fix SE050 mutex leaks on early returns

JeremiahM37 · JeremiahM37 · commit 079e7c569230 · 2026-03-26T17:30:14.000Z
diff --git a/wolfcrypt/src/port/nxp/se050_port.c b/wolfcrypt/src/port/nxp/se050_port.c
@@ -572,6 +572,7 @@ int wc_se050_insert_binary_object(word32 keyId, const byte* object,
 
     /* Avoid key ID conflicts with temporary key storage */
     if (keyId >= SE050_KEYID_START) {
+        wolfSSL_CryptHwMutexUnLock();
         return BAD_FUNC_ARG;
     }
 
@@ -636,10 +637,12 @@ int wc_se050_get_binary_object(word32 keyId, byte* out, word32* outSz)
         else {
             if (out == NULL) {
                 *outSz = ret;
+                wolfSSL_CryptHwMutexUnLock();
                 return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
             }
             if ((word32)ret > *outSz) {
                 WOLFSSL_MSG("Output buffer not large enough for object");
+                wolfSSL_CryptHwMutexUnLock();
                 return BAD_LENGTH_E;
             }
             ret = 0;
@@ -931,6 +934,7 @@ static int se050_rsa_insert_key(word32 keyId, const byte* rsaDer,
 
     /* Avoid key ID conflicts with temporary key storage */
     if (keyId >= SE050_KEYID_START) {
+        wolfSSL_CryptHwMutexUnLock();
         return BAD_FUNC_ARG;
     }
 

Original file line number	Diff line number	Diff line change
`@@ -572,6 +572,7 @@ int wc_se050_insert_binary_object(word32 keyId, const byte* object,`
`572`	`572`
`573`	`573`	`/* Avoid key ID conflicts with temporary key storage */`
`574`	`574`	`if (keyId >= SE050_KEYID_START) {`
	`575`	`+ wolfSSL_CryptHwMutexUnLock();`
`575`	`576`	`return BAD_FUNC_ARG;`
`576`	`577`	`}`
`577`	`578`
`@@ -636,10 +637,12 @@ int wc_se050_get_binary_object(word32 keyId, byte* out, word32* outSz)`
`636`	`637`	`else {`
`637`	`638`	`if (out == NULL) {`
`638`	`639`	`*outSz = ret;`
	`640`	`+ wolfSSL_CryptHwMutexUnLock();`
`639`	`641`	`return WC_NO_ERR_TRACE(LENGTH_ONLY_E);`
`640`	`642`	`}`
`641`	`643`	`if ((word32)ret > *outSz) {`
`642`	`644`	`WOLFSSL_MSG("Output buffer not large enough for object");`
	`645`	`+ wolfSSL_CryptHwMutexUnLock();`
`643`	`646`	`return BAD_LENGTH_E;`
`644`	`647`	`}`
`645`	`648`	`ret = 0;`
`@@ -931,6 +934,7 @@ static int se050_rsa_insert_key(word32 keyId, const byte* rsaDer,`
`931`	`934`
`932`	`935`	`/* Avoid key ID conflicts with temporary key storage */`
`933`	`936`	`if (keyId >= SE050_KEYID_START) {`
	`937`	`+ wolfSSL_CryptHwMutexUnLock();`
`934`	`938`	`return BAD_FUNC_ARG;`
`935`	`939`	`}`
`936`	`940`