From 28db1b19e18f1050e76284c85f70978e058df91f Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 10 Jul 2024 11:17:02 -0700 Subject: [PATCH] Fix to support PKCS11 without RSA key generation. Fixed `Pkcs11Rsa` where `ret` failure could be ignored. --- wolfcrypt/src/wc_pkcs11.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/wc_pkcs11.c b/wolfcrypt/src/wc_pkcs11.c index e248d8ea5c..c63d80ae8d 100644 --- a/wolfcrypt/src/wc_pkcs11.c +++ b/wolfcrypt/src/wc_pkcs11.c @@ -947,7 +947,7 @@ static int Pkcs11CreateSecretKey(CK_OBJECT_HANDLE* key, Pkcs11Session* session, } #endif -#ifndef NO_RSA +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) /** * Create a PKCS#11 object containing the RSA private key data. * @@ -1024,7 +1024,7 @@ static int Pkcs11CreateRsaPrivateKey(CK_OBJECT_HANDLE* privateKey, return ret; } -#endif +#endif /* !NO_RSA && WOLFSSL_KEY_GEN */ #ifdef HAVE_ECC /** @@ -1380,7 +1380,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key) break; } #endif - #ifndef NO_RSA + #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) case PKCS11_KEY_TYPE_RSA: { RsaKey* rsaKey = (RsaKey*)key; @@ -1774,7 +1774,12 @@ static int Pkcs11RsaPrivateKey(Pkcs11Session* session, RsaKey* rsaKey, int ret; if (sessionKey) { + #ifdef WOLFSSL_KEY_GEN ret = Pkcs11CreateRsaPrivateKey(privateKey, session, rsaKey, 0); + #else + /* RSA Key Generation support not compiled in */ + ret = NOT_COMPILED_IN; + #endif } else if (rsaKey->labelLen > 0) { ret = Pkcs11FindKeyByLabel(privateKey, CKO_PRIVATE_KEY, CKK_RSA, @@ -1996,7 +2001,8 @@ static int Pkcs11Rsa(Pkcs11Session* session, wc_CryptoInfo* info) /* Make a handle to a private key. */ ret = Pkcs11RsaPrivateKey(session, rsaKey, sessionKey, &key); } - + } + if (ret == 0) { if (type == RSA_PUBLIC_ENCRYPT) { WOLFSSL_MSG("PKCS#11: Public Encrypt"); if ((mechInfo.flags & CKF_ENCRYPT) != 0) {