@@ -8283,6 +8283,7 @@ int WP11_Object_MatchAttr(WP11_Object* object, CK_ATTRIBUTE_TYPE type,
82838283 return ret ;
82848284}
82858285
8286+ #ifdef WOLFPKCS11_TPM
82868287#if !defined(NO_RSA ) || defined(HAVE_ECC )
82878288
82888289static int WP11_Object_LoadTpmKey (WP11_Object * object )
@@ -8333,8 +8334,8 @@ static int WP11_Object_LoadTpmKey(WP11_Object* object)
83338334 return ret ;
83348335}
83358336
8336- #endif
8337-
8337+ #endif /* !NO_RSA || HAVE_ECC */
8338+ #endif /* WOLFPKCS11_TPM */
83388339
83398340#ifndef NO_RSA
83408341
@@ -8446,6 +8447,12 @@ int WP11_Rsa_GenerateKeyPair(WP11_Object* pub, WP11_Object* priv,
84468447
84478448 /* Generate into the private key. */
84488449 ret = wc_MakeRsaKey (& priv -> data .rsaKey , pub -> size , e , & rng );
8450+ #ifdef WOLFPKCS11_TPM
8451+ if (ret == 0 ) {
8452+ /* unload handle and reload when used */
8453+ wolfTPM2_UnloadHandle (& priv -> slot -> tpmDev , & priv -> tpmKey .handle );
8454+ }
8455+ #endif
84498456 if (ret != 0 ) {
84508457 wc_FreeRsaKey (& priv -> data .rsaKey );
84518458 }
@@ -9140,6 +9147,12 @@ int WP11_RsaPKCSPSS_Verify(unsigned char* sig, word32 sigLen,
91409147 * stat = 1 ;
91419148 }
91429149 }
9150+ /* Make sure bad padding returns success, but verify failed.
9151+ * Calling code expects this. */
9152+ if (ret == BAD_PADDING_E ) {
9153+ ret = 0 ;
9154+ * stat = 0 ;
9155+ }
91439156
91449157 return ret ;
91459158}
@@ -9182,6 +9195,12 @@ int WP11_Ec_GenerateKeyPair(WP11_Object* pub, WP11_Object* priv,
91829195 if (ret == 0 ) {
91839196 ret = wc_ecc_make_key_ex (& rng , priv -> data .ecKey .dp -> size ,
91849197 & priv -> data .ecKey , priv -> data .ecKey .dp -> id );
9198+ #ifdef WOLFPKCS11_TPM
9199+ if (ret == 0 ) {
9200+ /* unload handle and reload when used */
9201+ wolfTPM2_UnloadHandle (& slot -> tpmDev , & priv -> tpmKey .handle );
9202+ }
9203+ #endif
91859204 Rng_Free (& rng );
91869205 }
91879206 if (ret == 0 ) {
0 commit comments