softhsm
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 4 additions & 2 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎CMAKE-WIN-NOTES.md‎
Lines changed: 1 addition & 1 deletion b/‎CMAKE-WIN-NOTES.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 1 addition & 1 deletion b/‎README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/lib/SoftHSM.cpp‎
Lines changed: 73 additions & 98 deletions b/‎src/lib/SoftHSM.cpp‎
Lines changed: 73 additions & 98 deletions
@@ -76,13 +76,14 @@ jobs:
           make check || (find . -name test-suite.log -exec cat {} \; && false)
 
   linux_ossl_35:
-    name: Linux with OpenSSL 3.5.4
+    name: Linux with OpenSSL 3.5.5
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v4
       - name: Prepare
         env:
-          OPENSSL_VERSION: 3.5.4
+          OPENSSL_VERSION: 3.5.5
+          OPENSSL_SHA256: "b28c91532a8b65a1f983b4c28b7488174e4a01008e29ce8e69bd789f28bc2a89"
           OPENSSL_INSTALL_DIR: /usr/local/openssl-3.5
           LDFLAGS: "-Wl,-rpath,/usr/local/openssl-3.5/lib64 -L/usr/local/openssl-3.5/lib64"
           PKG_CONFIG_PATH: "/usr/local/openssl-3.5/lib64/pkgconfig"
@@ -91,6 +92,7 @@ jobs:
           sudo apt-get install -y libcppunit-dev p11-kit build-essential checkinstall zlib1g-dev sudo autoconf libtool git
           # Install OpenSSL 3.5
           curl -L -O https://github.com/openssl/openssl/releases/download/openssl-${{ env.OPENSSL_VERSION }}/openssl-${{ env.OPENSSL_VERSION }}.tar.gz
+          echo "${OPENSSL_SHA256}  openssl-${{ env.OPENSSL_VERSION }}.tar.gz" | sha256sum -c -
           tar -xf openssl-${{ env.OPENSSL_VERSION }}.tar.gz
           cd openssl-${{ env.OPENSSL_VERSION }}
           ./config shared zlib no-ssl3 no-weak-ssl-ciphers --prefix=${{ env.OPENSSL_INSTALL_DIR }} --openssldir=${{ env.OPENSSL_INSTALL_DIR }}
 
@@ -52,7 +52,7 @@ Some options (more can be found in CMakeLists.txt):
 
 	-DBUILD_TESTS=ON                Compile tests along with libraries
 	-DENABLE_EDDSA=ON               Enable support for EDDSA
-	-DENABLE_MLDSA=ON               Enable support for ML-DSA
+    -DENABLE_MLDSA=ON               Enable support for ML-DSA
 	-DWITH_MIGRATE=ON               Build migration tool
 	-DWITH_CRYPTO_BACKEND=          Select crypto backend (openssl|botan)
 	-DDISABLE_NON_PAGED_MEMORY=ON   Disable non-paged memory for secure storage
 
@@ -82,7 +82,7 @@ Options:
 	--enable-ecc		Enable support for ECC (default detect)
 	--enable-gost		Enable support for GOST (default detect)
 	--enable-eddsa		Enable support for EDDSA (default detect)
-	--enable-mldsa		Enable support for ML-DSA (default detect)
+    --enable-mldsa		Enable support for ML-DSA (default detect)
 	--disable-visibility	Disable hidden visibilty link mode [enabled]
 	--with-crypto-backend	Select crypto backend (openssl|botan)
 	--with-openssl=PATH	Specify prefix of path of OpenSSL
 
@@ -62,12 +62,11 @@
 #include "DHPrivateKey.h"
 #include "GOSTPublicKey.h"
 #include "GOSTPrivateKey.h"
-#ifdef WITH_ML_DSA
 #include "MLDSAParameters.h"
 #include "MLDSAPublicKey.h"
 #include "MLDSAPrivateKey.h"
 #include "MLDSAUtil.h"
-#endif
+
 #include "cryptoki.h"
 #include "SoftHSM.h"
 #include "osmutex.h"
@@ -948,6 +947,7 @@ CK_RV SoftHSM::C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_
 	unsigned long eddsaMinSize = 0, eddsaMaxSize = 0;
 #endif
 #ifdef WITH_ML_DSA
+	// ML‑DSA min/max sizes are bytes (PKCS#11 v3.2).
     unsigned long mldsaMinSize = 0, mldsaMaxSize = 0;
 #endif
 
@@ -1050,15 +1050,13 @@ CK_RV SoftHSM::C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_
 #endif
 #ifdef WITH_ML_DSA
 	AsymmetricAlgorithm* mldsa = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::MLDSA);
-	if (mldsa != NULL)
-	{
-		mldsaMinSize = mldsa->getMinKeySize();
-		mldsaMaxSize = mldsa->getMaxKeySize();
-	}
-	else
+	if (mldsa == NULL)
 	{
 		return CKR_GENERAL_ERROR;
 	}
+	// ML‑DSA min/max sizes are bytes (PKCS#11 v3.2).
+	mldsaMinSize = mldsa->getMinKeySize();
+	mldsaMaxSize = mldsa->getMaxKeySize();
 	CryptoFactory::i()->recycleAsymmetricAlgorithm(mldsa);
 #endif
 	pInfo->flags = 0;	// initialize flags
@@ -1353,6 +1351,7 @@ CK_RV SoftHSM::C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_
 #endif
 #ifdef WITH_ML_DSA
 		case CKM_ML_DSA_KEY_PAIR_GEN:
+			// ML‑DSA min/max sizes are bytes (PKCS#11 v3.2).
 			pInfo->ulMinKeySize = mldsaMinSize;
 			pInfo->ulMaxKeySize = mldsaMaxSize;
 			pInfo->flags = CKF_GENERATE_KEY_PAIR;
@@ -4195,7 +4194,9 @@ CK_RV SoftHSM::AsymSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan
 #endif
 #ifdef WITH_ML_DSA
 	bool isMLDSA = false;
-	SIGN_ADDITIONAL_CONTEXT additionalContext = {};
+	SIGN_ADDITIONAL_CONTEXT mldsaParam;
+	void* additionalContext = NULL;
+	size_t additionalContextLen = 0;
 #endif
 	switch(pMechanism->mechanism) {
 		case CKM_RSA_PKCS:
@@ -4468,50 +4469,31 @@ CK_RV SoftHSM::AsymSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan
 			mechanism = AsymMech::MLDSA;
 			bAllowMultiPartOp = false;
 			isMLDSA = true;
-			if (pMechanism->pParameter != NULL_PTR) {
-				if(pMechanism->ulParameterLen != sizeof(CK_SIGN_ADDITIONAL_CONTEXT))
+			if (pMechanism->pParameter == NULL_PTR)
+			{
+				if (pMechanism->ulParameterLen != 0)
 				{
 					ERROR_MSG("Invalid parameters");
 					return CKR_ARGUMENTS_BAD;
 				}
-				else
+			}
+			else
+			{
+				if (pMechanism->ulParameterLen != sizeof(CK_SIGN_ADDITIONAL_CONTEXT))
 				{
-					const CK_SIGN_ADDITIONAL_CONTEXT* ckSignAdditionalContext = (const CK_SIGN_ADDITIONAL_CONTEXT*) pMechanism->pParameter;
-					if (ckSignAdditionalContext->ulContextLen > 255)
-					{
-						ERROR_MSG("ML-DSA: Invalid parameters, context length > 255");
-						return CKR_ARGUMENTS_BAD;
-					}
-					
-					// Always initialize context fields
-					additionalContext.contextAsChar = NULL;
-					additionalContext.contextLength = 0;
-					if (ckSignAdditionalContext->ulContextLen > 0)
-					{
-						if (ckSignAdditionalContext->pContext == NULL)
-						{
-							ERROR_MSG("ML-DSA: Invalid parameters, pContext is NULL");
-							return CKR_ARGUMENTS_BAD;
-						}
-						additionalContext.contextAsChar = (unsigned char*) ckSignAdditionalContext->pContext;
-        				additionalContext.contextLength = ckSignAdditionalContext->ulContextLen;
-					}
-					switch (ckSignAdditionalContext->hedgeVariant) {
-						case CKH_HEDGE_REQUIRED:
-							additionalContext.hedgeType = Hedge::HEDGE_REQUIRED;
-							break;
-						case CKH_DETERMINISTIC_REQUIRED:
-							additionalContext.hedgeType = Hedge::DETERMINISTIC_REQUIRED;
-							break;
-						case CKH_HEDGE_PREFERRED:
-						// Per PKCS11v3.2 section 6.67.5
-						// "If no parameter is supplied the hedgeVariant will be CKH_HEDGE_PREFERRED"
-						default:
-							additionalContext.hedgeType = Hedge::HEDGE_PREFERRED;
-					}
-					param = &additionalContext;
-					paramLen = sizeof(SIGN_ADDITIONAL_CONTEXT);
+					ERROR_MSG("Invalid parameters");
+					return CKR_ARGUMENTS_BAD;
 				}
+				CK_SIGN_ADDITIONAL_CONTEXT* ckSignAdditionalContext = (CK_SIGN_ADDITIONAL_CONTEXT*) pMechanism->pParameter;
+				CK_RV rv = MLDSAUtil::setHedge(ckSignAdditionalContext->hedgeVariant, &mldsaParam);
+				if (rv != CKR_OK) {
+					ERROR_MSG("Invalid parameters");
+					return CKR_ARGUMENTS_BAD;
+				}
+				additionalContext = ckSignAdditionalContext->pContext;
+				additionalContextLen = ckSignAdditionalContext->ulContextLen;
+				param = &mldsaParam;
+				paramLen = sizeof(mldsaParam);
 			}
 			break;
 #endif
@@ -4664,6 +4646,9 @@ CK_RV SoftHSM::AsymSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan
 	session->setAsymmetricCryptoOp(asymCrypto);
 	session->setMechanism(mechanism);
 	session->setParameters(param, paramLen);
+#ifdef WITH_ML_DSA
+	session->setAdditionalContext(additionalContext, additionalContextLen);
+#endif
 	session->setAllowMultiPartOp(bAllowMultiPartOp);
 	session->setAllowSinglePartOp(true);
 	session->setPrivateKey(privateKey);
@@ -4745,6 +4730,8 @@ static CK_RV AsymSign(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, C
 	PrivateKey* privateKey = session->getPrivateKey();
 	size_t paramLen;
 	void* param = session->getParameters(paramLen);
+	size_t additionalContextLen;
+	void* additionalContext = session->getAdditionalContext(additionalContextLen);
 	if (asymCrypto == NULL || !session->getAllowSinglePartOp() || privateKey == NULL)
 	{
 		session->resetOp();
@@ -4794,7 +4781,7 @@ static CK_RV AsymSign(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, C
 			return CKR_GENERAL_ERROR;
 		}
 	}
-	else if (!asymCrypto->sign(privateKey,data,signature,mechanism,param,paramLen))
+	else if (!asymCrypto->sign(privateKey,data,signature,mechanism,param,paramLen,additionalContext,additionalContextLen))
 	{
 		session->resetOp();
 		return CKR_GENERAL_ERROR;
@@ -5275,7 +5262,9 @@ CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
 #endif
 #ifdef WITH_ML_DSA
 	bool isMLDSA = false;
-	SIGN_ADDITIONAL_CONTEXT additionalContext = {};
+	SIGN_ADDITIONAL_CONTEXT mldsaParam;
+	void* additionalContext = NULL;
+	size_t additionalContextLen = 0;
 #endif
 	switch(pMechanism->mechanism) {
 		case CKM_RSA_PKCS:
@@ -5546,48 +5535,31 @@ CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
 			mechanism = AsymMech::MLDSA;
 			bAllowMultiPartOp = false;
 			isMLDSA = true;
-			if (pMechanism->pParameter != NULL_PTR) {
-				if(pMechanism->ulParameterLen != sizeof(CK_SIGN_ADDITIONAL_CONTEXT))
+			if (pMechanism->pParameter == NULL_PTR)
+			{
+				if (pMechanism->ulParameterLen != 0)
 				{
 					ERROR_MSG("Invalid parameters");
 					return CKR_ARGUMENTS_BAD;
 				}
-				else
+			}
+			else
+			{
+				if(pMechanism->ulParameterLen != sizeof(CK_SIGN_ADDITIONAL_CONTEXT))
 				{
-					const CK_SIGN_ADDITIONAL_CONTEXT* ckSignAdditionalContext = (const CK_SIGN_ADDITIONAL_CONTEXT*) pMechanism->pParameter;
-					if (ckSignAdditionalContext->ulContextLen > 255) {
-						ERROR_MSG("ML-DSA: Invalid parameters, context length > 255");
-						return CKR_ARGUMENTS_BAD;
-					}
-					// Always initialize context fields
-					additionalContext.contextAsChar = NULL;
-					additionalContext.contextLength = 0;
-					if (ckSignAdditionalContext->ulContextLen > 0) {
-						if (ckSignAdditionalContext->pContext == NULL)
-						{
-							ERROR_MSG("ML-DSA: Invalid parameters, pContext is NULL");
-							return CKR_ARGUMENTS_BAD;
-						}
-						additionalContext.contextAsChar = (unsigned char*) ckSignAdditionalContext->pContext;
-						additionalContext.contextLength = ckSignAdditionalContext->ulContextLen;
-					}
-
-					switch (ckSignAdditionalContext->hedgeVariant) {
-						case CKH_HEDGE_REQUIRED:
-							additionalContext.hedgeType = Hedge::HEDGE_REQUIRED;
-							break;
-						case CKH_DETERMINISTIC_REQUIRED:
-							additionalContext.hedgeType = Hedge::DETERMINISTIC_REQUIRED;
-							break;
-						// Per PKCS11v3.2 section 6.67.5
-						// "If no parameter is supplied the hedgeVariant will be CKH_HEDGE_PREFERRED"
-						case CKH_HEDGE_PREFERRED:
-						default:
-							additionalContext.hedgeType = Hedge::HEDGE_PREFERRED;
-					}
-					param = &additionalContext;
-					paramLen = sizeof(SIGN_ADDITIONAL_CONTEXT);
+					ERROR_MSG("Invalid parameters");
+					return CKR_ARGUMENTS_BAD;
+				}
+				CK_SIGN_ADDITIONAL_CONTEXT* ckSignAdditionalContext = (CK_SIGN_ADDITIONAL_CONTEXT*) pMechanism->pParameter;
+				CK_RV rv = MLDSAUtil::setHedge(ckSignAdditionalContext->hedgeVariant, &mldsaParam);
+				if (rv != CKR_OK) {
+					ERROR_MSG("Invalid parameters");
+					return CKR_ARGUMENTS_BAD;
 				}
+				additionalContext = ckSignAdditionalContext->pContext;
+				additionalContextLen = ckSignAdditionalContext->ulContextLen;
+				param = &mldsaParam;
+				paramLen = sizeof(mldsaParam);
 			}
 			break;
 #endif
@@ -5734,6 +5706,9 @@ CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
 	session->setAsymmetricCryptoOp(asymCrypto);
 	session->setMechanism(mechanism);
 	session->setParameters(param, paramLen);
+#ifdef WITH_ML_DSA
+	session->setAdditionalContext(additionalContext, additionalContextLen);
+#endif
 	session->setAllowMultiPartOp(bAllowMultiPartOp);
 	session->setAllowSinglePartOp(true);
 	session->setPublicKey(publicKey);
@@ -5803,6 +5778,8 @@ static CK_RV AsymVerify(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
 	PublicKey* publicKey = session->getPublicKey();
 	size_t paramLen;
 	void* param = session->getParameters(paramLen);
+	size_t additionalContextLen;
+	void* additionalContext = session->getAdditionalContext(additionalContextLen);
 	if (asymCrypto == NULL || !session->getAllowSinglePartOp() || publicKey == NULL)
 	{
 		session->resetOp();
@@ -5842,7 +5819,7 @@ static CK_RV AsymVerify(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
 			return CKR_SIGNATURE_INVALID;
 		}
 	}
-	else if (!asymCrypto->verify(publicKey,data,signature,mechanism,param,paramLen))
+	else if (!asymCrypto->verify(publicKey,data,signature,mechanism,param,paramLen,additionalContext,additionalContextLen))
 	{
 		session->resetOp();
 		return CKR_SIGNATURE_INVALID;
@@ -7149,7 +7126,7 @@ CK_RV SoftHSM::UnwrapKeySym
 	SymWrap::Type mode = SymWrap::Unknown;
 	size_t bb = 8;
 	size_t blocksize = 0;
-
+	
 	switch(pMechanism->mechanism) {
 #ifdef HAVE_AES_KEY_WRAP
 		case CKM_AES_KEY_WRAP:
@@ -7195,14 +7172,14 @@ CK_RV SoftHSM::UnwrapKeySym
 	ByteString iv;
 	ByteString decryptedFinal;
 	CK_RV rv = CKR_OK;
-
+	
 	switch(pMechanism->mechanism) {
 
 	case CKM_AES_CBC_PAD:
 	case CKM_DES3_CBC_PAD:
 		iv.resize(blocksize);
 		memcpy(&iv[0], pMechanism->pParameter, blocksize);
-
+		
 		if (!cipher->decryptInit(unwrappingkey, SymMode::CBC, iv, false))
 		{
 			cipher->recycleKey(unwrappingkey);
@@ -7231,7 +7208,7 @@ CK_RV SoftHSM::UnwrapKeySym
 			return CKR_GENERAL_ERROR; // TODO should be another error
 		}
 		break;
-
+		
 	default:
 		// Unwrap the key
 		rv = CKR_OK;
@@ -7522,7 +7499,7 @@ CK_RV SoftHSM::C_UnwrapKey
                             pMechanism->ulParameterLen != 8)
 				return CKR_ARGUMENTS_BAD;
 			break;
-
+			
 		default:
 			return CKR_MECHANISM_INVALID;
 	}
@@ -7566,7 +7543,7 @@ CK_RV SoftHSM::C_UnwrapKey
 	if (pMechanism->mechanism == CKM_DES3_CBC && (unwrapKey->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED) != CKK_DES2 ||
 		unwrapKey->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED) != CKK_DES3))
 		return CKR_WRAPPING_KEY_TYPE_INCONSISTENT;
-
+	
 	// Check if the unwrapping key can be used for unwrapping
 	if (unwrapKey->getBooleanValue(CKA_UNWRAP, false) == false)
 		return CKR_KEY_FUNCTION_NOT_PERMITTED;
@@ -8377,11 +8354,11 @@ CK_RV SoftHSM::generateAES
 	if (rv == CKR_OK)
 	{
 		OSObject* osobject = (OSObject*)handleManager->getObject(*phKey);
-		if (osobject == NULL_PTR || !osobject->isValid())
+		if (osobject == NULL_PTR || !osobject->isValid()) 
         {
 			rv = CKR_FUNCTION_FAILED;
-		}
-        else if (osobject->startTransaction())
+		} 
+        else if (osobject->startTransaction()) 
         {
 			bool bOK = true;
 
@@ -10209,7 +10186,7 @@ CK_RV SoftHSM::generateMLDSA
 
 	// The parameters must be specified to be able to generate a key pair.
 	if (paramSet == 0) {
-		INFO_MSG("Missing parameter(s) in pPublicKeyTemplate");
+		INFO_MSG("Missing parameter(s) CKA_PARAMETER_SET in pPublicKeyTemplate");
 		return CKR_TEMPLATE_INCOMPLETE;
 	}
 
@@ -13150,8 +13127,6 @@ CK_RV SoftHSM::getEDPublicKey(EDPublicKey* publicKey, Token* token, OSObject* ke
 	return CKR_OK;
 }
 
-
-
 CK_RV SoftHSM::getDHPrivateKey(DHPrivateKey* privateKey, Token* token, OSObject* key)
 {
 	if (privateKey == NULL) return CKR_ARGUMENTS_BAD;