diff --git a/src/internal.c b/src/internal.c index 63b67805b..be2dd10bc 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4813,6 +4813,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) } XMEMSET(ssl->arrays, 0, sizeof(Arrays)); #if defined(WOLFSSL_TLS13) || defined(WOLFSSL_SNIFFER) + ssl->arrays->preMasterSz = ENCRYPT_LEN; ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN, ssl->heap, DYNAMIC_TYPE_SECRET); if (ssl->arrays->preMasterSecret == NULL) { @@ -19727,6 +19728,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) ERROR_OUT(MEMORY_E, exit_scke); } if (ssl->arrays->preMasterSecret == NULL) { + ssl->arrays->preMasterSz = ENCRYPT_LEN; ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN, ssl->heap, DYNAMIC_TYPE_SECRET); if (ssl->arrays->preMasterSecret == NULL) { @@ -24922,6 +24924,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif if (ssl->arrays->preMasterSecret == NULL) { + ssl->arrays->preMasterSz = ENCRYPT_LEN; ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN, ssl->heap, DYNAMIC_TYPE_SECRET); if (ssl->arrays->preMasterSecret == NULL) { @@ -25778,7 +25781,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Add preMasterSecret */ c16toa(clientSz, pms); - ssl->arrays->preMasterSz += OPAQUE16_LEN + clientSz; + ssl->arrays->preMasterSz = OPAQUE16_LEN + clientSz; pms += ssl->arrays->preMasterSz; /* Use the PSK hint to look up the PSK and add it to the diff --git a/src/keys.c b/src/keys.c index 56ab0786c..0bbaa53af 100644 --- a/src/keys.c +++ b/src/keys.c @@ -3289,6 +3289,7 @@ static int CleanPreMaster(WOLFSSL* ssl) XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_SECRET); ssl->arrays->preMasterSecret = NULL; + ssl->arrays->preMasterSz = 0; return 0; } diff --git a/src/tls.c b/src/tls.c index 1431087a6..144b05ee6 100644 --- a/src/tls.c +++ b/src/tls.c @@ -6392,7 +6392,6 @@ static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl, } if (ret == 0) { - ssl->arrays->preMasterSz = ENCRYPT_LEN; ssl->ecdhCurveOID = ECC_X25519_OID; ret = wc_curve25519_shared_secret_ex(key, peerX25519Key, @@ -6490,7 +6489,6 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) } ssl->ecdhCurveOID = ssl->peerEccKey->dp->oidSum; - ssl->arrays->preMasterSz = ENCRYPT_LEN; do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &keyShareKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); diff --git a/src/tls13.c b/src/tls13.c index fd50831db..73b2cc6e6 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -30,15 +30,15 @@ * NO_PSK * Do not enable Pre-Shared Keys. * TLS13_SUPPORTS_EXPORTERS - * Gaurd to compile out any code for exporter keys. + * Guard to compile out any code for exporter keys. * Feature not supported yet. * WOLFSSL_ASYNC_CRYPT - * Enables the use of asynchornous cryptographic operations. + * Enables the use of asynchronous cryptographic operations. * This is available for ciphers and certificates. * HAVE_CHACHA && HAVE_POLY1305 * Enables use of CHACHA20-POLY1305 ciphersuites. * WOLFSSL_DEBUG_TLS - * Writes out details of TLS 1.3 protocol including hanshake message buffers + * Writes out details of TLS 1.3 protocol including handshake message buffers * and key generation input and output. * WOLFSSL_EARLY_DATA * Allow 0-RTT Handshake using Early Data extensions and handshake message @@ -62,7 +62,7 @@ * WOLFSSL_TLS13_DRAFT_23 * Conform with Draft 23 of the TLS v1.3 specification. * WOLFSSL_TLS13_MIDDLEBOX_COMPAT - * Enable middlebox compatability in the TLS 1.3 handshake. + * Enable middlebox compatibility in the TLS 1.3 handshake. * This includes sending ChangeCipherSpec before encrypted messages and * including a session id. * WOLFSSL_TLS13_SHA512 @@ -861,9 +861,9 @@ static int DeriveMasterSecret(WOLFSSL* ssl) #if defined(HAVE_SESSION_TICKET) /* Length of the resumption label. */ #define RESUMPTION_LABEL_SZ 10 -/* Resumption label for generating PSK assocated with the ticket. */ +/* Resumption label for generating PSK associated with the ticket. */ static const byte resumptionLabel[RESUMPTION_LABEL_SZ+1] = "resumption"; -/* Derive the PSK assocated with the ticket. +/* Derive the PSK associated with the ticket. * * ssl The SSL/TLS object. * nonce The nonce to derive with. @@ -2345,9 +2345,6 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk) if (psk == NULL) return BAD_FUNC_ARG; - if (ssl->options.noPskDheKe && ssl->arrays->preMasterSz != 0) - return PSK_KEY_ERROR; - suite[0] = psk->cipherSuite0; suite[1] = psk->cipherSuite; if (!FindSuiteSSL(ssl, suite)) diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index 8ff761ca1..7b1f9be4e 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -1312,12 +1312,12 @@ static int wc_DhGenerateKeyPair_Async(DhKey* key, WC_RNG* rng, int ret; #if defined(HAVE_INTEL_QA) - word32 sz; + word32 pBits; - /* verify prime is at least 768-bits */ - /* QAT HW must have prime at least 768-bits */ - sz = mp_unsigned_bin_size(&key->p); - if (sz >= (768/8)) { + /* QAT DH sizes: 768, 1024, 1536, 2048, 3072 and 4096 bits */ + pBits = mp_unsigned_bin_size(&key->p) * 8; + if (pBits == 768 || pBits == 1024 || pBits == 1536 || + pBits == 2048 || pBits == 3072 || pBits == 4096) { mp_int x; ret = mp_init(&x); @@ -1918,15 +1918,23 @@ static int wc_DhAgree_Async(DhKey* key, byte* agree, word32* agreeSz, { int ret; -#ifdef HAVE_CAVIUM - /* TODO: Not implemented - use software for now */ - ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz); +#if defined(HAVE_INTEL_QA) + word32 pBits; + + /* QAT DH sizes: 768, 1024, 1536, 2048, 3072 and 4096 bits */ + pBits = mp_unsigned_bin_size(&key->p) * 8; + if (pBits == 768 || pBits == 1024 || pBits == 1536 || + pBits == 2048 || pBits == 3072 || pBits == 4096) { + ret = wc_mp_to_bigint(&key->p, &key->p.raw); + if (ret == MP_OKAY) + ret = IntelQaDhAgree(&key->asyncDev, &key->p.raw, + agree, agreeSz, priv, privSz, otherPub, pubSz); + return ret; + } + +#elif defined(HAVE_CAVIUM) + /* TODO: Not implemented - use software for now */ -#elif defined(HAVE_INTEL_QA) - ret = wc_mp_to_bigint(&key->p, &key->p.raw); - if (ret == MP_OKAY) - ret = IntelQaDhAgree(&key->asyncDev, &key->p.raw, - agree, agreeSz, priv, privSz, otherPub, pubSz); #else /* WOLFSSL_ASYNC_CRYPT_TEST */ if (wc_AsyncTestInit(&key->asyncDev, ASYNC_TEST_DH_AGREE)) { WC_ASYNC_TEST* testDev = &key->asyncDev.test; @@ -1939,9 +1947,11 @@ static int wc_DhAgree_Async(DhKey* key, byte* agree, word32* agreeSz, testDev->dhAgree.pubSz = pubSz; return WC_PENDING_E; } - ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz); #endif + /* otherwise use software DH */ + ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz); + return ret; } #endif /* WOLFSSL_ASYNC_CRYPT */ diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 239f5ce60..16aa57896 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -705,7 +705,9 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz, #endif #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) rng->devId = devId; - rng->seed.devId = devId; + #if defined(WOLF_CRYPTO_CB) + rng->seed.devId = devId; + #endif #else (void)devId; #endif