forked from wolfSSL/wolfssl
Fix issue with QAT and DH operations where key size is larger than block size. Fix issue with DhAgree in TLS not setting agreeSz, which caused result to not be returned. Renamed the internal.c HashType to HashAlgoToType static function because of name conflict with Cavium. Optimize the Hmac struct to replace keyRaw with ipad. Enable RNG HW for benchmark. Fixed missing AES free in AES 192/256 tests.
This commit is contained in:
David Garske
@@ -2673,7 +2673,7 @@ static INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)
|
|||||||
|
|
||||||
#if !defined(NO_DH) || defined(HAVE_ECC)
|
#if !defined(NO_DH) || defined(HAVE_ECC)
|
||||||
|
|
||||||
static enum wc_HashType HashType(int hashAlgo)
|
static enum wc_HashType HashAlgoToType(int hashAlgo)
|
||||||
{
|
{
|
||||||
switch (hashAlgo) {
|
switch (hashAlgo) {
|
||||||
#ifdef WOLFSSL_SHA512
|
#ifdef WOLFSSL_SHA512
|
||||||
@@ -17070,7 +17070,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
|
|||||||
DecodeSigAlg(&input[args->idx], &args->hashAlgo,
|
DecodeSigAlg(&input[args->idx], &args->hashAlgo,
|
||||||
&args->sigAlgo);
|
&args->sigAlgo);
|
||||||
args->idx += 2;
|
args->idx += 2;
|
||||||
hashType = HashType(args->hashAlgo);
|
hashType = HashAlgoToType(args->hashAlgo);
|
||||||
if (hashType == WC_HASH_TYPE_NONE) {
|
if (hashType == WC_HASH_TYPE_NONE) {
|
||||||
ERROR_OUT(ALGO_ID_E, exit_dske);
|
ERROR_OUT(ALGO_ID_E, exit_dske);
|
||||||
}
|
}
|
||||||
@@ -17343,10 +17343,10 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
|
|||||||
#ifdef WC_RSA_PSS
|
#ifdef WC_RSA_PSS
|
||||||
case rsa_pss_sa_algo:
|
case rsa_pss_sa_algo:
|
||||||
ret = wc_RsaPSS_CheckPadding(
|
ret = wc_RsaPSS_CheckPadding(
|
||||||
ssl->buffers.digest.buffer,
|
ssl->buffers.digest.buffer,
|
||||||
ssl->buffers.digest.length,
|
ssl->buffers.digest.length,
|
||||||
args->output, args->sigSz,
|
args->output, args->sigSz,
|
||||||
HashType(args->hashAlgo));
|
HashAlgoToType(args->hashAlgo));
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ret;
|
return ret;
|
||||||
break;
|
break;
|
||||||
@@ -18190,6 +18190,8 @@ int SendClientKeyExchange(WOLFSSL* ssl)
|
|||||||
ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key,
|
ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key,
|
||||||
ssl->buffers.sig.buffer, &ssl->buffers.sig.length,
|
ssl->buffers.sig.buffer, &ssl->buffers.sig.length,
|
||||||
args->encSecret, &args->encSz);
|
args->encSecret, &args->encSz);
|
||||||
|
|
||||||
|
ssl->arrays->preMasterSz = ENCRYPT_LEN;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
#endif /* !NO_DH */
|
#endif /* !NO_DH */
|
||||||
@@ -20547,7 +20549,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
&args->output[args->idx]);
|
&args->output[args->idx]);
|
||||||
args->idx += 2;
|
args->idx += 2;
|
||||||
|
|
||||||
hashType = HashType(ssl->suites->hashAlgo);
|
hashType = HashAlgoToType(ssl->suites->hashAlgo);
|
||||||
if (hashType == WC_HASH_TYPE_NONE) {
|
if (hashType == WC_HASH_TYPE_NONE) {
|
||||||
ERROR_OUT(ALGO_ID_E, exit_sske);
|
ERROR_OUT(ALGO_ID_E, exit_sske);
|
||||||
}
|
}
|
||||||
@@ -20790,7 +20792,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
&args->output[args->idx]);
|
&args->output[args->idx]);
|
||||||
args->idx += 2;
|
args->idx += 2;
|
||||||
|
|
||||||
hashType = HashType(ssl->suites->hashAlgo);
|
hashType = HashAlgoToType(ssl->suites->hashAlgo);
|
||||||
if (hashType == WC_HASH_TYPE_NONE) {
|
if (hashType == WC_HASH_TYPE_NONE) {
|
||||||
ERROR_OUT(ALGO_ID_E, exit_sske);
|
ERROR_OUT(ALGO_ID_E, exit_sske);
|
||||||
}
|
}
|
||||||
@@ -22385,10 +22387,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
SetDigest(ssl, args->hashAlgo);
|
SetDigest(ssl, args->hashAlgo);
|
||||||
|
|
||||||
ret = wc_RsaPSS_CheckPadding(
|
ret = wc_RsaPSS_CheckPadding(
|
||||||
ssl->buffers.digest.buffer,
|
ssl->buffers.digest.buffer,
|
||||||
ssl->buffers.digest.length,
|
ssl->buffers.digest.length,
|
||||||
args->output, args->sigSz,
|
args->output, args->sigSz,
|
||||||
HashType(args->hashAlgo));
|
HashAlgoToType(args->hashAlgo));
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -711,7 +711,7 @@ static void* benchmarks_do(void* args)
|
|||||||
int rngRet;
|
int rngRet;
|
||||||
|
|
||||||
#ifndef HAVE_FIPS
|
#ifndef HAVE_FIPS
|
||||||
rngRet = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID);
|
rngRet = wc_InitRng_ex(&rng, HEAP_HINT, devId);
|
||||||
#else
|
#else
|
||||||
rngRet = wc_InitRng(&rng);
|
rngRet = wc_InitRng(&rng);
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@@ -261,18 +261,18 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
|
|||||||
|
|
||||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
|
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
|
||||||
if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
|
if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
|
||||||
#if defined(HAVE_CAVIUM) || defined(HAVE_INTEL_QA)
|
#if defined(HAVE_CAVIUM)
|
||||||
if (length > HMAC_BLOCK_SIZE) {
|
if (length > HMAC_BLOCK_SIZE) {
|
||||||
return WC_KEY_SIZE_E;
|
return WC_KEY_SIZE_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (key != NULL) {
|
if (key != NULL) {
|
||||||
XMEMCPY(hmac->keyRaw, key, length);
|
XMEMCPY(hmac->ipad, key, length);
|
||||||
}
|
}
|
||||||
hmac->keyLen = (word16)length;
|
hmac->keyLen = (word16)length;
|
||||||
|
|
||||||
return 0; /* nothing to do here */
|
return 0; /* nothing to do here */
|
||||||
#endif /* HAVE_CAVIUM || HAVE_INTEL_QA */
|
#endif /* HAVE_CAVIUM */
|
||||||
}
|
}
|
||||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||||
|
|
||||||
@@ -440,6 +440,18 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
|
|||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
|
||||||
|
if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
|
||||||
|
if (length > hmac_block_size)
|
||||||
|
length = hmac_block_size;
|
||||||
|
/* update key length */
|
||||||
|
hmac->keyLen = (word16)length;
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
/* no need to pad below */
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
if (length < hmac_block_size)
|
if (length < hmac_block_size)
|
||||||
XMEMSET(ip + length, 0, hmac_block_size - length);
|
XMEMSET(ip + length, 0, hmac_block_size - length);
|
||||||
@@ -532,7 +544,7 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
|
|||||||
return NitroxHmacUpdate(hmac, msg, length);
|
return NitroxHmacUpdate(hmac, msg, length);
|
||||||
#elif defined(HAVE_INTEL_QA)
|
#elif defined(HAVE_INTEL_QA)
|
||||||
return IntelQaHmac(&hmac->asyncDev, hmac->macType,
|
return IntelQaHmac(&hmac->asyncDev, hmac->macType,
|
||||||
hmac->keyRaw, hmac->keyLen, NULL, msg, length);
|
(byte*)hmac->ipad, hmac->keyLen, NULL, msg, length);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||||
@@ -611,7 +623,7 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
|
|||||||
return NitroxHmacFinal(hmac, hmac->macType, hash, hashLen);
|
return NitroxHmacFinal(hmac, hmac->macType, hash, hashLen);
|
||||||
#elif defined(HAVE_INTEL_QA)
|
#elif defined(HAVE_INTEL_QA)
|
||||||
return IntelQaHmac(&hmac->asyncDev, hmac->macType,
|
return IntelQaHmac(&hmac->asyncDev, hmac->macType,
|
||||||
hmac->keyRaw, hmac->keyLen, hash, NULL, hashLen);
|
(byte*)hmac->ipad, hmac->keyLen, hash, NULL, hashLen);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||||
|
|||||||
@@ -4314,7 +4314,6 @@ int aes192_test(void)
|
|||||||
return -4231;
|
return -4231;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
|
ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return -4232;
|
return -4232;
|
||||||
@@ -4344,6 +4343,12 @@ int aes192_test(void)
|
|||||||
|
|
||||||
if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
|
if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
|
||||||
return -4237;
|
return -4237;
|
||||||
|
|
||||||
|
wc_AesFree(&enc);
|
||||||
|
#ifdef HAVE_AES_DECRYPT
|
||||||
|
wc_AesFree(&dec);
|
||||||
|
#endif
|
||||||
|
|
||||||
#endif /* HAVE_AES_CBC */
|
#endif /* HAVE_AES_CBC */
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
@@ -4394,7 +4399,6 @@ int aes256_test(void)
|
|||||||
return -4241;
|
return -4241;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
|
ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return -4242;
|
return -4242;
|
||||||
@@ -4424,7 +4428,14 @@ int aes256_test(void)
|
|||||||
|
|
||||||
if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
|
if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
|
||||||
return -4247;
|
return -4247;
|
||||||
|
|
||||||
|
wc_AesFree(&enc);
|
||||||
|
#ifdef HAVE_AES_DECRYPT
|
||||||
|
wc_AesFree(&dec);
|
||||||
|
#endif
|
||||||
|
|
||||||
#endif /* HAVE_AES_CBC */
|
#endif /* HAVE_AES_CBC */
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -157,8 +157,7 @@ typedef struct Hmac {
|
|||||||
|
|
||||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||||
WC_ASYNC_DEV asyncDev;
|
WC_ASYNC_DEV asyncDev;
|
||||||
byte keyRaw[HMAC_BLOCK_SIZE];
|
word16 keyLen; /* hmac key length (key in ipad) */
|
||||||
word16 keyLen; /* hmac key length */
|
|
||||||
#ifdef HAVE_CAVIUM
|
#ifdef HAVE_CAVIUM
|
||||||
byte* data; /* buffered input data for one call */
|
byte* data; /* buffered input data for one call */
|
||||||
word16 dataLen;
|
word16 dataLen;
|
||||||
|
|||||||
Reference in New Issue
Block a user