Merge pull request #597 from LinuxJedi/wolfpkcs11-2.0

dgarske · web-flow · commit be15345d0765 · 2025-10-02T07:58:08.000-07:00
wolfPKCS 2.0 support
diff --git a/lib/wolfPKCS11 b/lib/wolfPKCS11
@@ -1 +1 @@
-Subproject commit ddeb8877d088796edc187e254068755628349d8e
+Subproject commit d8d3e2d2b6e9e13309f826b87c8275a81a17ea72
diff --git a/src/pkcs11_store.c b/src/pkcs11_store.c
@@ -530,4 +530,17 @@ int wolfPKCS11_Store_Write(void* store, unsigned char* buffer, int len)
     return len;
 }
 
+int wolfPKCS11_Store_Remove(int type, CK_ULONG id1, CK_ULONG id2)
+{
+    uint8_t* buf;
+
+    check_vault();
+    buf = find_object_buffer((int32_t)type, (uint32_t)id1, (uint32_t)id2);
+    if (buf == NULL)
+        return NOT_AVAILABLE_E;
+
+    delete_object((int32_t)type, (uint32_t)id1, (uint32_t)id2);
+    return 0;
+}
+
 #endif /* SECURE_PKCS11 */
diff --git a/tools/unit-tests/unit-pkcs11_store.c b/tools/unit-tests/unit-pkcs11_store.c
@@ -55,6 +55,7 @@
 
 #include "user_settings.h"
 #include "wolfssl/wolfcrypt/sha.h"
+#include "wolfssl/wolfcrypt/error-crypt.h"
 #include "wolfboot/wolfboot.h"
 #include "wolfpkcs11/pkcs11.h"
 #include "hal.h"
@@ -264,6 +265,18 @@ START_TEST (test_store_and_load_objs) {
     ck_assert(ret == strlen(short_string) + 1);
     ck_assert(strcmp(short_string, secret_rd) == 0);
     wolfPKCS11_Store_Close(store);
+
+    /* Remove the object and confirm it is no longer addressable */
+    ret = wolfPKCS11_Store_Remove(type, id_tok, id_obj);
+    ck_assert_msg(ret == 0, "Failed to delete vault: %d", ret);
+
+    readonly = 1;
+    ret = wolfPKCS11_Store_Open(type, id_tok, id_obj, readonly, &store);
+    ck_assert_int_eq(ret, NOT_AVAILABLE_E);
+
+    /* Second removal attempt should report the object is already gone */
+    ret = wolfPKCS11_Store_Remove(type, id_tok, id_obj);
+    ck_assert_int_eq(ret, NOT_AVAILABLE_E);
 }
 END_TEST
 
