wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2091 from SparkiDev/pkcs11_fixes

Browse Source 
Fix PKCS #11 AES-GCM and handling of unsupported algorithms
This commit is contained in:
David Garske
2019-02-14 09:49:02 -08:00
committed by GitHub
parent 46bb2591c8 5856d6b3dc
commit 64cb07557d
1 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
wolfcrypt/src/wc_pkcs11.c
View File

@@ -541,13 +541,15 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
ret = Pkcs11MechAvail(&session, CKM_AES_GCM); ret = Pkcs11MechAvail(&session, CKM_AES_GCM);
if (ret == 0) { if (ret == 0) {
ret = Pkcs11CreateSecretKey(&privKey, &session, CKK_AES, ret = Pkcs11CreateSecretKey(&privKey, &session, CKK_AES,
(unsigned char *)aes->key, (unsigned char *)aes->devKey,
aes->keylen, aes->keylen,
(unsigned char *)aes->id, (unsigned char *)aes->id,
aes->idLen); aes->idLen);
} }
if (ret == 0 && clear) if (ret == 0 && clear) {
XMEMSET(aes->devKey, 0, aes->keylen);
XMEMSET(aes->key, 0, aes->keylen); XMEMSET(aes->key, 0, aes->keylen);
}
break; break;
} }
#endif #endif
@@ -1421,6 +1423,8 @@ static int Pkcs11ECDH(Pkcs11Session* session, wc_CryptoInfo* info)
if (ret == 0) { if (ret == 0) {
secSz = *info->pk.ecdh.outlen; secSz = *info->pk.ecdh.outlen;
if (secSz > (CK_ULONG)info->pk.ecdh.private_key->dp->size)
secSz = info->pk.ecdh.private_key->dp->size;
params.kdf = CKD_NULL; params.kdf = CKD_NULL;
params.pSharedData = NULL; params.pSharedData = NULL;
@@ -1791,7 +1795,7 @@ static int Pkcs11AesGcmEncrypt(Pkcs11Session* session, wc_CryptoInfo* info)
/* Create a private key object or find by id. */ /* Create a private key object or find by id. */
if (ret == 0 && aes->idLen == 0) { if (ret == 0 && aes->idLen == 0) {
ret = Pkcs11CreateSecretKey(&key, session, CKK_AES, ret = Pkcs11CreateSecretKey(&key, session, CKK_AES,
(unsigned char *)aes->key, aes->keylen, (unsigned char *)aes->devKey, aes->keylen,
NULL, 0); NULL, 0);
} }
@@ -1875,7 +1879,7 @@ static int Pkcs11AesGcmDecrypt(Pkcs11Session* session, wc_CryptoInfo* info)
/* Create a private key object or find by id. */ /* Create a private key object or find by id. */
if (ret == 0 && aes->idLen == 0) { if (ret == 0 && aes->idLen == 0) {
ret = Pkcs11CreateSecretKey(&key, session, CKK_AES, ret = Pkcs11CreateSecretKey(&key, session, CKK_AES,
(unsigned char *)aes->key, aes->keylen, (unsigned char *)aes->devKey, aes->keylen,
NULL, 0); NULL, 0);
} }
else if (ret == 0) { else if (ret == 0) {
@@ -2046,9 +2050,6 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
#endif #endif
} }
} }
else if (info->algo_type == WC_ALGO_TYPE_HASH) {
ret = NOT_COMPILED_IN;
}
else if (info->algo_type == WC_ALGO_TYPE_RNG) { else if (info->algo_type == WC_ALGO_TYPE_RNG) {
#if !defined(WC_NO_RNG) && !defined(HAVE_HASHDRBG) #if !defined(WC_NO_RNG) && !defined(HAVE_HASHDRBG)
ret = Pkcs11RandomBlock(&session, info); ret = Pkcs11RandomBlock(&session, info);
@@ -2063,6 +2064,8 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
ret = NOT_COMPILED_IN; ret = NOT_COMPILED_IN;
#endif #endif
} }
else
ret = NOT_COMPILED_IN;
Pkcs11CloseSession(token, &session); Pkcs11CloseSession(token, &session);
} }