@@ -6532,10 +6532,46 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
65326532 }
65336533 else if (info -> algo_type == WC_ALGO_TYPE_HMAC ) {
65346534 #ifndef NO_HMAC
6535- ret = Pkcs11OpenSession (token , & session , readWrite );
6536- if (ret == 0 ) {
6535+ Hmac * hmac = info -> hmac .hmac ;
6536+
6537+ /* Sign ops are session-scoped; cache the session across
6538+ * multi-call HMAC dispatches. */
6539+ if (hmac != NULL && hmac -> devCtx != NULL ) {
6540+ session .func = token -> func ;
6541+ session .slotId = token -> slotId ;
6542+ session .version = token -> version ;
6543+ session .handle =
6544+ (CK_SESSION_HANDLE )(wc_ptr_t )hmac -> devCtx ;
65376545 ret = Pkcs11Hmac (& session , info );
6538- Pkcs11CloseSession (token , & session );
6546+ if (ret != 0 ||
6547+ hmac -> innerHashKeyed
6548+ != WC_HMAC_INNER_HASH_KEYED_DEV ) {
6549+ Pkcs11CloseSession (token , & session );
6550+ hmac -> devCtx = NULL ;
6551+ /* Don't leave stale DEV state past session close;
6552+ * leave SW state (owned by software fallback). */
6553+ if (hmac -> innerHashKeyed
6554+ == WC_HMAC_INNER_HASH_KEYED_DEV )
6555+ hmac -> innerHashKeyed = 0 ;
6556+ }
6557+ }
6558+ else {
6559+ ret = Pkcs11OpenSession (token , & session , readWrite );
6560+ if (ret == 0 ) {
6561+ ret = Pkcs11Hmac (& session , info );
6562+ if (ret == 0 && hmac != NULL &&
6563+ hmac -> innerHashKeyed
6564+ == WC_HMAC_INNER_HASH_KEYED_DEV ) {
6565+ hmac -> devCtx =
6566+ (void * )(wc_ptr_t )session .handle ;
6567+ }
6568+ else {
6569+ Pkcs11CloseSession (token , & session );
6570+ if (hmac != NULL && hmac -> innerHashKeyed
6571+ == WC_HMAC_INNER_HASH_KEYED_DEV )
6572+ hmac -> innerHashKeyed = 0 ;
6573+ }
6574+ }
65396575 }
65406576 #else
65416577 ret = NOT_COMPILED_IN ;
0 commit comments