Skip to content

Commit 3a1aa83

Browse files
authored
Merge pull request #9780 from mattia-moffa/20260216-pkcs-ecdh-fixes
Fix PKCS11 object leak in Pkcs11ECDH
2 parents c5bbe79 + 817523d commit 3a1aa83

File tree

3 files changed

+49
-6
lines changed

3 files changed

+49
-6
lines changed

wolfcrypt/src/ecc.c

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7891,6 +7891,13 @@ int wc_ecc_free(ecc_key* key)
78917891
return 0;
78927892
}
78937893

7894+
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_FREE)
7895+
if (key->devId != INVALID_DEVID) {
7896+
wc_CryptoCb_Free(key->devId, WC_ALGO_TYPE_PK,
7897+
WC_PK_TYPE_EC_KEYGEN, key);
7898+
}
7899+
#endif
7900+
78947901
#if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP) || \
78957902
defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
78967903
defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)

wolfcrypt/src/wc_pkcs11.c

Lines changed: 39 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -2923,8 +2923,12 @@ static int Pkcs11EcKeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
29232923

29242924
if (pubKey != NULL_PTR)
29252925
session->func->C_DestroyObject(session->handle, pubKey);
2926-
if (ret != 0 && privKey != NULL_PTR)
2926+
if (ret == 0 && privKey != NULL_PTR) {
2927+
key->devCtx = (void*)(uintptr_t)privKey;
2928+
}
2929+
else if (ret != 0 && privKey != NULL_PTR) {
29272930
session->func->C_DestroyObject(session->handle, privKey);
2931+
}
29282932

29292933
return ret;
29302934
}
@@ -3020,7 +3024,11 @@ static int Pkcs11ECDH(Pkcs11Session* session, wc_CryptoInfo* info)
30203024
if (ret == 0) {
30213025
WOLFSSL_MSG("PKCS#11: EC Key Derivation Operation");
30223026

3023-
if ((sessionKey = !mp_iszero(
3027+
if (info->pk.ecdh.private_key->devCtx != NULL) {
3028+
privateKey = (CK_OBJECT_HANDLE)(uintptr_t)
3029+
info->pk.ecdh.private_key->devCtx;
3030+
}
3031+
else if ((sessionKey = !mp_iszero(
30243032
wc_ecc_key_get_priv(info->pk.ecdh.private_key))))
30253033
ret = Pkcs11CreateEccPrivateKey(&privateKey, session,
30263034
info->pk.ecdh.private_key, CKA_DERIVE);
@@ -3085,7 +3093,10 @@ static int Pkcs11ECDH(Pkcs11Session* session, wc_CryptoInfo* info)
30853093
info->pk.ecdh.outlen);
30863094
}
30873095

3088-
if (sessionKey)
3096+
if (secret != CK_INVALID_HANDLE)
3097+
session->func->C_DestroyObject(session->handle, secret);
3098+
3099+
if (sessionKey && privateKey != NULL_PTR)
30893100
session->func->C_DestroyObject(session->handle, privateKey);
30903101

30913102
if (point != NULL)
@@ -3314,7 +3325,11 @@ static int Pkcs11ECDSA_Sign(Pkcs11Session* session, wc_CryptoInfo* info)
33143325
if (ret == 0) {
33153326
WOLFSSL_MSG("PKCS#11: EC Signing Operation");
33163327

3317-
if ((sessionKey = !mp_iszero(
3328+
if (info->pk.eccsign.key->devCtx != NULL) {
3329+
privateKey = (CK_OBJECT_HANDLE)(uintptr_t)
3330+
info->pk.eccsign.key->devCtx;
3331+
}
3332+
else if ((sessionKey = !mp_iszero(
33183333
wc_ecc_key_get_priv(info->pk.eccsign.key))))
33193334
ret = Pkcs11CreateEccPrivateKey(&privateKey, session,
33203335
info->pk.eccsign.key, CKA_SIGN);
@@ -3378,7 +3393,7 @@ static int Pkcs11ECDSA_Sign(Pkcs11Session* session, wc_CryptoInfo* info)
33783393
sz);
33793394
}
33803395

3381-
if (sessionKey)
3396+
if (sessionKey && privateKey != NULL_PTR)
33823397
session->func->C_DestroyObject(session->handle, privateKey);
33833398

33843399
return ret;
@@ -4726,8 +4741,26 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
47264741
ret = NOT_COMPILED_IN;
47274742
#endif
47284743
}
4729-
else
4744+
else if (info->algo_type == WC_ALGO_TYPE_FREE) {
4745+
#ifdef HAVE_ECC
4746+
if (info->free.algo == WC_ALGO_TYPE_PK &&
4747+
info->free.type == WC_PK_TYPE_EC_KEYGEN) {
4748+
ecc_key* key = (ecc_key*)info->free.obj;
4749+
if (key != NULL && key->devCtx != NULL) {
4750+
if (token->handle != NULL_PTR) {
4751+
CK_OBJECT_HANDLE handle =
4752+
(CK_OBJECT_HANDLE)(uintptr_t)key->devCtx;
4753+
token->func->C_DestroyObject(token->handle, handle);
4754+
}
4755+
key->devCtx = NULL;
4756+
}
4757+
ret = 0;
4758+
}
4759+
#endif
4760+
}
4761+
else {
47304762
ret = NOT_COMPILED_IN;
4763+
}
47314764
}
47324765

47334766
return ret;

wolfssl/wolfcrypt/settings.h

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4962,6 +4962,9 @@ extern void uITRON4_free(void *p) ;
49624962
" (WC_TEST_NO_CRYPTOCB_SW_TEST)" \
49634963
" requires WOLF_CRYPTO_CB"
49644964
#endif
4965+
#if defined(HAVE_PKCS11) && !defined(WOLF_CRYPTO_CB_FREE)
4966+
#define WOLF_CRYPTO_CB_FREE
4967+
#endif
49654968
#if (defined(WOLF_CRYPTO_CB_COPY) || defined(WOLF_CRYPTO_CB_FREE)) && \
49664969
!defined(WOLF_CRYPTO_CB)
49674970
#error "Crypto callback utilities" \

0 commit comments

Comments
 (0)