Fix ML-DSA context buffer: replace heap pointer with fixed-size array

Frauschi · Frauschi · commit aca7408733cd · 2026-03-26T19:56:20.000+01:00
Replace the dynamically-allocated `byte* ctx` pointer in WP11_MldsaParams
with an inline `byte ctx[256]` array. PKCS#11 v3.2 (§2.3.12) caps the
ML-DSA context length at 255 bytes, so heap allocation is unnecessary and
introduced several memory-management hazards:

- ctx was freed at the end of WP11_Mldsa_Sign/Verify before session
  teardown, leaving a dangling pointer if the session was reused
- the cleanup in wp11_Session_Final checked the wrong mechanism set,
  meaning it could free ctx a second time
- WP11_Session_SetMldsaParams freed ctx before re-initialising, which
  was safe only if the pointer was always valid (it wasn't on first call)
Embedding the buffer in the struct eliminates all manual lifetime
tracking.
diff --git a/src/internal.c b/src/internal.c
@@ -356,7 +356,7 @@ typedef struct WP11_PssParams {
 typedef struct WP11_MldsaParams {
     enum wc_HashType preHashType;
     word32 hedgeType;
-    byte* ctx;
+    byte ctx[256];
     byte ctxSz;
 } WP11_MldsaParams;
 #endif
@@ -911,14 +911,6 @@ static void wp11_Session_Final(WP11_Session* session)
         session->params.oaep.label = NULL;
     }
 #endif
-#ifdef WOLFPKCS11_MLDSA
-    if ((session->mechanism == CKM_ML_DSA ||
-         session->mechanism == CKM_HASH_ML_DSA) &&
-                                            session->params.mldsa.ctx != NULL) {
-        XFREE(session->params.mldsa.ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        session->params.mldsa.ctx = NULL;
-    }
-#endif
 #ifndef NO_AES
 #ifdef HAVE_AES_CBC
     if ((session->mechanism == CKM_AES_CBC ||
@@ -7849,7 +7841,6 @@ int WP11_Session_SetMldsaParams(WP11_Session* session, CK_VOID_PTR params,
     int ret = 0;
     WP11_MldsaParams* mldsa = &session->params.mldsa;
 
-    XFREE(mldsa->ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     XMEMSET(mldsa, 0, sizeof(*mldsa));
 
     if (params != NULL) {
@@ -7863,19 +7854,12 @@ int WP11_Session_SetMldsaParams(WP11_Session* session, CK_VOID_PTR params,
                 if (ctx->ulContextLen > 255) {
                     ret = BAD_FUNC_ARG;
                 }
-                if (ret == 0) {
-                    mldsa->ctx = (byte*)XMALLOC(ctx->ulContextLen, NULL,
-                                                DYNAMIC_TYPE_TMP_BUFFER);
-                    if (mldsa->ctx == NULL)
-                        ret = MEMORY_E;
-                }
                 if (ret == 0) {
                     XMEMCPY(mldsa->ctx, ctx->pContext, ctx->ulContextLen);
                     mldsa->ctxSz = ctx->ulContextLen;
                 }
             }
             else {
-                mldsa->ctx = NULL;
                 mldsa->ctxSz = 0;
             }
 
@@ -7892,19 +7876,12 @@ int WP11_Session_SetMldsaParams(WP11_Session* session, CK_VOID_PTR params,
                 if (ctx->ulContextLen > 255) {
                     ret = BAD_FUNC_ARG;
                 }
-                if (ret == 0) {
-                    mldsa->ctx = (byte*)XMALLOC(ctx->ulContextLen, NULL,
-                                                DYNAMIC_TYPE_TMP_BUFFER);
-                    if (mldsa->ctx == NULL)
-                        ret = MEMORY_E;
-                }
                 if (ret == 0) {
                     XMEMCPY(mldsa->ctx, ctx->pContext, ctx->ulContextLen);
                     mldsa->ctxSz = ctx->ulContextLen;
                 }
             }
             else {
-                mldsa->ctx = NULL;
                 mldsa->ctxSz = 0;
             }
 
@@ -7921,7 +7898,6 @@ int WP11_Session_SetMldsaParams(WP11_Session* session, CK_VOID_PTR params,
     else {
         mldsa->preHashType = WC_HASH_TYPE_NONE;
         mldsa->hedgeType = CKH_HEDGE_PREFERRED;
-        mldsa->ctx = NULL;
         mldsa->ctxSz = 0;
     }
 
@@ -12779,8 +12755,6 @@ int WP11_Mldsa_Sign(unsigned char* data, word32 dataLen, unsigned char* sig,
         Rng_Free(&rng);
     }
 
-    XFREE(params->ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    params->ctx = NULL;
     params->ctxSz = 0;
 
     if (priv->onToken)
@@ -12829,8 +12803,6 @@ int WP11_Mldsa_Verify(unsigned char* sig, word32 sigLen, unsigned char* data,
         }
     }
 
-    XFREE(params->ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    params->ctx = NULL;
     params->ctxSz = 0;
 
     if (pub->onToken)
