA_UNWRAP , NULL_PTR },
641641 /** CK_TRUE if key is extractable and can be wrapped */
642- { CKA_EXTRACTABLE , NULL_PTR },
642+ { CKA_EXTRACTABLE , pkcs11_attrib_false },
643643 /** CK_TRUE if key has always had the CKA_SENSITIVE attribute set to CK_TRUE */
644644 { CKA_ALWAYS_SENSITIVE , pkcs11_token_get_access_type },
645645 /** CK_TRUE if key has never had the CKA_EXTRACTABLE attribute set to CK_TRUE */
646- { CKA_NEVER_EXTRACTABLE , NULL_PTR },
646+ { CKA_NEVER_EXTRACTABLE , pkcs11_token_get_access_type },
647647 /** Key checksum */
648648 { CKA_CHECK_VALUE , pkcs11_key_get_check_value },
649649 /** CK_TRUE if the key can only be wrapped with a wrapping key that has CKA_TRUSTED set to CK_TRUE. Default is CK_FALSE. */
0 commit comments