Add more skoll / fenrir fixes

aidangarske · aidangarske · commit df8c70b52944 · 2026-04-10T13:27:27.000-07:00
diff --git a/src/crypto.c b/src/crypto.c
@@ -514,11 +514,9 @@ static CK_RV SetAttributeDefaults(WP11_Object* obj, CK_OBJECT_CLASS keyType,
                                     ulCount);
             break;
         case CKO_SECRET_KEY:
-#ifndef WOLFPKCS11_NSS
             if (ret == CKR_OK)
                 ret = SetIfNotFound(obj, CKA_SENSITIVE, trueVal, pTemplate,
                                     ulCount);
-#endif
             if (ret == CKR_OK)
                 ret = SetIfNotFound(obj, CKA_EXTRACTABLE, trueVal, pTemplate,
                                     ulCount);
@@ -544,7 +542,11 @@ static CK_RV SetAttributeDefaults(WP11_Object* obj, CK_OBJECT_CLASS keyType,
                 ret = SetIfNotFound(obj, CKA_EXTRACTABLE, falseVal, pTemplate,
                                     ulCount);
 #else
-            /* NSS needs extractable private keys as internal crypto module */
+            /* NSS needs extractable private keys as internal crypto module.
+             * CKA_SENSITIVE is still set to prevent plaintext key readout. */
+            if (ret == CKR_OK)
+                ret = SetIfNotFound(obj, CKA_SENSITIVE, trueVal, pTemplate,
+                                    ulCount);
             if (ret == CKR_OK)
                 ret = SetIfNotFound(obj, CKA_EXTRACTABLE, trueVal, pTemplate,
                                     ulCount);
@@ -2286,6 +2288,9 @@ CK_RV C_Encrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
             }
             if (!CK_ULONG_FITS_WORD32(ulDataLen))
                 return CKR_DATA_LEN_RANGE;
+            /* Ensure padded result fits in word32 */
+            if (ulDataLen > (CK_ULONG)(0xFFFFFFFF - AES_BLOCK_SIZE))
+                return CKR_DATA_LEN_RANGE;
 
             /* PKCS#7 padding always adds at least 1 byte */
             encDataLen = (word32)((ulDataLen / AES_BLOCK_SIZE) + 1) *
diff --git a/src/internal.c b/src/internal.c
@@ -958,7 +958,7 @@ static void wp11_Session_Final(WP11_Session* session)
     if ((session->init & ~WP11_INIT_DIGEST_MASK) == WP11_INIT_HMAC_SIGN ||
         (session->init & ~WP11_INIT_DIGEST_MASK) == WP11_INIT_HMAC_VERIFY) {
         wc_HmacFree(&session->params.hmac.hmac);
-        session->init = 0;
+        session->init &= WP11_INIT_DIGEST_MASK;
     }
 #endif
 #ifdef HAVE_AESCMAC
@@ -970,14 +970,16 @@ static void wp11_Session_Final(WP11_Session* session)
         wc_ForceZero(&session->params.cmac.cmac,
                       sizeof(session->params.cmac.cmac));
 #endif
-        session->init = 0;
+        session->init &= WP11_INIT_DIGEST_MASK;
     }
 #endif
     if ((session->init & ~WP11_INIT_DIGEST_MASK) == WP11_INIT_DIGEST) {
         wc_HashFree(&session->params.digest.hash,
                      session->params.digest.hashType);
-        session->init = 0;
+        session->init &= ~WP11_INIT_DIGEST_MASK;
     }
+    /* Ensure no stale bits remain after all cleanup. */
+    session->init = 0;
 }
 
 #ifndef WOLFPKCS11_NO_STORE
@@ -6971,8 +6973,8 @@ int WP11_Slot_IsLoggedIn(WP11_Slot* slot)
 
 void WP11_Slot_Logout(WP11_Slot* slot)
 {
-#ifndef WOLFPKCS11_NO_STORE
     int state;
+#ifndef WOLFPKCS11_NO_STORE
     int ret = 0;
 #endif
 
@@ -6986,9 +6988,15 @@ void WP11_Slot_Logout(WP11_Slot* slot)
             ret = wp11_Object_Encode(object, 1);
             object = object->next;
         }
-        wc_ForceZero(slot->token.key, sizeof(slot->token.key));
     }
+#else
+    state = slot->token.loginState;
 #endif
+    /* Zero token key only on user logout — SO logout must preserve it
+     * for subsequent object encryption (e.g., empty-PIN flow). */
+    if (state == WP11_APP_STATE_RO_USER || state == WP11_APP_STATE_RW_USER) {
+        wc_ForceZero(slot->token.key, sizeof(slot->token.key));
+    }
     slot->token.loginState = WP11_APP_STATE_RW_PUBLIC;
 
     WP11_Lock_UnlockRW(&slot->lock);
@@ -14261,8 +14269,11 @@ int WP11_Digest_Single(unsigned char* data, word32 dataLen,
     WP11_Digest* digest = &session->params.digest;
 
     blockLen = wc_HashGetDigestSize(digest->hashType);
-    if (blockLen < 0)
+    if (blockLen < 0) {
+        wc_HashFree(&digest->hash, digest->hashType);
+        session->init = 0;
         return CKR_FUNCTION_FAILED;
+    }
 
     if (dataOut == NULL) {
         *dataOutLen = (word32)blockLen;
diff --git a/tests/pkcs11test.c b/tests/pkcs11test.c
@@ -10875,6 +10875,8 @@ static CK_RV test_aes_cbc_pad_block_aligned_size(void* args)
         }
     }
 
+    funcList->C_DestroyObject(session, key);
+
     return ret;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -10875,6 +10875,8 @@ static CK_RV test_aes_cbc_pad_block_aligned_size(void* args)`
`10875`	`10875`	`}`
`10876`	`10876`	`}`
`10877`	`10877`
	`10878`	`+ funcList->C_DestroyObject(session, key);`
	`10879`	`+`
`10878`	`10880`	`return ret;`
`10879`	`10881`	`}`
`10880`	`10882`