Skip Async_DevCtxInit when using init rsa/ecc label/id api's (#6393)

lealem47 · Lealem Amedie · web-flow · commit 79a5c49e47c1 · 2023-05-12T11:54:03.000-07:00
* Skip Async_DevCtxInit when using init rsa/ecc label/id api's

---------

Co-authored-by: Lealem Amedie &lt;lealem47@github.com&gt;
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
@@ -5804,12 +5804,21 @@ int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key)
 WOLFSSL_ABI
 int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
 {
-    int ret = 0;
+    int ret      = 0;
+#if defined(HAVE_PKCS11)
+    int isPkcs11 = 0;
+#endif
 
     if (key == NULL) {
         return BAD_FUNC_ARG;
     }
 
+#if defined(HAVE_PKCS11)
+    if (key->isPkcs11) {
+        isPkcs11 = 1;
+    }
+#endif
+
 #ifdef ECC_DUMP_OID
     wc_ecc_dump_oids();
 #endif
@@ -5862,9 +5871,16 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
 #endif
 
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
-    /* handle as async */
-    ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_ECC,
+    #if defined(HAVE_PKCS11)
+        if (!isPkcs11)
+    #endif
+        {
+            /* handle as async */
+            ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_ECC,
                                                             key->heap, devId);
+        }
+#elif defined(HAVE_PKCS11)
+    (void)isPkcs11;
 #endif
 
 #if defined(WOLFSSL_DSP)
@@ -5917,6 +5933,11 @@ int wc_ecc_init_id(ecc_key* key, unsigned char* id, int len, void* heap,
     if (ret == 0 && (len < 0 || len > ECC_MAX_ID_LEN))
         ret = BUFFER_E;
 
+#if defined(HAVE_PKCS11)
+    XMEMSET(key, 0, sizeof(ecc_key));
+    key->isPkcs11 = 1;
+#endif
+
     if (ret == 0)
         ret = wc_ecc_init_ex(key, heap, devId);
     if (ret == 0 && id != NULL && len != 0) {
@@ -5947,6 +5968,11 @@ int wc_ecc_init_label(ecc_key* key, const char* label, void* heap, int devId)
             ret = BUFFER_E;
     }
 
+#if defined(HAVE_PKCS11)
+    XMEMSET(key, 0, sizeof(ecc_key));
+    key->isPkcs11 = 1;
+#endif
+
     if (ret == 0)
         ret = wc_ecc_init_ex(key, heap, devId);
     if (ret == 0) {
diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
@@ -267,12 +267,21 @@ static void wc_RsaCleanup(RsaKey* key)
 
 int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
 {
-    int ret = 0;
+    int ret      = 0;
+#if defined(HAVE_PKCS11)
+    int isPkcs11 = 0;
+#endif
 
     if (key == NULL) {
         return BAD_FUNC_ARG;
     }
 
+#if defined(HAVE_PKCS11)
+    if (key->isPkcs11) {
+        isPkcs11 = 1;
+    }
+#endif
+
     XMEMSET(key, 0, sizeof(RsaKey));
 
     key->type = RSA_TYPE_UNKNOWN;
@@ -299,12 +308,19 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
     #endif
 
     #ifdef WC_ASYNC_ENABLE_RSA
-        /* handle as async */
-        ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_RSA,
-                                                            key->heap, devId);
-        if (ret != 0)
-            return ret;
+        #if defined(HAVE_PKCS11)
+            if (!isPkcs11)
+        #endif
+            {
+                /* handle as async */
+                ret = wolfAsync_DevCtxInit(&key->asyncDev,
+                        WOLFSSL_ASYNC_MARKER_RSA, key->heap, devId);
+                if (ret != 0)
+                    return ret;
+            }
     #endif /* WC_ASYNC_ENABLE_RSA */
+#elif defined(HAVE_PKCS11)
+    (void)isPkcs11;
 #endif /* WOLFSSL_ASYNC_CRYPT */
 
 #ifndef WOLFSSL_RSA_PUBLIC_ONLY
@@ -370,6 +386,11 @@ int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len, void* heap,
     if (ret == 0 && (len < 0 || len > RSA_MAX_ID_LEN))
         ret = BUFFER_E;
 
+#if defined(HAVE_PKCS11)
+    XMEMSET(key, 0, sizeof(RsaKey));
+    key->isPkcs11 = 1;
+#endif
+
     if (ret == 0)
         ret = wc_InitRsaKey_ex(key, heap, devId);
     if (ret == 0 && id != NULL && len != 0) {
@@ -400,6 +421,11 @@ int wc_InitRsaKey_Label(RsaKey* key, const char* label, void* heap, int devId)
             ret = BUFFER_E;
     }
 
+#if defined(HAVE_PKCS11)
+    XMEMSET(key, 0, sizeof(RsaKey));
+    key->isPkcs11 = 1;
+#endif
+
     if (ret == 0)
         ret = wc_InitRsaKey_ex(key, heap, devId);
     if (ret == 0) {
diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h
@@ -504,6 +504,9 @@ struct ecc_key {
 #if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_CB)
     int devId;
 #endif
+#if defined(HAVE_PKCS11)
+    byte isPkcs11 : 1; /* indicate if PKCS11 is preferred */
+#endif
 #ifdef WOLFSSL_SILABS_SE_ACCEL
     sl_se_command_context_t  cmd_ctx;
     sl_se_key_descriptor_t   key;
diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h
@@ -215,6 +215,9 @@ struct RsaKey {
 #ifdef WOLF_CRYPTO_CB
     int   devId;
 #endif
+#if defined(HAVE_PKCS11)
+    byte isPkcs11 : 1; /* indicate if PKCS11 is preferred */
+#endif
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_ASYNC_DEV asyncDev;
     #ifdef WOLFSSL_CERT_GEN
