Merge pull request #9962 from night1rider/ecc-dilithium-callback-free-fix

Fix expected callback behavior for ECC/Dilithium for Free Callbacks

Author: dgarske

.github/workflows/os-check.yml

@@ -76,6 +76,7 @@ jobs:
           '--enable-sessionexport',
           '--enable-cryptocb --enable-aesgcm CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"',
           '--disable-tls --enable-cryptocb --enable-aesgcm CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"',
+          '--enable-all --enable-dilithium --enable-cryptocb --enable-cryptocbutils --enable-pkcallbacks',
           '--enable-cryptocb --enable-aesgcm CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY"',
           '--disable-examples CPPFLAGS=-DWOLFSSL_NO_MALLOC',
           'CPPFLAGS=-DNO_WOLFSSL_CLIENT',

wolfcrypt/src/dilithium.c

@@ -10889,14 +10889,22 @@ int wc_dilithium_get_level(dilithium_key* key, byte* level)
  */
 void wc_dilithium_free(dilithium_key* key)
 {
+#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_FREE)
+    int ret = 0;
+#endif
+
     if (key != NULL) {
 #if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_FREE)
         if (key->devId != INVALID_DEVID) {
-            wc_CryptoCb_Free(key->devId, WC_ALGO_TYPE_PK,
+            ret = wc_CryptoCb_Free(key->devId, WC_ALGO_TYPE_PK,
                              WC_PK_TYPE_PQC_SIG_KEYGEN,
                              WC_PQC_SIG_TYPE_DILITHIUM,
                              (void*)key);
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return;
+            /* fall-through to software cleanup */
         }
+        (void)ret;
 #endif
 #ifdef WOLFSSL_WC_DILITHIUM
 #ifndef WC_DILITHIUM_FIXED_ARRAY

wolfcrypt/src/ecc.c

@@ -7886,15 +7886,23 @@ void wc_ecc_free_curve(const ecc_set_type* curve, void* heap)
 WOLFSSL_ABI
 int wc_ecc_free(ecc_key* key)
 {
+#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_FREE)
+    int ret = 0;
+#endif
+
     if (key == NULL) {
         return 0;
     }
 
 #if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_FREE)
     if (key->devId != INVALID_DEVID) {
-        wc_CryptoCb_Free(key->devId, WC_ALGO_TYPE_PK,
+        ret = wc_CryptoCb_Free(key->devId, WC_ALGO_TYPE_PK,
                          WC_PK_TYPE_EC_KEYGEN, 0, key);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through to software cleanup */
     }
+    (void)ret;
 #endif
 
 #if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP) || \

wolfcrypt/src/wc_pkcs11.c

@@ -5794,6 +5794,12 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
                                                  (ecc_key*)info->free.obj);
                     Pkcs11CloseSession(token, &session);
                 }
+                /* Return CRYPTOCB_UNAVAILABLE so wc_ecc_free() still
+                 * performs software cleanup. This callback only releases
+                 * the HSM object. Conditional because wc_ecc_free returns
+                 * int and can propagate an HSM error to the caller. */
+                if (ret == 0)
+                    ret = CRYPTOCB_UNAVAILABLE;
             }
             else
     #endif
@@ -5807,6 +5813,11 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
                                                    (MlDsaKey*)info->free.obj);
                     Pkcs11CloseSession(token, &session);
                 }
+                /* Always return CRYPTOCB_UNAVAILABLE so wc_dilithium_free()
+                 * performs software cleanup. This callback only releases
+                 * the HSM object. Unconditional because wc_dilithium_free
+                 * returns void and cannot propagate an error. */
+                ret = CRYPTOCB_UNAVAILABLE;
             }
             else
     #endif

wolfcrypt/test/test.c

@@ -46997,7 +46997,7 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey,
         msg[i] = (byte)i;
     }
 
-    ret = wc_dilithium_init(key);
+    ret = wc_dilithium_init_ex(key, NULL, devId);
     if (ret != 0) {
         ret = WC_TEST_RET_ENC_EC(ret);
         return ret;
@@ -50158,7 +50158,7 @@ static wc_test_ret_t dilithium_param_test(int param, WC_RNG* rng)
     }
 #endif
 
-    ret = wc_dilithium_init(key);
+    ret = wc_dilithium_init_ex(key, NULL, devId);
     if (ret != 0) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     }
@@ -50250,7 +50250,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey,
 
     /* Initialize key */
     if (ret == 0) {
-        ret = wc_dilithium_init(key);
+        ret = wc_dilithium_init_ex(key, NULL, devId);
     }
 
     /* Import raw key, setting the security level */
@@ -50293,7 +50293,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey,
     /* Free and reinit key to test fresh decode */
     if (ret == 0) {
         wc_dilithium_free(key);
-        ret = wc_dilithium_init(key);
+        ret = wc_dilithium_init_ex(key, NULL, devId);
     }
 
     /* First test decoding when security level is set externally */
@@ -50318,7 +50318,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey,
     /* Free and reinit key to test fresh decode */
     if (ret == 0) {
         wc_dilithium_free(key);
-        ret = wc_dilithium_init(key);
+        ret = wc_dilithium_init_ex(key, NULL, devId);
     }
 
 #ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
@@ -65407,6 +65407,37 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
                     ret = 0;
                     break;
                 }
+#endif
+                default:
+                    ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
+                    break;
+            }
+        }
+        else if (info->free.algo == WC_ALGO_TYPE_PK) {
+            switch (info->free.type) {
+#ifdef HAVE_ECC
+                case WC_PK_TYPE_EC_KEYGEN:
+                {
+                    ecc_key* ecc = (ecc_key*)info->free.obj;
+                    ecc->devId = INVALID_DEVID;
+                    wc_ecc_free(ecc);
+                    ret = 0;
+                    break;
+                }
+#endif
+#ifdef HAVE_DILITHIUM
+                case WC_PK_TYPE_PQC_SIG_KEYGEN:
+                {
+                    if (info->free.subType ==
+                            WC_PQC_SIG_TYPE_DILITHIUM) {
+                        dilithium_key* dil =
+                            (dilithium_key*)info->free.obj;
+                        dil->devId = INVALID_DEVID;
+                        wc_dilithium_free(dil);
+                        ret = 0;
+                    }
+                    break;
+                }
 #endif
                 default:
                     ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
@@ -65600,6 +65631,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void)
         ret = ecc_onlycb_test(&myCtx);
     PRIVATE_KEY_LOCK();
 #endif
+#ifdef HAVE_DILITHIUM
+    if (ret == 0)
+        ret = dilithium_test();
+#endif
 #ifdef HAVE_ED25519
     PRIVATE_KEY_UNLOCK();
     if (ret == 0)