feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix one shot hash routines to attempt offloading to crypto callbacks. Fix random.c health test to use devId. Fix FIPS unused "ssl".

Browse Source
This commit is contained in:
David Garske
2023-12-19 11:20:18 -08:00
parent 2001d1c74b
commit fb5eab8f79
4 changed files with 143 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/tls13.c
View File

@ -1142,6 +1142,7 @@ static int Tls13_HKDF_Extract(WOLFSSL *ssl, byte* prk, const byte* salt,
ssl->heap, ssl->devId); ssl->heap, ssl->devId);
#else #else
ret = wc_Tls13_HKDF_Extract(prk, salt, saltLen, ikm, ikmLen, digest); ret = wc_Tls13_HKDF_Extract(prk, salt, saltLen, ikm, ikmLen, digest);
(void)ssl;
#endif #endif
} }
return ret; return ret;

3
wolfcrypt/src/cryptocb.c
View File

@ -1446,7 +1446,8 @@ int wc_CryptoCb_DefaultDevID(void)
#elif defined(WC_USE_DEVID) #elif defined(WC_USE_DEVID)
ret = WC_USE_DEVID; ret = WC_USE_DEVID;
#else #else
ret = INVALID_DEVID; /* try first available */
ret = wc_CryptoCb_GetDevIdAtIndex(0);
#endif #endif
return ret; return ret;

105
wolfcrypt/src/hash.c
View File

@ -1302,6 +1302,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E; return MEMORY_E;
#endif #endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitMd5_ex(md5, heap, devId)) != 0) { if ((ret = wc_InitMd5_ex(md5, heap, devId)) != 0) {
WOLFSSL_MSG("InitMd5 failed"); WOLFSSL_MSG("InitMd5 failed");
} }
@ -1344,6 +1351,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E; return MEMORY_E;
#endif #endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSha_ex(sha, heap, devId)) != 0) { if ((ret = wc_InitSha_ex(sha, heap, devId)) != 0) {
WOLFSSL_MSG("InitSha failed"); WOLFSSL_MSG("InitSha failed");
} }
@ -1387,6 +1401,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E; return MEMORY_E;
#endif #endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSha224_ex(sha224, heap, devId)) != 0) { if ((ret = wc_InitSha224_ex(sha224, heap, devId)) != 0) {
WOLFSSL_MSG("InitSha224 failed"); WOLFSSL_MSG("InitSha224 failed");
} }
@ -1430,6 +1451,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E; return MEMORY_E;
#endif #endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSha256_ex(sha256, heap, devId)) != 0) { if ((ret = wc_InitSha256_ex(sha256, heap, devId)) != 0) {
WOLFSSL_MSG("InitSha256 failed"); WOLFSSL_MSG("InitSha256 failed");
} }
@ -1477,6 +1505,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E; return MEMORY_E;
#endif #endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSha512_ex(sha512, heap, devId)) != 0) { if ((ret = wc_InitSha512_ex(sha512, heap, devId)) != 0) {
WOLFSSL_MSG("InitSha512 failed"); WOLFSSL_MSG("InitSha512 failed");
} }
@ -1519,6 +1554,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E; return MEMORY_E;
#endif #endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSha512_224_ex(sha512, heap, devId)) != 0) { if ((ret = wc_InitSha512_224_ex(sha512, heap, devId)) != 0) {
WOLFSSL_MSG("wc_InitSha512_224 failed"); WOLFSSL_MSG("wc_InitSha512_224 failed");
} }
@ -1564,6 +1606,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E; return MEMORY_E;
#endif #endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSha512_256_ex(sha512, heap, devId)) != 0) { if ((ret = wc_InitSha512_256_ex(sha512, heap, devId)) != 0) {
WOLFSSL_MSG("wc_InitSha512_256 failed"); WOLFSSL_MSG("wc_InitSha512_256 failed");
} }
@ -1610,6 +1659,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E; return MEMORY_E;
#endif #endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSha384_ex(sha384, heap, devId)) != 0) { if ((ret = wc_InitSha384_ex(sha384, heap, devId)) != 0) {
WOLFSSL_MSG("InitSha384 failed"); WOLFSSL_MSG("InitSha384 failed");
} }
@ -1654,6 +1710,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E; return MEMORY_E;
#endif #endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSha3_224(sha3, heap, devId)) != 0) { if ((ret = wc_InitSha3_224(sha3, heap, devId)) != 0) {
WOLFSSL_MSG("InitSha3_224 failed"); WOLFSSL_MSG("InitSha3_224 failed");
} }
@ -1697,6 +1760,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E; return MEMORY_E;
#endif #endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSha3_256(sha3, heap, devId)) != 0) { if ((ret = wc_InitSha3_256(sha3, heap, devId)) != 0) {
WOLFSSL_MSG("InitSha3_256 failed"); WOLFSSL_MSG("InitSha3_256 failed");
} }
@ -1740,6 +1810,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E; return MEMORY_E;
#endif #endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSha3_384(sha3, heap, devId)) != 0) { if ((ret = wc_InitSha3_384(sha3, heap, devId)) != 0) {
WOLFSSL_MSG("InitSha3_384 failed"); WOLFSSL_MSG("InitSha3_384 failed");
} }
@ -1783,6 +1860,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E; return MEMORY_E;
#endif #endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSha3_512(sha3, heap, devId)) != 0) { if ((ret = wc_InitSha3_512(sha3, heap, devId)) != 0) {
WOLFSSL_MSG("InitSha3_512 failed"); WOLFSSL_MSG("InitSha3_512 failed");
} }
@ -1826,6 +1910,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E; return MEMORY_E;
#endif #endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitShake128(shake, heap, devId)) != 0) { if ((ret = wc_InitShake128(shake, heap, devId)) != 0) {
WOLFSSL_MSG("InitShake128 failed"); WOLFSSL_MSG("InitShake128 failed");
} }
@ -1870,6 +1961,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E; return MEMORY_E;
#endif #endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitShake256(shake, heap, devId)) != 0) { if ((ret = wc_InitShake256(shake, heap, devId)) != 0) {
WOLFSSL_MSG("InitShake256 failed"); WOLFSSL_MSG("InitShake256 failed");
} }
@ -1914,6 +2012,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E; return MEMORY_E;
#endif #endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSm3(sm3, heap, devId)) != 0) { if ((ret = wc_InitSm3(sm3, heap, devId)) != 0) {
WOLFSSL_MSG("InitSm3 failed"); WOLFSSL_MSG("InitSm3 failed");
} }

62
wolfcrypt/src/random.c
View File

@ -311,7 +311,7 @@ enum {
typedef struct DRBG_internal DRBG_internal; typedef struct DRBG_internal DRBG_internal;
static int wc_RNG_HealthTestLocal(int reseed); static int wc_RNG_HealthTestLocal(int reseed, void* heap, int devId);
/* Hash Derivation Function */ /* Hash Derivation Function */
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ /* Returns: DRBG_SUCCESS or DRBG_FAILURE */
@ -1619,7 +1619,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
if (nonceSz == 0) if (nonceSz == 0)
seedSz = MAX_SEED_SZ; seedSz = MAX_SEED_SZ;
if (wc_RNG_HealthTestLocal(0) == 0) { if (wc_RNG_HealthTestLocal(0, rng->heap, devId) == 0) {
#ifndef WOLFSSL_SMALL_STACK #ifndef WOLFSSL_SMALL_STACK
byte seed[MAX_SEED_SZ]; byte seed[MAX_SEED_SZ];
#else #else
@ -1830,7 +1830,11 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg, output, sz); ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg, output, sz);
if (ret == DRBG_NEED_RESEED) { if (ret == DRBG_NEED_RESEED) {
if (wc_RNG_HealthTestLocal(1) == 0) { int devId = INVALID_DEVID;
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
devId = rng->devId;
#endif
if (wc_RNG_HealthTestLocal(1, rng->heap, devId) == 0) {
#ifndef WOLFSSL_SMALL_STACK #ifndef WOLFSSL_SMALL_STACK
byte newSeed[SEED_SZ + SEED_BLOCK_SZ]; byte newSeed[SEED_SZ + SEED_BLOCK_SZ];
ret = DRBG_SUCCESS; ret = DRBG_SUCCESS;
@ -2083,7 +2087,7 @@ const FLASH_QUALIFIER byte outputB_data[] = {
}; };
static int wc_RNG_HealthTestLocal(int reseed) static int wc_RNG_HealthTestLocal(int reseed, void* heap, int devId)
{ {
int ret = 0; int ret = 0;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@ -2102,17 +2106,17 @@ static int wc_RNG_HealthTestLocal(int reseed)
if (reseed) { if (reseed) {
#ifdef WOLFSSL_USE_FLASHMEM #ifdef WOLFSSL_USE_FLASHMEM
byte* seedA = (byte*)XMALLOC(sizeof(seedA_data), NULL, byte* seedA = (byte*)XMALLOC(sizeof(seedA_data), heap,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
byte* reseedSeedA = (byte*)XMALLOC(sizeof(reseedSeedA_data), NULL, byte* reseedSeedA = (byte*)XMALLOC(sizeof(reseedSeedA_data), heap,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
byte* outputA = (byte*)XMALLOC(sizeof(outputA_data), NULL, byte* outputA = (byte*)XMALLOC(sizeof(outputA_data), heap,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
if (!seedA || !reseedSeedA || !outputA) { if (!seedA || !reseedSeedA || !outputA) {
XFREE(seedA, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(seedA, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(reseedSeedA, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(reseedSeedA, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outputA, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(outputA, heap, DYNAMIC_TYPE_TMP_BUFFER);
ret = MEMORY_E; ret = MEMORY_E;
} }
else { else {
@ -2124,9 +2128,11 @@ static int wc_RNG_HealthTestLocal(int reseed)
const byte* reseedSeedA = reseedSeedA_data; const byte* reseedSeedA = reseedSeedA_data;
const byte* outputA = outputA_data; const byte* outputA = outputA_data;
#endif #endif
ret = wc_RNG_HealthTest(1, seedA, sizeof(seedA_data), ret = wc_RNG_HealthTest_ex(1, NULL, 0,
reseedSeedA, sizeof(reseedSeedA_data), seedA, sizeof(seedA_data),
check, RNG_HEALTH_TEST_CHECK_SIZE); reseedSeedA, sizeof(reseedSeedA_data),
check, RNG_HEALTH_TEST_CHECK_SIZE,
heap, devId);
if (ret == 0) { if (ret == 0) {
if (ConstantCompare(check, outputA, if (ConstantCompare(check, outputA,
RNG_HEALTH_TEST_CHECK_SIZE) != 0) RNG_HEALTH_TEST_CHECK_SIZE) != 0)
@ -2142,14 +2148,14 @@ static int wc_RNG_HealthTestLocal(int reseed)
} }
else { else {
#ifdef WOLFSSL_USE_FLASHMEM #ifdef WOLFSSL_USE_FLASHMEM
byte* seedB = (byte*)XMALLOC(sizeof(seedB_data), NULL, byte* seedB = (byte*)XMALLOC(sizeof(seedB_data), heap,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
byte* outputB = (byte*)XMALLOC(sizeof(outputB_data), NULL, byte* outputB = (byte*)XMALLOC(sizeof(outputB_data), heap,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
if (!seedB || !outputB) { if (!seedB || !outputB) {
XFREE(seedB, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(seedB, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outputB, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(outputB, heap, DYNAMIC_TYPE_TMP_BUFFER);
ret = MEMORY_E; ret = MEMORY_E;
} }
else { else {
@ -2159,9 +2165,11 @@ static int wc_RNG_HealthTestLocal(int reseed)
const byte* seedB = seedB_data; const byte* seedB = seedB_data;
const byte* outputB = outputB_data; const byte* outputB = outputB_data;
#endif #endif
ret = wc_RNG_HealthTest(0, seedB, sizeof(seedB_data), ret = wc_RNG_HealthTest_ex(0, NULL, 0,
NULL, 0, seedB, sizeof(seedB_data),
check, RNG_HEALTH_TEST_CHECK_SIZE); NULL, 0,
check, RNG_HEALTH_TEST_CHECK_SIZE,
heap, devId);
if (ret == 0) { if (ret == 0) {
if (ConstantCompare(check, outputB, if (ConstantCompare(check, outputB,
RNG_HEALTH_TEST_CHECK_SIZE) != 0) RNG_HEALTH_TEST_CHECK_SIZE) != 0)
@ -2174,11 +2182,11 @@ static int wc_RNG_HealthTestLocal(int reseed)
* byte 32, feed them into the health test separately. */ * byte 32, feed them into the health test separately. */
if (ret == 0) { if (ret == 0) {
ret = wc_RNG_HealthTest_ex(0, ret = wc_RNG_HealthTest_ex(0,
seedB + 32, sizeof(seedB_data) - 32, seedB + 32, sizeof(seedB_data) - 32,
seedB, 32, seedB, 32,
NULL, 0, NULL, 0,
check, RNG_HEALTH_TEST_CHECK_SIZE, check, RNG_HEALTH_TEST_CHECK_SIZE,
NULL, INVALID_DEVID); heap, devId);
if (ret == 0) { if (ret == 0) {
if (ConstantCompare(check, outputB, sizeof(outputB_data)) != 0) if (ConstantCompare(check, outputB, sizeof(outputB_data)) != 0)
ret = -1; ret = -1;
@ -2186,8 +2194,8 @@ static int wc_RNG_HealthTestLocal(int reseed)
} }
#ifdef WOLFSSL_USE_FLASHMEM #ifdef WOLFSSL_USE_FLASHMEM
XFREE(seedB, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(seedB, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outputB, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(outputB, heap, DYNAMIC_TYPE_TMP_BUFFER);
} }
#endif #endif
} }