mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 15:00:49 +02:00
Merge pull request #9780 from mattia-moffa/20260216-pkcs-ecdh-fixes
Fix PKCS11 object leak in Pkcs11ECDH
This commit is contained in:
@@ -7891,6 +7891,13 @@ int wc_ecc_free(ecc_key* key)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_FREE)
|
||||
if (key->devId != INVALID_DEVID) {
|
||||
wc_CryptoCb_Free(key->devId, WC_ALGO_TYPE_PK,
|
||||
WC_PK_TYPE_EC_KEYGEN, key);
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP) || \
|
||||
defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
|
||||
defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
|
||||
|
||||
@@ -2923,8 +2923,12 @@ static int Pkcs11EcKeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
|
||||
if (pubKey != NULL_PTR)
|
||||
session->func->C_DestroyObject(session->handle, pubKey);
|
||||
if (ret != 0 && privKey != NULL_PTR)
|
||||
if (ret == 0 && privKey != NULL_PTR) {
|
||||
key->devCtx = (void*)(uintptr_t)privKey;
|
||||
}
|
||||
else if (ret != 0 && privKey != NULL_PTR) {
|
||||
session->func->C_DestroyObject(session->handle, privKey);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
@@ -3020,7 +3024,11 @@ static int Pkcs11ECDH(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
if (ret == 0) {
|
||||
WOLFSSL_MSG("PKCS#11: EC Key Derivation Operation");
|
||||
|
||||
if ((sessionKey = !mp_iszero(
|
||||
if (info->pk.ecdh.private_key->devCtx != NULL) {
|
||||
privateKey = (CK_OBJECT_HANDLE)(uintptr_t)
|
||||
info->pk.ecdh.private_key->devCtx;
|
||||
}
|
||||
else if ((sessionKey = !mp_iszero(
|
||||
wc_ecc_key_get_priv(info->pk.ecdh.private_key))))
|
||||
ret = Pkcs11CreateEccPrivateKey(&privateKey, session,
|
||||
info->pk.ecdh.private_key, CKA_DERIVE);
|
||||
@@ -3085,7 +3093,10 @@ static int Pkcs11ECDH(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
info->pk.ecdh.outlen);
|
||||
}
|
||||
|
||||
if (sessionKey)
|
||||
if (secret != CK_INVALID_HANDLE)
|
||||
session->func->C_DestroyObject(session->handle, secret);
|
||||
|
||||
if (sessionKey && privateKey != NULL_PTR)
|
||||
session->func->C_DestroyObject(session->handle, privateKey);
|
||||
|
||||
if (point != NULL)
|
||||
@@ -3314,7 +3325,11 @@ static int Pkcs11ECDSA_Sign(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
if (ret == 0) {
|
||||
WOLFSSL_MSG("PKCS#11: EC Signing Operation");
|
||||
|
||||
if ((sessionKey = !mp_iszero(
|
||||
if (info->pk.eccsign.key->devCtx != NULL) {
|
||||
privateKey = (CK_OBJECT_HANDLE)(uintptr_t)
|
||||
info->pk.eccsign.key->devCtx;
|
||||
}
|
||||
else if ((sessionKey = !mp_iszero(
|
||||
wc_ecc_key_get_priv(info->pk.eccsign.key))))
|
||||
ret = Pkcs11CreateEccPrivateKey(&privateKey, session,
|
||||
info->pk.eccsign.key, CKA_SIGN);
|
||||
@@ -3378,7 +3393,7 @@ static int Pkcs11ECDSA_Sign(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
sz);
|
||||
}
|
||||
|
||||
if (sessionKey)
|
||||
if (sessionKey && privateKey != NULL_PTR)
|
||||
session->func->C_DestroyObject(session->handle, privateKey);
|
||||
|
||||
return ret;
|
||||
@@ -4726,8 +4741,26 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
|
||||
ret = NOT_COMPILED_IN;
|
||||
#endif
|
||||
}
|
||||
else
|
||||
else if (info->algo_type == WC_ALGO_TYPE_FREE) {
|
||||
#ifdef HAVE_ECC
|
||||
if (info->free.algo == WC_ALGO_TYPE_PK &&
|
||||
info->free.type == WC_PK_TYPE_EC_KEYGEN) {
|
||||
ecc_key* key = (ecc_key*)info->free.obj;
|
||||
if (key != NULL && key->devCtx != NULL) {
|
||||
if (token->handle != NULL_PTR) {
|
||||
CK_OBJECT_HANDLE handle =
|
||||
(CK_OBJECT_HANDLE)(uintptr_t)key->devCtx;
|
||||
token->func->C_DestroyObject(token->handle, handle);
|
||||
}
|
||||
key->devCtx = NULL;
|
||||
}
|
||||
ret = 0;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
ret = NOT_COMPILED_IN;
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
|
||||
@@ -4962,6 +4962,9 @@ extern void uITRON4_free(void *p) ;
|
||||
" (WC_TEST_NO_CRYPTOCB_SW_TEST)" \
|
||||
" requires WOLF_CRYPTO_CB"
|
||||
#endif
|
||||
#if defined(HAVE_PKCS11) && !defined(WOLF_CRYPTO_CB_FREE)
|
||||
#define WOLF_CRYPTO_CB_FREE
|
||||
#endif
|
||||
#if (defined(WOLF_CRYPTO_CB_COPY) || defined(WOLF_CRYPTO_CB_FREE)) && \
|
||||
!defined(WOLF_CRYPTO_CB)
|
||||
#error "Crypto callback utilities" \
|
||||
|
||||
Reference in New Issue
Block a user