Fix Fenrir static analysis findings

[LinuxJedi]

Address Fenrir findings covering missing object attribute enforcement, missing operation termination on error paths, and an authentication fail-open on the SO PIN check.

Attribute enforcement:

• C_CopyObject rejects non-copyable objects (CKR_ACTION_PROHIBITED).
• C_DestroyObject rejects non-destroyable objects (CKR_ACTION_PROHIBITED).
• C_DeriveKey enforces CKA_DERIVE on the base key.
• C_EncapsulateKey/C_DecapsulateKey enforce CKA_ENCAPSULATE/DECAPSULATE and return CKR_KEY_FUNCTION_NOT_PERMITTED.
• C_SetAttributeValue rejects flipping CKA_COPYABLE/CKA_DESTROYABLE from CK_FALSE back to CK_TRUE per PKCS#11 v2.40 sec. 4.4.1.
• CKA_COPYABLE/CKA_DESTROYABLE are now stored via inverted opFlag bits (WP11_FLAG_NOT_COPYABLE/NOT_DESTROYABLE) so the values survive C_GetAttributeValue/C_SetAttributeValue round trips.

CKA_COPYABLE default flips from CK_FALSE to CK_TRUE to match the PKCS#11 spec. The legacy read-back behavior is preserved behind WOLFPKCS11_LEGACY_COPYABLE_FALSE_DEFAULT. The C_CopyObject gate reads the stored flag bit directly via WP11_Object_IsCopyable so the legacy macro never disables copy for objects that explicitly opted in.

Operation termination: C_Encrypt, C_Decrypt, C_EncryptUpdate, C_DecryptUpdate, C_DigestUpdate, C_SignUpdate, C_VerifyUpdate, and C_DigestKey now call WP11_Session_SetOpInitialized(session, 0) on their early-return error paths so a follow-up *Init succeeds. C_DigestKey preserves positive CK_RV returns (e.g. CKR_FUNCTION_NOT_SUPPORTED on WOLFPKCS11_NO_STORE builds) instead of collapsing them to CKR_FUNCTION_FAILED.

SO PIN check: WP11_Slot_CheckSOPin no longer accepts an empty PIN when the SO PIN has not been set. Previously the empty-PIN constant-compare against the zero-length unset PIN returned equal, granting WP11_APP_STATE_RW_SO without authentication.

C_CopyObject and C_DestroyObject now run the COPYABLE/DESTROYABLE gates after the R/W session check so the previously-returned CKR_SESSION_READ_ONLY is preserved for read-only sessions.

Tests: new test_copy_object_not_copyable, test_destroy_object_not_- destroyable, test_derive_key_not_allowed, test_mlkem_encap_decap_- not_permitted, test_op_active_after_data_len_range, test_op_active_- after_update_data_len_range, test_op_active_after_sign_verify_- update_failure, test_op_active_after_digest_key_failure, and WOLFPKCS11_NO_STORE-gated test_op_active_after_digest_key_no_store in pkcs11test/pkcs11v3test, plus a new tests/so_login_uninit_test binary that walks C_Login(CKU_SO, ...) on a fresh uninitialized token. test_copy_object_not_copyable and test_destroy_object_not_- destroyable also assert that the FALSE->TRUE flip is rejected. Several existing helpers (get_generic_key, get_ecc_priv_key, get_aes_128_key, gen_aes_key, the HKDF and ML-KEM templates) now set CKA_DERIVE=CK_TRUE explicitly so they survive the new gate.

README.md documents the new WOLFPKCS11_LEGACY_COPYABLE_FALSE_DEFAULT build define and the spec-compliance behavior changes that callers upgrading from earlier versions need to be aware of.

[Copilot]

Pull request overview

This PR addresses multiple Fenrir static-analysis findings and spec-compliance gaps in wolfPKCS11 by tightening PKCS#11 attribute enforcement, closing an SO-login fail-open condition, and ensuring sessions don’t remain stuck in an “operation active” state after early-return errors.

Changes:

• Enforce CKA_COPYABLE/CKA_DESTROYABLE/CKA_DERIVE/CKA_ENCAPSULATE/CKA_DECAPSULATE gates in the relevant PKCS#11 entry points and prevent CK_FALSE -> CK_TRUE flips for CKA_COPYABLE/CKA_DESTROYABLE.
• Terminate active crypto operations on error paths (so subsequent *Init calls can succeed) and improve C_DigestKey return-code propagation on NO_STORE builds.
• Fix SO PIN authentication to reject login attempts when the SO PIN is not initialized; add/adjust tests and document the WOLFPKCS11_LEGACY_COPYABLE_FALSE_DEFAULT behavior.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
wolfpkcs11/internal.h	Adds new object flag bits and declares helpers for copyable/destroyable checks.
src/internal.c	Fixes SO PIN check behavior; implements copyable/destroyable helpers; updates attribute get/set storage for copyable/destroyable.
src/crypto.c	Adds op-termination on error paths; enforces attribute-based permissions for copy/destroy/derive/encap/decap; adds new op-support helper returning configurable CK_RVs.
tests/pkcs11test.c	Updates key templates to set CKA_DERIVE; adds new regression tests for op-termination and attribute enforcement.
tests/pkcs11v3test.c	Updates ML-KEM validation expectations and adds explicit encap/decap-not-permitted test.
tests/pkcs11mtt.c	Updates helper templates to set CKA_DERIVE consistently.
tests/so_login_uninit_test.c	New regression test binary for the SO PIN unset empty-PIN bypass.
tests/include.am	Adds the new SO PIN regression test program to the build/test harness.
README.md	Documents the legacy copyable-default define and summarizes spec-compliance behavior changes.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.