From 291ec20d4e071fba1aeb5a27fe40b900753acb1a Mon Sep 17 00:00:00 2001 From: night1rider Date: Tue, 5 May 2026 12:03:37 -0600 Subject: [PATCH] stash caller heap before cryptocb fires so InitCmac_* callbacks can honor it --- wolfcrypt/src/cmac.c | 7 +++++++ wolfssl/wolfcrypt/cmac.h | 2 ++ 2 files changed, 9 insertions(+) diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c index 0e8a9f7e42..43108d226c 100644 --- a/wolfcrypt/src/cmac.c +++ b/wolfcrypt/src/cmac.c @@ -126,6 +126,13 @@ static int _InitCmac_common(Cmac* cmac, const byte* key, word32 keySz, #endif XMEMSET(cmac, 0, sizeof(Cmac)); + /* Stash heap so the cryptocb can read it from the zeroed cmac. */ +#ifndef NO_AES + cmac->aes.heap = heap; +#else + cmac->heap = heap; +#endif + /* Store id/label on the Cmac struct so the crypto callback can * inspect them to determine the hardware key slot. */ #ifdef WOLF_PRIVATE_KEY_ID diff --git a/wolfssl/wolfcrypt/cmac.h b/wolfssl/wolfcrypt/cmac.h index 13998f6f06..40a6e1a64e 100644 --- a/wolfssl/wolfcrypt/cmac.h +++ b/wolfssl/wolfcrypt/cmac.h @@ -63,6 +63,8 @@ struct Cmac { byte digest[WC_AES_BLOCK_SIZE]; /* running digest */ byte k1[WC_AES_BLOCK_SIZE]; byte k2[WC_AES_BLOCK_SIZE]; +#else + void* heap; /* fallback when no aes.heap is available */ #endif word32 bufferSz; word32 totalSz;