From dccabc60a5b956758f65012e1448c26148279b9f Mon Sep 17 00:00:00 2001
From: Stefan Eissing <stefan@eissing.org>
Date: Fri, 16 Dec 2022 09:29:44 +0100
Subject: [PATCH 1/4] Disabling TLSv1.2 session tickets when
 WOLFSSL_OP_NO_TICKET is being set.

There seems to have been a misunderstanding that WOLFSSL_OP_NO_TICKET would only disable tickets
for TLS version lower than 1.2. But it includes 1.2 as well.
---
 src/internal.c |  2 +-
 src/ssl.c      | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index f6becb47c..c58ae3a1e 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -34194,7 +34194,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         if (ssl->ctx->ticketEncCb == NULL
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
                 ||
-                /* SSL_OP_NO_TICKET turns off tickets in < 1.2. Forces
+                /* SSL_OP_NO_TICKET turns off tickets in <= 1.2. Forces
                  * "stateful" tickets for 1.3 so just use the regular
                  * stateless ones. */
                 (!IsAtLeastTLSv1_3(ssl->version) &&
diff --git a/src/ssl.c b/src/ssl.c
index 61d60b583..3398bdcdf 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -13354,6 +13354,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
 #ifdef HAVE_SESSION_TICKET
             if (ssl->options.createTicket && !ssl->options.noTicketTls12) {
                 if ( (ssl->error = SendTicket(ssl)) != 0) {
+                    WOLFSSL_MSG("Thought we need ticket but failed");
                     WOLFSSL_ERROR(ssl->error);
                     return WOLFSSL_FATAL_ERROR;
                 }
@@ -16771,6 +16772,12 @@ cleanup:
 
         ctx->mask = wolf_set_options(ctx->mask, opt);
 
+#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
+        if ((ctx->mask & WOLFSSL_OP_NO_TICKET) == WOLFSSL_OP_NO_TICKET) {
+          ctx->noTicketTls12 = 1;
+        }
+#endif
+
         return ctx->mask;
     }
 
@@ -23552,6 +23559,13 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op)
     #endif
     }
 
+#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
+    if ((ssl->options.mask & WOLFSSL_OP_NO_TICKET) == WOLFSSL_OP_NO_TICKET) {
+      ssl->options.noTicketTls12 = 1;
+    }
+#endif
+
+
     /* in the case of a version change the cipher suites should be reset */
 #ifndef NO_PSK
     havePSK = ssl->options.havePSK;

From 9d0b16097ec6b60f9ea135226557178f532d5d41 Mon Sep 17 00:00:00 2001
From: Stefan Eissing <stefan@eissing.org>
Date: Fri, 16 Dec 2022 09:40:51 +0100
Subject: [PATCH 2/4] Fix builds without session tickets.

---
 src/ssl.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 3398bdcdf..1b04601b4 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -16771,8 +16771,8 @@ cleanup:
             return BAD_FUNC_ARG;
 
         ctx->mask = wolf_set_options(ctx->mask, opt);
-
-#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
+#if defined(HAVE_SESSION_TICKET) && (defined(OPENSSL_EXTRA) \
+        || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL))
         if ((ctx->mask & WOLFSSL_OP_NO_TICKET) == WOLFSSL_OP_NO_TICKET) {
           ctx->noTicketTls12 = 1;
         }
@@ -23559,7 +23559,8 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op)
     #endif
     }
 
-#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
+#if defined(HAVE_SESSION_TICKET) && (defined(OPENSSL_EXTRA) \
+        || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL))
     if ((ssl->options.mask & WOLFSSL_OP_NO_TICKET) == WOLFSSL_OP_NO_TICKET) {
       ssl->options.noTicketTls12 = 1;
     }

From 04b31518ba92e763577b058c0827612cbf4a790a Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Fri, 16 Dec 2022 12:55:37 -0600
Subject: [PATCH 3/4] wolfcrypt/benchmark/benchmark.c: fix calculation of outer
 iteration constant in bench_aesecb_internal(); fix .c.h clash in argument
 name ("useDevId" vs "useDeviceID").

---
 wolfcrypt/benchmark/benchmark.c | 48 ++++++++++++++++-----------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index 3e730d0f7..9a832ccb4 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -3251,9 +3251,9 @@ static void bench_aesecb_internal(int useDeviceID, const byte* key, word32 keySz
     Aes    enc[BENCH_MAX_PENDING];
     double start;
 #ifdef HAVE_FIPS
-    int benchSz = AES_BLOCK_SIZE;
+    static const int benchSz = AES_BLOCK_SIZE;
 #else
-    int benchSz = BENCH_SIZE;
+    static const int benchSz = BENCH_SIZE;
 #endif
 
     /* clear for done cleanup */
@@ -3276,7 +3276,7 @@ static void bench_aesecb_internal(int useDeviceID, const byte* key, word32 keySz
 
     bench_stats_start(&count, &start);
     do {
-        int outer_loop_limit = ((bench_size / AES_BLOCK_SIZE) * 10) + 1;
+        int outer_loop_limit = ((bench_size / benchSz) * 10) + 1;
         for (times = 0;
              times < outer_loop_limit /* numBlocks */ || pending > 0;
             ) {
@@ -3318,7 +3318,7 @@ exit_aes_enc:
 
     bench_stats_start(&count, &start);
     do {
-        int outer_loop_limit = (10 * (bench_size / AES_BLOCK_SIZE)) + 1;
+        int outer_loop_limit = (10 * (bench_size / benchSz)) + 1;
         for (times = 0; times < outer_loop_limit || pending > 0; ) {
             bench_async_poll(&pending);
 
@@ -3571,7 +3571,7 @@ void bench_aesctr(void)
 
 
 #ifdef HAVE_AESCCM
-void bench_aesccm(int useDevId)
+void bench_aesccm(int useDeviceID)
 {
     Aes    enc;
     double start;
@@ -3591,7 +3591,7 @@ void bench_aesccm(int useDevId)
     XMEMSET(bench_additional, 0, AES_AUTH_ADD_SZ);
 
     if ((ret = wc_AesInit(&enc, HEAP_HINT,
-        (useDevId)? devId: INVALID_DEVID)) != 0) {
+        useDeviceID ? devId : INVALID_DEVID)) != 0) {
         printf("wc_AesInit failed, ret = %d\n", ret);
         goto exit;
     }
@@ -3610,7 +3610,7 @@ void bench_aesccm(int useDevId)
         }
         count += i;
     } while (bench_stats_check(start));
-    bench_stats_sym_finish(AES_AAD_STRING("AES-CCM-enc"), useDevId, count,
+    bench_stats_sym_finish(AES_AAD_STRING("AES-CCM-enc"), useDeviceID, count,
         bench_size, start, ret);
     if (ret != 0) {
         printf("wc_AesCcmEncrypt failed, ret = %d\n", ret);
@@ -3626,7 +3626,7 @@ void bench_aesccm(int useDevId)
         }
         count += i;
     } while (bench_stats_check(start));
-    bench_stats_sym_finish(AES_AAD_STRING("AES-CCM-dec"), useDevId, count,
+    bench_stats_sym_finish(AES_AAD_STRING("AES-CCM-dec"), useDeviceID, count,
         bench_size, start, ret);
     if (ret != 0) {
         printf("wc_AesCcmEncrypt failed, ret = %d\n", ret);
@@ -5194,7 +5194,7 @@ void bench_blake2s(void)
 
 #ifdef WOLFSSL_CMAC
 
-static void bench_cmac_helper(int keySz, const char* outMsg, int useDevId)
+static void bench_cmac_helper(int keySz, const char* outMsg, int useDeviceID)
 {
     Cmac    cmac;
     byte    digest[AES_BLOCK_SIZE];
@@ -5212,14 +5212,14 @@ static void bench_cmac_helper(int keySz, const char* outMsg, int useDevId)
         keyType = CAAM_KEYTYPE_AES256;
     }
 
-    if (useDevId &&
+    if (useDeviceID &&
             wc_SECO_GenerateKey(CAAM_GENERATE_KEY, keyGroup, pubKey, 0, keyType,
             keyInfo, &keyID) != 0) {
         printf("Error generating key in hsm\n");
         return;
     }
 #endif
-    (void)useDevId;
+    (void)useDeviceID;
 
     bench_stats_start(&count, &start);
     do {
@@ -5227,14 +5227,14 @@ static void bench_cmac_helper(int keySz, const char* outMsg, int useDevId)
         ret = wc_InitCmac(&cmac, bench_key, keySz, WC_CMAC_AES, NULL);
     #else
         ret = wc_InitCmac_ex(&cmac, bench_key, keySz, WC_CMAC_AES, NULL,
-            HEAP_HINT, (useDevId)? devId: INVALID_DEVID);
+            HEAP_HINT, useDeviceID ? devId : INVALID_DEVID);
     #endif
         if (ret != 0) {
             printf("InitCmac failed, ret = %d\n", ret);
             return;
         }
     #ifdef WOLFSSL_SECO_CAAM
-        if (useDevId) {
+        if (useDeviceID) {
             wc_SECO_CMACSetKeyID(&cmac, keyID);
         }
     #endif
@@ -5257,13 +5257,13 @@ static void bench_cmac_helper(int keySz, const char* outMsg, int useDevId)
     bench_stats_sym_finish(outMsg, 0, count, bench_size, start, ret);
 }
 
-void bench_cmac(int useDevId)
+void bench_cmac(int useDeviceID)
 {
 #ifdef WOLFSSL_AES_128
-    bench_cmac_helper(16, "AES-128-CMAC", useDevId);
+    bench_cmac_helper(16, "AES-128-CMAC", useDeviceID);
 #endif
 #ifdef WOLFSSL_AES_256
-    bench_cmac_helper(32, "AES-256-CMAC", useDevId);
+    bench_cmac_helper(32, "AES-256-CMAC", useDeviceID);
 #endif
 
 }
@@ -6834,7 +6834,7 @@ exit:
 #endif /* HAVE_ECC */
 
 #ifdef HAVE_CURVE25519
-void bench_curve25519KeyGen(int useDevId)
+void bench_curve25519KeyGen(int useDeviceID)
 {
     curve25519_key genKey;
     double start;
@@ -6845,8 +6845,8 @@ void bench_curve25519KeyGen(int useDevId)
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
-            ret = wc_curve25519_init_ex(&genKey, HEAP_HINT, (useDevId)? devId :
-                INVALID_DEVID);
+            ret = wc_curve25519_init_ex(&genKey, HEAP_HINT,
+                                        useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("wc_curve25519_init_ex failed: %d\n", ret);
                 break;
@@ -6861,12 +6861,12 @@ void bench_curve25519KeyGen(int useDevId)
         }
         count += i;
     } while (bench_stats_check(start));
-    bench_stats_asym_finish("CURVE", 25519, desc[2], useDevId, count, start,
+    bench_stats_asym_finish("CURVE", 25519, desc[2], useDeviceID, count, start,
         ret);
 }
 
 #ifdef HAVE_CURVE25519_SHARED_SECRET
-void bench_curve25519KeyAgree(int useDevId)
+void bench_curve25519KeyAgree(int useDeviceID)
 {
     curve25519_key genKey, genKey2;
     double start;
@@ -6876,9 +6876,9 @@ void bench_curve25519KeyAgree(int useDevId)
     word32 x = 0;
 
     wc_curve25519_init_ex(&genKey,  HEAP_HINT,
-        (useDevId)? devId : INVALID_DEVID);
+        useDeviceID ? devId : INVALID_DEVID);
     wc_curve25519_init_ex(&genKey2, HEAP_HINT,
-        (useDevId)? devId : INVALID_DEVID);
+        useDeviceID ? devId : INVALID_DEVID);
 
     ret = wc_curve25519_make_key(&gRng, 32, &genKey);
     if (ret != 0) {
@@ -6906,7 +6906,7 @@ void bench_curve25519KeyAgree(int useDevId)
         count += i;
     } while (bench_stats_check(start));
 exit:
-    bench_stats_asym_finish("CURVE", 25519, desc[3], useDevId, count, start,
+    bench_stats_asym_finish("CURVE", 25519, desc[3], useDeviceID, count, start,
         ret);
 
     wc_curve25519_free(&genKey2);

From 24d7f85016dbab31b12bd8a51c13391bd82df133 Mon Sep 17 00:00:00 2001
From: Anthony Hu <anthony@wolfssl.com>
Date: Fri, 16 Dec 2022 13:42:01 -0500
Subject: [PATCH 4/4] ENABLED_FIPS doesn't hold the version; FIPS_VERSION does.

Found with:

./configure --enable-engine=fips=v2
---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 9f8152115..ae12f7287 100644
--- a/configure.ac
+++ b/configure.ac
@@ -8013,7 +8013,7 @@ then
     AM_CFLAGS="$AM_CFLAGS -DNO_OLD_MD5_NAME"
 fi
 
-if test "$ENABLED_WOLFENGINE" = "yes" && test "$ENABLED_FIPS" != "v2"
+if test "$ENABLED_WOLFENGINE" = "yes" && test "$FIPS_VERSION" != "v2"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PSS_LONG_SALT"
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PSS_SALT_LEN_DISCOVER"