diff --git a/src/internal.c b/src/internal.c index 79283d3da..b7956639f 100755 --- a/src/internal.c +++ b/src/internal.c @@ -2673,7 +2673,7 @@ static INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType) #if !defined(NO_DH) || defined(HAVE_ECC) -static enum wc_HashType HashType(int hashAlgo) +static enum wc_HashType HashAlgoToType(int hashAlgo) { switch (hashAlgo) { #ifdef WOLFSSL_SHA512 @@ -17070,7 +17070,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, DecodeSigAlg(&input[args->idx], &args->hashAlgo, &args->sigAlgo); args->idx += 2; - hashType = HashType(args->hashAlgo); + hashType = HashAlgoToType(args->hashAlgo); if (hashType == WC_HASH_TYPE_NONE) { ERROR_OUT(ALGO_ID_E, exit_dske); } @@ -17343,10 +17343,10 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, #ifdef WC_RSA_PSS case rsa_pss_sa_algo: ret = wc_RsaPSS_CheckPadding( - ssl->buffers.digest.buffer, - ssl->buffers.digest.length, - args->output, args->sigSz, - HashType(args->hashAlgo)); + ssl->buffers.digest.buffer, + ssl->buffers.digest.length, + args->output, args->sigSz, + HashAlgoToType(args->hashAlgo)); if (ret != 0) return ret; break; @@ -18190,6 +18190,8 @@ int SendClientKeyExchange(WOLFSSL* ssl) ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key, ssl->buffers.sig.buffer, &ssl->buffers.sig.length, args->encSecret, &args->encSz); + + ssl->arrays->preMasterSz = ENCRYPT_LEN; break; } #endif /* !NO_DH */ @@ -20547,7 +20549,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, &args->output[args->idx]); args->idx += 2; - hashType = HashType(ssl->suites->hashAlgo); + hashType = HashAlgoToType(ssl->suites->hashAlgo); if (hashType == WC_HASH_TYPE_NONE) { ERROR_OUT(ALGO_ID_E, exit_sske); } @@ -20790,7 +20792,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, &args->output[args->idx]); args->idx += 2; - hashType = HashType(ssl->suites->hashAlgo); + hashType = HashAlgoToType(ssl->suites->hashAlgo); if (hashType == WC_HASH_TYPE_NONE) { ERROR_OUT(ALGO_ID_E, exit_sske); } @@ -22385,10 +22387,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, SetDigest(ssl, args->hashAlgo); ret = wc_RsaPSS_CheckPadding( - ssl->buffers.digest.buffer, - ssl->buffers.digest.length, - args->output, args->sigSz, - HashType(args->hashAlgo)); + ssl->buffers.digest.buffer, + ssl->buffers.digest.length, + args->output, args->sigSz, + HashAlgoToType(args->hashAlgo)); if (ret != 0) return ret; } diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 08d022781..c30b6779a 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -711,7 +711,7 @@ static void* benchmarks_do(void* args) int rngRet; #ifndef HAVE_FIPS - rngRet = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID); + rngRet = wc_InitRng_ex(&rng, HEAP_HINT, devId); #else rngRet = wc_InitRng(&rng); #endif diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index 97fa2e2e0..886a838c1 100755 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -261,18 +261,18 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC) if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) { - #if defined(HAVE_CAVIUM) || defined(HAVE_INTEL_QA) + #if defined(HAVE_CAVIUM) if (length > HMAC_BLOCK_SIZE) { return WC_KEY_SIZE_E; } if (key != NULL) { - XMEMCPY(hmac->keyRaw, key, length); + XMEMCPY(hmac->ipad, key, length); } hmac->keyLen = (word16)length; return 0; /* nothing to do here */ - #endif /* HAVE_CAVIUM || HAVE_INTEL_QA */ + #endif /* HAVE_CAVIUM */ } #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -440,6 +440,18 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) return BAD_FUNC_ARG; } +#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC) + if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) { + if (length > hmac_block_size) + length = hmac_block_size; + /* update key length */ + hmac->keyLen = (word16)length; + + return ret; + /* no need to pad below */ + } +#endif + if (ret == 0) { if (length < hmac_block_size) XMEMSET(ip + length, 0, hmac_block_size - length); @@ -532,7 +544,7 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length) return NitroxHmacUpdate(hmac, msg, length); #elif defined(HAVE_INTEL_QA) return IntelQaHmac(&hmac->asyncDev, hmac->macType, - hmac->keyRaw, hmac->keyLen, NULL, msg, length); + (byte*)hmac->ipad, hmac->keyLen, NULL, msg, length); #endif } #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -611,7 +623,7 @@ int wc_HmacFinal(Hmac* hmac, byte* hash) return NitroxHmacFinal(hmac, hmac->macType, hash, hashLen); #elif defined(HAVE_INTEL_QA) return IntelQaHmac(&hmac->asyncDev, hmac->macType, - hmac->keyRaw, hmac->keyLen, hash, NULL, hashLen); + (byte*)hmac->ipad, hmac->keyLen, hash, NULL, hashLen); #endif } #endif /* WOLFSSL_ASYNC_CRYPT */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 460b3f4e1..942f4e0b3 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -4314,7 +4314,6 @@ int aes192_test(void) return -4231; #endif - ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION); if (ret != 0) return -4232; @@ -4344,6 +4343,12 @@ int aes192_test(void) if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) return -4237; + + wc_AesFree(&enc); +#ifdef HAVE_AES_DECRYPT + wc_AesFree(&dec); +#endif + #endif /* HAVE_AES_CBC */ return ret; @@ -4394,7 +4399,6 @@ int aes256_test(void) return -4241; #endif - ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION); if (ret != 0) return -4242; @@ -4424,7 +4428,14 @@ int aes256_test(void) if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) return -4247; + + wc_AesFree(&enc); +#ifdef HAVE_AES_DECRYPT + wc_AesFree(&dec); +#endif + #endif /* HAVE_AES_CBC */ + return 0; } diff --git a/wolfssl/wolfcrypt/hmac.h b/wolfssl/wolfcrypt/hmac.h index 9501b84b6..9085512a9 100644 --- a/wolfssl/wolfcrypt/hmac.h +++ b/wolfssl/wolfcrypt/hmac.h @@ -157,8 +157,7 @@ typedef struct Hmac { #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; - byte keyRaw[HMAC_BLOCK_SIZE]; - word16 keyLen; /* hmac key length */ + word16 keyLen; /* hmac key length (key in ipad) */ #ifdef HAVE_CAVIUM byte* data; /* buffered input data for one call */ word16 dataLen;