forked from wolfSSL/wolfssl
Fix issue with QAT and DH operations where key size is larger than block size. Fix issue with DhAgree in TLS not setting agreeSz, which caused result to not be returned. Renamed the internal.c HashType to HashAlgoToType static function because of name conflict with Cavium. Optimize the Hmac struct to replace keyRaw with ipad. Enable RNG HW for benchmark. Fixed missing AES free in AES 192/256 tests.
This commit is contained in:
David Garske
@ -2673,7 +2673,7 @@ static INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)
|
||||
|
||||
#if !defined(NO_DH) || defined(HAVE_ECC)
|
||||
|
||||
static enum wc_HashType HashType(int hashAlgo)
|
||||
static enum wc_HashType HashAlgoToType(int hashAlgo)
|
||||
{
|
||||
switch (hashAlgo) {
|
||||
#ifdef WOLFSSL_SHA512
|
||||
@ -17070,7 +17070,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
|
||||
DecodeSigAlg(&input[args->idx], &args->hashAlgo,
|
||||
&args->sigAlgo);
|
||||
args->idx += 2;
|
||||
hashType = HashType(args->hashAlgo);
|
||||
hashType = HashAlgoToType(args->hashAlgo);
|
||||
if (hashType == WC_HASH_TYPE_NONE) {
|
||||
ERROR_OUT(ALGO_ID_E, exit_dske);
|
||||
}
|
||||
@ -17343,10 +17343,10 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
|
||||
#ifdef WC_RSA_PSS
|
||||
case rsa_pss_sa_algo:
|
||||
ret = wc_RsaPSS_CheckPadding(
|
||||
ssl->buffers.digest.buffer,
|
||||
ssl->buffers.digest.length,
|
||||
args->output, args->sigSz,
|
||||
HashType(args->hashAlgo));
|
||||
ssl->buffers.digest.buffer,
|
||||
ssl->buffers.digest.length,
|
||||
args->output, args->sigSz,
|
||||
HashAlgoToType(args->hashAlgo));
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
break;
|
||||
@ -18190,6 +18190,8 @@ int SendClientKeyExchange(WOLFSSL* ssl)
|
||||
ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key,
|
||||
ssl->buffers.sig.buffer, &ssl->buffers.sig.length,
|
||||
args->encSecret, &args->encSz);
|
||||
|
||||
ssl->arrays->preMasterSz = ENCRYPT_LEN;
|
||||
break;
|
||||
}
|
||||
#endif /* !NO_DH */
|
||||
@ -20547,7 +20549,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
&args->output[args->idx]);
|
||||
args->idx += 2;
|
||||
|
||||
hashType = HashType(ssl->suites->hashAlgo);
|
||||
hashType = HashAlgoToType(ssl->suites->hashAlgo);
|
||||
if (hashType == WC_HASH_TYPE_NONE) {
|
||||
ERROR_OUT(ALGO_ID_E, exit_sske);
|
||||
}
|
||||
@ -20790,7 +20792,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
&args->output[args->idx]);
|
||||
args->idx += 2;
|
||||
|
||||
hashType = HashType(ssl->suites->hashAlgo);
|
||||
hashType = HashAlgoToType(ssl->suites->hashAlgo);
|
||||
if (hashType == WC_HASH_TYPE_NONE) {
|
||||
ERROR_OUT(ALGO_ID_E, exit_sske);
|
||||
}
|
||||
@ -22385,10 +22387,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
SetDigest(ssl, args->hashAlgo);
|
||||
|
||||
ret = wc_RsaPSS_CheckPadding(
|
||||
ssl->buffers.digest.buffer,
|
||||
ssl->buffers.digest.length,
|
||||
args->output, args->sigSz,
|
||||
HashType(args->hashAlgo));
|
||||
ssl->buffers.digest.buffer,
|
||||
ssl->buffers.digest.length,
|
||||
args->output, args->sigSz,
|
||||
HashAlgoToType(args->hashAlgo));
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -711,7 +711,7 @@ static void* benchmarks_do(void* args)
|
||||
int rngRet;
|
||||
|
||||
#ifndef HAVE_FIPS
|
||||
rngRet = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID);
|
||||
rngRet = wc_InitRng_ex(&rng, HEAP_HINT, devId);
|
||||
#else
|
||||
rngRet = wc_InitRng(&rng);
|
||||
#endif
|
||||
|
||||
@ -261,18 +261,18 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
|
||||
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
|
||||
if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
|
||||
#if defined(HAVE_CAVIUM) || defined(HAVE_INTEL_QA)
|
||||
#if defined(HAVE_CAVIUM)
|
||||
if (length > HMAC_BLOCK_SIZE) {
|
||||
return WC_KEY_SIZE_E;
|
||||
}
|
||||
|
||||
if (key != NULL) {
|
||||
XMEMCPY(hmac->keyRaw, key, length);
|
||||
XMEMCPY(hmac->ipad, key, length);
|
||||
}
|
||||
hmac->keyLen = (word16)length;
|
||||
|
||||
return 0; /* nothing to do here */
|
||||
#endif /* HAVE_CAVIUM || HAVE_INTEL_QA */
|
||||
#endif /* HAVE_CAVIUM */
|
||||
}
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
@ -440,6 +440,18 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
|
||||
if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
|
||||
if (length > hmac_block_size)
|
||||
length = hmac_block_size;
|
||||
/* update key length */
|
||||
hmac->keyLen = (word16)length;
|
||||
|
||||
return ret;
|
||||
/* no need to pad below */
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ret == 0) {
|
||||
if (length < hmac_block_size)
|
||||
XMEMSET(ip + length, 0, hmac_block_size - length);
|
||||
@ -532,7 +544,7 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
|
||||
return NitroxHmacUpdate(hmac, msg, length);
|
||||
#elif defined(HAVE_INTEL_QA)
|
||||
return IntelQaHmac(&hmac->asyncDev, hmac->macType,
|
||||
hmac->keyRaw, hmac->keyLen, NULL, msg, length);
|
||||
(byte*)hmac->ipad, hmac->keyLen, NULL, msg, length);
|
||||
#endif
|
||||
}
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
@ -611,7 +623,7 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
|
||||
return NitroxHmacFinal(hmac, hmac->macType, hash, hashLen);
|
||||
#elif defined(HAVE_INTEL_QA)
|
||||
return IntelQaHmac(&hmac->asyncDev, hmac->macType,
|
||||
hmac->keyRaw, hmac->keyLen, hash, NULL, hashLen);
|
||||
(byte*)hmac->ipad, hmac->keyLen, hash, NULL, hashLen);
|
||||
#endif
|
||||
}
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
@ -4314,7 +4314,6 @@ int aes192_test(void)
|
||||
return -4231;
|
||||
#endif
|
||||
|
||||
|
||||
ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
|
||||
if (ret != 0)
|
||||
return -4232;
|
||||
@ -4344,6 +4343,12 @@ int aes192_test(void)
|
||||
|
||||
if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
|
||||
return -4237;
|
||||
|
||||
wc_AesFree(&enc);
|
||||
#ifdef HAVE_AES_DECRYPT
|
||||
wc_AesFree(&dec);
|
||||
#endif
|
||||
|
||||
#endif /* HAVE_AES_CBC */
|
||||
|
||||
return ret;
|
||||
@ -4394,7 +4399,6 @@ int aes256_test(void)
|
||||
return -4241;
|
||||
#endif
|
||||
|
||||
|
||||
ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
|
||||
if (ret != 0)
|
||||
return -4242;
|
||||
@ -4424,7 +4428,14 @@ int aes256_test(void)
|
||||
|
||||
if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
|
||||
return -4247;
|
||||
|
||||
wc_AesFree(&enc);
|
||||
#ifdef HAVE_AES_DECRYPT
|
||||
wc_AesFree(&dec);
|
||||
#endif
|
||||
|
||||
#endif /* HAVE_AES_CBC */
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@ -157,8 +157,7 @@ typedef struct Hmac {
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
WC_ASYNC_DEV asyncDev;
|
||||
byte keyRaw[HMAC_BLOCK_SIZE];
|
||||
word16 keyLen; /* hmac key length */
|
||||
word16 keyLen; /* hmac key length (key in ipad) */
|
||||
#ifdef HAVE_CAVIUM
|
||||
byte* data; /* buffered input data for one call */
|
||||
word16 dataLen;
|
||||
|
||||
Reference in New Issue
Block a user