[Bug]: pkcs11 and WOLFSSL_CTX - cannot verify cert/private key match

[space88man]

Contact Details

shihping.chan@gmail.com

Version

v5.9.0-stable

Description

1. Run the pkcs11 examples with both EC keys and RSA keys: https://github.com/wolfSSL/wolfssl-examples/blob/master/pkcs11/server-tls-pkcs11-ecc.c

2. Before starting the server add the snippet

// works for RSA but does not work for EC
    if (wolfSSL_CTX_check_private_key(ctx) != SSL_SUCCESS) {
        fprintf(stderr, "WARNING: failed to verify cert/private key.\n");
    }

// just above this code
    /* Initialize the server address struct with zeros */
    memset(&servAddr, 0, sizeof(servAddr));

Update: confirmed that if the token has a matching EC public key with the same label it will work.

Reproduction steps

1. Create a softhsm2 token - add RSA2048 key and EC P256 key
2. Run the server/PKCS11 examples with both keys. Note while the code claims to be an EC example it takes both RSA/EC keys if certLabel and privKeyId are pointed correctly.
3. Server will start and connect successfully with openssl s_client

However: with EC keys the private key check fails

In both cases: the actual SSL connections actually do work.

Relevant log output

It is related to a search for a matching public key - if there is no matching public key perhaps the check could fallback to a sign(HSM)/verify(from cert) path.

In the wild it is not common to have the matching public key on device.

# pkcs11spy output
# device does not have matching public key only the private key

14: C_FindObjectsInit
P:2378218; T:0x140737343696640 2026-03-24 22:56:37.416
[in] hSession = 0x2
[in] pTemplate[3]: 
    CKA_CLASS             CKO_PUBLIC_KEY       
    CKA_KEY_TYPE          CKK_EC             
    CKA_LABEL             00000000004bb130 / 7
    742D6563 323536
     t - e c  2 5 6
Returned:  0 CKR_OK

[space88man]

What I have seen other libraries do - pkcs11 engine/opensc/pkcs11-provider

• read attributes on the private key itself - some HSMs include (non-standard) CK_EC_POINT - which gives you the public key; notably Thales Luna does this
• try to find a matching public key by label (as done by wolfSSL); pkcs11 engine does this
• try to find a matching cert by label

Fallback: use the provided cert and perform a small sign/verify round-trip.

References:

• pkcs11-provider: s_server fail: PEM cert with HSM private key fail as it looks for public key on HSM openssl-projects/pkcs11-provider#345

[anhu]

Ooops...Sorry @space88man , Its been a crazy couple of weeks. I'll look into reproducing this tomorrow.

[anhu]

Hi @space88man ,

I have successfully reproduced what you are seeing. I will now pass this to our PKCS11 expert for a fix. Please stay tuned in case he has any questions.

Warm regards, Anthony