wolfcrypt/src/wc_pkcs11.c: cache PKCS#11 session across multi-call HMAC#10335
Open
julek-wolfssl wants to merge 1 commit intowolfSSL:masterfrom
Open
wolfcrypt/src/wc_pkcs11.c: cache PKCS#11 session across multi-call HMAC#10335julek-wolfssl wants to merge 1 commit intowolfSSL:masterfrom
julek-wolfssl wants to merge 1 commit intowolfSSL:masterfrom
Conversation
Member
Author
|
Tested in wolfSSL/wolfPKCS11#181 |
Contributor
There was a problem hiding this comment.
Pull request overview
Fixes PKCS#11-routed multi-call HMAC failures by keeping the same PKCS#11 session alive across separate wc_HmacUpdate / wc_HmacFinal CryptoCB dispatches, avoiding C_SignFinal running on a different session than C_SignInit.
Changes:
- Cache the PKCS#11
CK_SESSION_HANDLEinHmac.devCtxfor the duration of a device-backed HMAC operation. - Reconstruct a
Pkcs11Sessionon the stack from the cached handle on subsequent dispatches, and close/clear the cached session when leaving device-keyed state or on error.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
The cryptocb dispatcher opened and closed a fresh PKCS#11 session around each HMAC invocation. PKCS#11 sign operations are session-scoped, so a multi-call HMAC (wc_HmacUpdate then wc_HmacFinal, which arrive as separate cryptocb dispatches) had its C_SignFinal land on a session that never saw a C_SignInit, returning CKR_OPERATION_NOT_INITIALIZED and surfacing as WC_HW_E. This broke any code path that drives Update and Final separately under PKCS#11 routing. Cache the PKCS#11 session handle on Hmac.devCtx (cast through wc_ptr_t, matching the existing pattern for cached PKCS#11 object handles) and rebuild the Pkcs11Session on the stack. The session is opened on the first dispatch when the operation enters WC_HMAC_INNER_HASH_KEYED_DEV state and released when it leaves that state (Final completed or hard error).
|
julek-wolfssl
force-pushed
the
pkcs11-hmac-session
branch
from
82c3883 to
1b26594
Compare
Member
Author
|
retest this please flaky test |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The cryptocb dispatcher opened and closed a fresh PKCS#11 session around
each HMAC invocation. PKCS#11 sign operations are session-scoped, so a
multi-call HMAC (wc_HmacUpdate then wc_HmacFinal, which arrive as
separate cryptocb dispatches) had its C_SignFinal land on a session
that never saw a C_SignInit, returning CKR_OPERATION_NOT_INITIALIZED
and surfacing as WC_HW_E. This broke any code path that drives Update
and Final separately under PKCS#11 routing.
Cache the PKCS#11 session handle on Hmac.devCtx (cast through wc_ptr_t,
matching the existing pattern for cached PKCS#11 object handles) and
rebuild the Pkcs11Session on the stack. The session is opened on the
first dispatch when the operation enters
WC_HMAC_INNER_HASH_KEYED_DEV state and released when it leaves that
state (Final completed or hard error).