Add documentation for HKDF functions. Improve param comments for devId.

doc/dox_comments/header_files/aes.h

@@ -668,13 +668,13 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out,
 
     \param aes   AES keys for encrypt/decrypt process
     \param heap  heap hint to use for memory. Can be NULL
-    \param devId id to use with async crypto. Can be 0
+    \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
 
     _Example_
     \code
     XtsAes aes;
 
-    if(wc_AesXtsInit(&aes, NULL, 0) != 0)
+    if(wc_AesXtsInit(&aes, NULL, INVALID_DEVID) != 0)
     {
         // Handle error
     }
@@ -749,13 +749,13 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key,
                  i.e. 32 for a 16 byte key.
     \param dir   direction, either AES_ENCRYPTION or AES_DECRYPTION
     \param heap  heap hint to use for memory. Can be NULL
-    \param devId id to use with async crypto. Can be 0
+    \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
 
     _Example_
     \code
     XtsAes aes;
 
-    if(wc_AesXtsSetKey(&aes, key, sizeof(key), AES_ENCRYPTION, NULL, 0) != 0)
+    if(wc_AesXtsSetKey(&aes, key, sizeof(key), AES_ENCRYPTION, NULL, INVALID_DEVID) != 0)
     {
         // Handle error
     }
@@ -974,7 +974,7 @@ int wc_AesXtsFree(XtsAes* aes);
 
     \param aes aes structure in to initialize
     \param heap heap hint to use for malloc / free if needed
-    \param devId ID to use with async hardware
+    \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
 
     _Example_
     \code

doc/dox_comments/header_files/cmac.h

@@ -40,7 +40,7 @@ int wc_InitCmac(Cmac* cmac,
     \param type Always WC_CMAC_AES = 1
     \param unused not used, exists for potential future use around compatibility
     \param heap pointer to the heap hint used for dynamic allocation. Typically used with our static memory option. Can be NULL.
-    \param devId ID to use with async hardware. Set to INVALID_DEVID if not using async hardware.
+    \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
 
     _Example_
     \code

doc/dox_comments/header_files/ecc.h

@@ -572,8 +572,8 @@ int wc_ecc_init(ecc_key* key);
     \return MEMORY_E Returned if there is an error allocating memory
 
     \param key pointer to the ecc_key object to initialize
-    \param devId ID to use with async hardware
     \param heap pointer to a heap identifier
+    \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
 
     _Example_
     \code

doc/dox_comments/header_files/hmac.h

@@ -129,6 +129,9 @@ int wolfSSL_GetHmacMaxSize(void);
     optional info into a derived key, which it stores in out. The hash type
     defaults to MD5 if 0 or NULL is given.
 
+    The HMAC configure option is --enable-hmac (on by default) or if building
+    sources directly HAVE_HKDF
+
     \return 0 Returned upon successfully generating a key with the given inputs
     \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
     \return MEMORY_E Returned if there is an error allocating memory
@@ -170,3 +173,439 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
                     const byte* salt, word32 saltSz,
                     const byte* info, word32 infoSz,
                     byte* out, word32 outSz);
+
+
+/*!
+    \ingroup HMAC
+
+    \brief This function provides access to a HMAC Key Derivation Function
+    (HKDF). It utilizes HMAC to convert inKey, with an optional salt
+    into a derived key, which it stores in out. The hash type
+    defaults to MD5 if 0 or NULL is given.
+
+    The HMAC configure option is --enable-hmac (on by default) or if building
+    sources directly HAVE_HKDF
+
+    \return 0 Returned upon successfully generating a key with the given inputs
+    \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
+    \return MEMORY_E Returned if there is an error allocating memory
+    \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
+    and the key length specified is shorter than the minimum acceptable FIPS
+    standard
+
+    \param type hash type to use for the HKDF. Valid types are: WC_MD5, WC_SHA,
+    WC_SHA256, WC_SHA384, WC_SHA512, WC_SHA3_224, WC_SHA3_256, WC_SHA3_384 or
+    WC_SHA3_512
+    \param salt pointer to a buffer containing an optional salt. Use NULL
+    instead if not using a salt
+    \param saltSz length of the salt. Use 0 if not using a salt
+    \param inKey pointer to the buffer containing the key to use for KDF
+    \param inKeySz length of the input key
+    \param out pointer to the buffer in which to store the derived key
+
+    _Example_
+    \code
+    byte key[] = { // initialize with key };
+    byte salt[] = { // initialize with salt };
+    byte derivedKey[MAX_DIGEST_SIZE];
+
+    int ret = wc_HKDF_Extract(WC_SHA512, salt, sizeof(salt), key, sizeof(key),
+        derivedKey);
+    if ( ret != 0 ) {
+	    // error generating derived key
+    }
+    \endcode
+
+    \sa wc_HKDF
+    \sa wc_HKDF_Extract_ex
+    \sa wc_HKDF_Expand
+    \sa wc_HKDF_Expand_ex
+*/
+int wc_HKDF_Extract(
+    int type,
+    const byte* salt, word32 saltSz,
+    const byte* inKey, word32 inKeySz,
+    byte* out);
+
+/*!
+    \ingroup HMAC
+
+    \brief This function provides access to a HMAC Key Derivation Function
+    (HKDF). It utilizes HMAC to convert inKey, with an optional salt
+    into a derived key, which it stores in out. The hash type
+    defaults to MD5 if 0 or NULL is given. This is the _ex version adding
+    heap hint and device identifier.
+
+    The HMAC configure option is --enable-hmac (on by default) or if building
+    sources directly HAVE_HKDF
+
+    \return 0 Returned upon successfully generating a key with the given inputs
+    \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
+    \return MEMORY_E Returned if there is an error allocating memory
+    \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
+    and the key length specified is shorter than the minimum acceptable FIPS
+    standard
+
+    \param type hash type to use for the HKDF. Valid types are: WC_MD5, WC_SHA,
+    WC_SHA256, WC_SHA384, WC_SHA512, WC_SHA3_224, WC_SHA3_256, WC_SHA3_384 or
+    WC_SHA3_512
+    \param salt pointer to a buffer containing an optional salt. Use NULL
+    instead if not using a salt
+    \param saltSz length of the salt. Use 0 if not using a salt
+    \param inKey pointer to the buffer containing the key to use for KDF
+    \param inKeySz length of the input key
+    \param out pointer to the buffer in which to store the derived key
+    \param heap  heap hint to use for memory. Can be NULL
+    \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
+
+    _Example_
+    \code
+    byte key[] = { // initialize with key };
+    byte salt[] = { // initialize with salt };
+    byte derivedKey[MAX_DIGEST_SIZE];
+
+    int ret = wc_HKDF_Extract_ex(WC_SHA512, salt, sizeof(salt), key, sizeof(key),
+        derivedKey, NULL, INVALID_DEVID);
+    if ( ret != 0 ) {
+	    // error generating derived key
+    }
+    \endcode
+
+    \sa wc_HKDF
+    \sa wc_HKDF_Extract
+    \sa wc_HKDF_Expand
+    \sa wc_HKDF_Expand_ex
+*/
+int wc_HKDF_Extract_ex(
+    int type,
+    const byte* salt, word32 saltSz,
+    const byte* inKey, word32 inKeySz,
+    byte* out,
+    void* heap, int devId);
+
+/*!
+    \ingroup HMAC
+
+    \brief This function provides access to a HMAC Key Derivation Function
+    (HKDF). It utilizes HMAC to convert inKey, with optional info into a
+    derived key, which it stores in out. The hash type
+    defaults to MD5 if 0 or NULL is given.
+
+    The HMAC configure option is --enable-hmac (on by default) or if building
+    sources directly HAVE_HKDF
+
+    \return 0 Returned upon successfully generating a key with the given inputs
+    \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
+    \return MEMORY_E Returned if there is an error allocating memory
+    \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
+    and the key length specified is shorter than the minimum acceptable FIPS
+    standard
+
+    \param type hash type to use for the HKDF. Valid types are: WC_MD5, WC_SHA,
+    WC_SHA256, WC_SHA384, WC_SHA512, WC_SHA3_224, WC_SHA3_256, WC_SHA3_384 or
+    WC_SHA3_512
+    \param inKey pointer to the buffer containing the key to use for KDF
+    \param inKeySz length of the input key
+    \param info pointer to a buffer containing optional additional info.
+    Use NULL if not appending extra info
+    \param infoSz length of additional info. Use 0 if not using additional info
+    \param out pointer to the buffer in which to store the derived key
+    \param outSz space available in the output buffer to store the
+    generated key
+
+    _Example_
+    \code
+    byte key[] = { // initialize with key };
+    byte salt[] = { // initialize with salt };
+    byte derivedKey[MAX_DIGEST_SIZE];
+
+    int ret = wc_HKDF_Expand(WC_SHA512, key, sizeof(key), NULL, 0,
+        derivedKey, sizeof(derivedKey));
+    if ( ret != 0 ) {
+	    // error generating derived key
+    }
+    \endcode
+
+    \sa wc_HKDF
+    \sa wc_HKDF_Extract
+    \sa wc_HKDF_Extract_ex
+    \sa wc_HKDF_Expand_ex
+*/
+int wc_HKDF_Expand(
+    int type,
+    const byte* inKey, word32 inKeySz,
+    const byte* info, word32 infoSz,
+    byte* out, word32 outSz);
+
+/*!
+    \ingroup HMAC
+
+    \brief This function provides access to a HMAC Key Derivation Function
+    (HKDF). It utilizes HMAC to convert inKey, with optional info into a
+    derived key, which it stores in out. The hash type
+    defaults to MD5 if 0 or NULL is given. This is the _ex version adding
+    heap hint and device identifier.
+
+    The HMAC configure option is --enable-hmac (on by default) or if building
+    sources directly HAVE_HKDF
+
+    \return 0 Returned upon successfully generating a key with the given inputs
+    \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
+    \return MEMORY_E Returned if there is an error allocating memory
+    \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
+    and the key length specified is shorter than the minimum acceptable FIPS
+    standard
+
+    \param type hash type to use for the HKDF. Valid types are: WC_MD5, WC_SHA,
+    WC_SHA256, WC_SHA384, WC_SHA512, WC_SHA3_224, WC_SHA3_256, WC_SHA3_384 or
+    WC_SHA3_512
+    \param inKey pointer to the buffer containing the key to use for KDF
+    \param inKeySz length of the input key
+    \param info pointer to a buffer containing optional additional info.
+    Use NULL if not appending extra info
+    \param infoSz length of additional info. Use 0 if not using additional info
+    \param out pointer to the buffer in which to store the derived key
+    \param outSz space available in the output buffer to store the
+    generated key
+    \param heap  heap hint to use for memory. Can be NULL
+    \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
+
+    _Example_
+    \code
+    byte key[] = { // initialize with key };
+    byte salt[] = { // initialize with salt };
+    byte derivedKey[MAX_DIGEST_SIZE];
+
+    int ret = wc_HKDF_Expand_ex(WC_SHA512, key, sizeof(key), NULL, 0,
+        derivedKey, sizeof(derivedKey), NULL, INVALID_DEVID);
+    if ( ret != 0 ) {
+	    // error generating derived key
+    }
+    \endcode
+
+    \sa wc_HKDF
+    \sa wc_HKDF_Extract
+    \sa wc_HKDF_Extract_ex
+    \sa wc_HKDF_Expand
+*/
+int wc_HKDF_Expand_ex(
+    int type,
+    const byte* inKey, word32 inKeySz,
+    const byte* info, word32 infoSz,
+    byte* out, word32 outSz,
+    void* heap, int devId);
+
+/*!
+    \ingroup HMAC
+
+    \brief This function provides access to RFC 5869
+    HMAC-based Extract-and-Expand Key Derivation Function (HKDF) for TLS v1.3
+    key derivation
+
+    \return 0 Returned upon successfully generating a key with the given inputs
+    \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
+    \return MEMORY_E Returned if there is an error allocating memory
+    \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
+    and the key length specified is shorter than the minimum acceptable FIPS
+    standard
+
+    \param prk     Generated pseudorandom key
+    \param salt    salt.
+    \param saltLen length of the salt
+    \param ikm     pointer to putput for keying material
+    \param ikmLen  length of the input keying material buffer
+    \param digest  hash type to use for the HKDF. Valid types are: WC_SHA256, WC_SHA384 or WC_SHA512
+
+    _Example_
+    \code
+    byte secret[] = { // initialize with random key };
+    byte salt[] = { // initialize with optional salt };
+    byte masterSecret[MAX_DIGEST_SIZE];
+
+    int ret = wc_Tls13_HKDF_Extract(secret, salt, sizeof(salt), 0,
+        masterSecret, sizeof(masterSecret), WC_SHA512);
+    if ( ret != 0 ) {
+	    // error generating derived key
+    }
+    \endcode
+
+    \sa wc_HKDF
+    \sa wc_HKDF_Extract
+    \sa wc_HKDF_Extract_ex
+    \sa wc_HKDF_Expand
+    \sa wc_Tls13_HKDF_Extract_ex
+*/
+int wc_Tls13_HKDF_Extract(
+    byte* prk,
+    const byte* salt, word32 saltLen,
+    byte* ikm, word32 ikmLen, int digest);
+
+/*!
+    \ingroup HMAC
+
+    \brief This function provides access to RFC 5869
+    HMAC-based Extract-and-Expand Key Derivation Function (HKDF) for TLS v1.3
+    key derivation. This is the _ex version adding heap hint and device identifier.
+
+    \return 0 Returned upon successfully generating a key with the given inputs
+    \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
+    \return MEMORY_E Returned if there is an error allocating memory
+    \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
+    and the key length specified is shorter than the minimum acceptable FIPS
+    standard
+
+    \param prk     Generated pseudorandom key
+    \param salt    Salt.
+    \param saltLen Length of the salt
+    \param ikm     Pointer to output for keying material
+    \param ikmLen  Length of the input keying material buffer
+    \param digest  Hash type to use for the HKDF. Valid types are: WC_SHA256, WC_SHA384 or WC_SHA512
+    \param heap    Heap hint to use for memory. Can be NULL
+    \param devId   ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
+
+    _Example_
+    \code
+    byte secret[] = { // initialize with random key };
+    byte salt[] = { // initialize with optional salt };
+    byte masterSecret[MAX_DIGEST_SIZE];
+
+    int ret = wc_Tls13_HKDF_Extract_ex(secret, salt, sizeof(salt), 0,
+        masterSecret, sizeof(masterSecret), WC_SHA512, NULL, INVALID_DEVID);
+    if ( ret != 0 ) {
+	    // error generating derived key
+    }
+    \endcode
+
+    \sa wc_HKDF
+    \sa wc_HKDF_Extract
+    \sa wc_HKDF_Extract_ex
+    \sa wc_HKDF_Expand
+    \sa wc_Tls13_HKDF_Extract
+*/
+int wc_Tls13_HKDF_Extract_ex(
+    byte* prk,
+    const byte* salt, word32 saltLen,
+    byte* ikm, word32 ikmLen, int digest,
+    void* heap, int devId);
+
+/*!
+    \ingroup HMAC
+
+    \brief Expand data using HMAC, salt and label and info. TLS v1.3 defines
+    this function for key derivation. This is the _ex version adding heap hint
+    and device identifier.
+
+    \return 0 Returned upon successfully generating a key with the given inputs
+    \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
+    \return MEMORY_E Returned if there is an error allocating memory
+    \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
+    and the key length specified is shorter than the minimum acceptable FIPS
+    standard
+
+    \param okm         Generated pseudorandom key - output key material.
+    \param okmLen      Length of generated pseudorandom key - output key material.
+    \param prk         Salt - pseudo-random key.
+    \param prkLen      Length of the salt - pseudo-random key.
+    \param protocol    TLS protocol label.
+    \param protocolLen Length of the TLS protocol label.
+    \param info        Information to expand.
+    \param infoLen     Length of the information.
+    \param digest      Hash type to use for the HKDF. Valid types are: WC_SHA256, WC_SHA384 or WC_SHA512
+    \param heap        Heap hint to use for memory. Can be NULL
+    \param devId       ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
+
+    \sa wc_HKDF
+    \sa wc_HKDF_Extract
+    \sa wc_HKDF_Extract_ex
+    \sa wc_HKDF_Expand
+    \sa wc_Tls13_HKDF_Expand_Label
+    \sa wc_Tls13_HKDF_Expand_Label_Alloc
+*/
+int wc_Tls13_HKDF_Expand_Label_ex(
+    byte* okm, word32 okmLen,
+    const byte* prk, word32 prkLen,
+    const byte* protocol, word32 protocolLen,
+    const byte* label, word32 labelLen,
+    const byte* info, word32 infoLen,
+    int digest,
+    void* heap, int devId);
+
+/*!
+    \ingroup HMAC
+
+    \brief Expand data using HMAC, salt and label and info. TLS v1.3 defines
+    this function for key derivation. This is the _ex version adding heap hint
+    and device identifier.
+
+    \return 0 Returned upon successfully generating a key with the given inputs
+    \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
+    \return MEMORY_E Returned if there is an error allocating memory
+    \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
+    and the key length specified is shorter than the minimum acceptable FIPS
+    standard
+
+    \param okm         Generated pseudorandom key - output key material.
+    \param okmLen      Length of generated pseudorandom key - output key material.
+    \param prk         Salt - pseudo-random key.
+    \param prkLen      Length of the salt - pseudo-random key.
+    \param protocol    TLS protocol label.
+    \param protocolLen Length of the TLS protocol label.
+    \param info        Information to expand.
+    \param infoLen     Length of the information.
+    \param digest      Hash type to use for the HKDF. Valid types are: WC_SHA256, WC_SHA384 or WC_SHA512
+
+    \sa wc_HKDF
+    \sa wc_HKDF_Extract
+    \sa wc_HKDF_Extract_ex
+    \sa wc_HKDF_Expand
+    \sa wc_Tls13_HKDF_Expand_Label_ex
+    \sa wc_Tls13_HKDF_Expand_Label_Alloc
+*/
+int wc_Tls13_HKDF_Expand_Label(
+    byte* okm, word32 okmLen,
+    const byte* prk, word32 prkLen,
+    const byte* protocol, word32 protocolLen,
+    const byte* label, word32 labelLen,
+    const byte* info, word32 infoLen,
+    int digest);
+
+/*!
+    \ingroup HMAC
+
+    \brief This functions is very similar to wc_Tls13_HKDF_Expand_Label(), but it
+    allocates memory if the stack space usually used isn't enough. Expand data
+    using HMAC, salt and label and info. TLS v1.3 defines this function for
+    key derivation. This is the _ex version adding heap hint and device identifier.
+
+    \return 0 Returned upon successfully generating a key with the given inputs
+    \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
+    \return MEMORY_E Returned if there is an error allocating memory
+    \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
+    and the key length specified is shorter than the minimum acceptable FIPS
+    standard
+
+    \param okm         Generated pseudorandom key - output key material.
+    \param okmLen      Length of generated pseudorandom key - output key material.
+    \param prk         Salt - pseudo-random key.
+    \param prkLen      Length of the salt - pseudo-random key.
+    \param protocol    TLS protocol label.
+    \param protocolLen Length of the TLS protocol label.
+    \param info        Information to expand.
+    \param infoLen     Length of the information.
+    \param digest      Hash type to use for the HKDF. Valid types are: WC_SHA256, WC_SHA384 or WC_SHA512
+    \param heap        Heap hint to use for memory. Can be NULL
+
+    \sa wc_HKDF
+    \sa wc_HKDF_Extract
+    \sa wc_HKDF_Extract_ex
+    \sa wc_HKDF_Expand
+    \sa wc_Tls13_HKDF_Expand_Label
+    \sa wc_Tls13_HKDF_Expand_Label_ex
+*/
+int wc_Tls13_HKDF_Expand_Label_Alloc(
+    byte* okm, word32 okmLen,
+    const byte* prk, word32 prkLen,
+    const byte* protocol, word32 protocolLen,
+    const byte* label, word32 labelLen,
+    const byte* info, word32 infoLen,
+    int digest, void* heap);

doc/dox_comments/header_files/rsa.h

@@ -56,7 +56,7 @@ int  wc_InitRsaKey(RsaKey* key, void* heap);
     \param heap pointer to a heap identifier, for use with memory overrides,
     allowing custom handling of memory allocation. This heap will be the
     default used when allocating memory for use with this RSA object
-    \param devId ID to use with hardware device
+    \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
 
     _Example_
     \code

doc/dox_comments/header_files/ssl.h

@@ -3041,7 +3041,7 @@ int  wolfSSL_library_init(void);
     \return BAD_FUNC_ARG if ssl is NULL.
 
     \param ssl pointer to a SSL object, created with wolfSSL_new().
-    \param devId ID to use with async hardware
+    \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
 
     _Example_
     \code
@@ -3064,7 +3064,7 @@ int wolfSSL_SetDevId(WOLFSSL* ssl, int devId);
     \return BAD_FUNC_ARG if ssl is NULL.
 
     \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
-    \param devId ID to use with async hardware
+    \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
 
     _Example_
     \code

src/tls13.c

@@ -187,21 +187,7 @@ static WC_INLINE int GetMsgHash(WOLFSSL* ssl, byte* hash);
 #endif
 
 /* Expand data using HMAC, salt and label and info.
- * TLS v1.3 defines this function. Use callback if available.
+ * TLS v1.3 defines this function. Use callback if available. */
- *
- * ssl          The SSL/TLS object.
- * okm          The generated pseudorandom key - output key material.
- * okmLen       The length of generated pseudorandom key -
- *              output key material.
- * prk          The salt - pseudo-random key.
- * prkLen       The length of the salt - pseudo-random key.
- * protocol     The TLS protocol label.
- * protocolLen  The length of the TLS protocol label.
- * info         The information to expand.
- * infoLen      The length of the information.
- * digest       The type of digest to use.
- * returns 0 on success, otherwise failure.
- */
 static int Tls13HKDFExpandLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
                                 const byte* prk, word32 prkLen,
                                 const byte* protocol, word32 protocolLen,
@@ -241,9 +227,8 @@ static int Tls13HKDFExpandLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
     return ret;
 }
 
-/* Same as above, but pass in the side we are expanding for.
+/* Same as above, but pass in the side we are expanding for:
- *
+ * side: either WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END.
- * side      The side (WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END).
  */
 static int Tls13HKDFExpandKeyLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
                                    const byte* prk, word32 prkLen,

wolfcrypt/src/kdf.c

@@ -353,14 +353,6 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
 
     /* Extract data using HMAC, salt and input.
      * RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
-     *
-     * prk      The generated pseudorandom key.
-     * salt     The salt.
-     * saltLen  The length of the salt.
-     * ikm      The input keying material.
-     * ikmLen   The length of the input keying material.
-     * digest   The type of digest to use.
-     * returns 0 on success, otherwise failure.
      */
     int wc_Tls13_HKDF_Extract_ex(byte* prk, const byte* salt, word32 saltLen,
         byte* ikm, word32 ikmLen, int digest, void* heap, int devId)
@@ -436,20 +428,7 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
     }
 
     /* Expand data using HMAC, salt and label and info.
-     * TLS v1.3 defines this function.
+     * TLS v1.3 defines this function. */
-     *
-     * okm          The generated pseudorandom key - output key material.
-     * okmLen       The length of generated pseudorandom key -
-     *              output key material.
-     * prk          The salt - pseudo-random key.
-     * prkLen       The length of the salt - pseudo-random key.
-     * protocol     The TLS protocol label.
-     * protocolLen  The length of the TLS protocol label.
-     * info         The information to expand.
-     * infoLen      The length of the information.
-     * digest       The type of digest to use.
-     * returns 0 on success, otherwise failure.
-     */
     int wc_Tls13_HKDF_Expand_Label_ex(byte* okm, word32 okmLen,
                                  const byte* prk, word32 prkLen,
                                  const byte* protocol, word32 protocolLen,
@@ -556,24 +535,7 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
 #if defined(WOLFSSL_TICKET_NONCE_MALLOC) &&                                    \
     (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
     /* Expand data using HMAC, salt and label and info.
-     * TLS v1.3 defines this function.
+     * TLS v1.3 defines this function. */
-     *
-     * okm          The generated pseudorandom key - output key material.
-     * okmLen       The length of generated pseudorandom key -
-     *              output key material.
-     * prk          The salt - pseudo-random key.
-     * prkLen       The length of the salt - pseudo-random key.
-     * protocol     The TLS protocol label.
-     * protocolLen  The length of the TLS protocol label.
-     * info         The information to expand.
-     * infoLen      The length of the information.
-     * digest       The type of digest to use.
-     *
-     * This functions is very similar to wc_Tls13_HKDF_Expand_Label() but it
-     * allocate memory if the stack space usually used isn't enough.
-     *
-     * returns 0 on success, otherwise failure.
-     */
     int wc_Tls13_HKDF_Expand_Label_Alloc(byte* okm, word32 okmLen,
         const byte* prk, word32 prkLen, const byte* protocol,
         word32 protocolLen, const byte* label, word32 labelLen,