Skip Async_DevCtxInit when using init rsa/ecc label/id api's (#6393)

* Skip Async_DevCtxInit when using init rsa/ecc label/id api's --------- Co-authored-by: Lealem Amedie <lealem47@github.com>
2025-07-29 18:27:29 +02:00 · 2023-05-12 12:54:03 -06:00
parent 56cd8c3dc1
commit 79a5c49e47
4 changed files with 67 additions and 9 deletions
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@ -5804,12 +5804,21 @@ int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key)
 WOLFSSL_ABI
 int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
 {
-    int ret = 0;
+    int ret      = 0;
+#if defined(HAVE_PKCS11)
+    int isPkcs11 = 0;
+#endif

    if (key == NULL) {
        return BAD_FUNC_ARG;
    }

+#if defined(HAVE_PKCS11)
+    if (key->isPkcs11) {
+        isPkcs11 = 1;
+    }
+#endif
+
 #ifdef ECC_DUMP_OID
    wc_ecc_dump_oids();
 #endif
@ -5862,9 +5871,16 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
 #endif

 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
-    /* handle as async */
-    ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_ECC,
+    #if defined(HAVE_PKCS11)
+        if (!isPkcs11)
+    #endif
+        {
+            /* handle as async */
+            ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_ECC,
                                                            key->heap, devId);
+        }
+#elif defined(HAVE_PKCS11)
+    (void)isPkcs11;
 #endif

 #if defined(WOLFSSL_DSP)
@ -5917,6 +5933,11 @@ int wc_ecc_init_id(ecc_key* key, unsigned char* id, int len, void* heap,
    if (ret == 0 && (len < 0 || len > ECC_MAX_ID_LEN))
        ret = BUFFER_E;

+#if defined(HAVE_PKCS11)
+    XMEMSET(key, 0, sizeof(ecc_key));
+    key->isPkcs11 = 1;
+#endif
+
    if (ret == 0)
        ret = wc_ecc_init_ex(key, heap, devId);
    if (ret == 0 && id != NULL && len != 0) {
@ -5947,6 +5968,11 @@ int wc_ecc_init_label(ecc_key* key, const char* label, void* heap, int devId)
            ret = BUFFER_E;
    }

+#if defined(HAVE_PKCS11)
+    XMEMSET(key, 0, sizeof(ecc_key));
+    key->isPkcs11 = 1;
+#endif
+
    if (ret == 0)
        ret = wc_ecc_init_ex(key, heap, devId);
    if (ret == 0) {
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@ -267,12 +267,21 @@ static void wc_RsaCleanup(RsaKey* key)

 int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
 {
-    int ret = 0;
+    int ret      = 0;
+#if defined(HAVE_PKCS11)
+    int isPkcs11 = 0;
+#endif

    if (key == NULL) {
        return BAD_FUNC_ARG;
    }

+#if defined(HAVE_PKCS11)
+    if (key->isPkcs11) {
+        isPkcs11 = 1;
+    }
+#endif
+
    XMEMSET(key, 0, sizeof(RsaKey));

    key->type = RSA_TYPE_UNKNOWN;
@ -299,12 +308,19 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
    #endif

    #ifdef WC_ASYNC_ENABLE_RSA
-        /* handle as async */
-        ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_RSA,
-                                                            key->heap, devId);
-        if (ret != 0)
-            return ret;
+        #if defined(HAVE_PKCS11)
+            if (!isPkcs11)
+        #endif
+            {
+                /* handle as async */
+                ret = wolfAsync_DevCtxInit(&key->asyncDev,
+                        WOLFSSL_ASYNC_MARKER_RSA, key->heap, devId);
+                if (ret != 0)
+                    return ret;
+            }
    #endif /* WC_ASYNC_ENABLE_RSA */
+#elif defined(HAVE_PKCS11)
+    (void)isPkcs11;
 #endif /* WOLFSSL_ASYNC_CRYPT */

 #ifndef WOLFSSL_RSA_PUBLIC_ONLY
@ -370,6 +386,11 @@ int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len, void* heap,
    if (ret == 0 && (len < 0 || len > RSA_MAX_ID_LEN))
        ret = BUFFER_E;

+#if defined(HAVE_PKCS11)
+    XMEMSET(key, 0, sizeof(RsaKey));
+    key->isPkcs11 = 1;
+#endif
+
    if (ret == 0)
        ret = wc_InitRsaKey_ex(key, heap, devId);
    if (ret == 0 && id != NULL && len != 0) {
@ -400,6 +421,11 @@ int wc_InitRsaKey_Label(RsaKey* key, const char* label, void* heap, int devId)
            ret = BUFFER_E;
    }

+#if defined(HAVE_PKCS11)
+    XMEMSET(key, 0, sizeof(RsaKey));
+    key->isPkcs11 = 1;
+#endif
+
    if (ret == 0)
        ret = wc_InitRsaKey_ex(key, heap, devId);
    if (ret == 0) {
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@ -504,6 +504,9 @@ struct ecc_key {
 #if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_CB)
    int devId;
 #endif
+#if defined(HAVE_PKCS11)
+    byte isPkcs11 : 1; /* indicate if PKCS11 is preferred */
+#endif
 #ifdef WOLFSSL_SILABS_SE_ACCEL
    sl_se_command_context_t  cmd_ctx;
    sl_se_key_descriptor_t   key;
--- a/wolfssl/wolfcrypt/rsa.h
+++ b/wolfssl/wolfcrypt/rsa.h
@ -215,6 +215,9 @@ struct RsaKey {
 #ifdef WOLF_CRYPTO_CB
    int   devId;
 #endif
+#if defined(HAVE_PKCS11)
+    byte isPkcs11 : 1; /* indicate if PKCS11 is preferred */
+#endif
 #ifdef WOLFSSL_ASYNC_CRYPT
    WC_ASYNC_DEV asyncDev;
    #ifdef WOLFSSL_CERT_GEN