Merge pull request #8854 from dgarske/renesas_rx_tsip_aesctr

Added Renesas RX TSIP AES CTR support

.wolfssl_known_macro_extras

@@ -519,6 +519,10 @@ TIF_NEED_FPU_LOAD
 TIME_T_NOT_LONG
 TI_DUMMY_BUILD
 TLS13_RSA_PSS_SIGN_CB_NO_PREHASH
+TSIP_AES_128_CTR
+TSIP_AES_256_CTR
+TSIP_ECDSA_P256
+TSIP_ECDSA_P384
 TSIP_RSAES_1024
 TSIP_RSAES_2048
 TSIP_RSASSA_1024

IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c

@@ -31,7 +31,8 @@
     #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
 #endif
 
-#define SIMPLE_TLSSEVER_IP       "192.168.11.5"
+#if defined(SIMPLE_TLS_TSIP_CLIENT) || defined(SIMPLE_TLS_CLIENT)
+#define SIMPLE_TLSSEVER_IP       "192.168.11.11"
 #define SIMPLE_TLSSERVER_PORT    "11111"
 
 ER    t4_tcp_callback(ID cepid, FN fncd , VP p_parblk);
@@ -360,3 +361,4 @@ void wolfSSL_TLS_client( )
 
     return;
 }
+#endif /* SIMPLE_TSIP TLS_CLIENT || SIMPLE_TLS_CLIENT */

IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tls_server.c

@@ -27,6 +27,8 @@
 #include "wolfssl/certs_test.h"
 #include <wolfssl_simple_demo.h>
 
+#if defined(SIMPLE_TLS_SERVER)
+
 static WOLFSSL_CTX *server_ctx;
 
 static int my_IORecv(WOLFSSL* ssl, char* buff, int sz, void* ctx)
@@ -192,3 +194,4 @@ out:
     tcp_sht_cep(cepid);
     tcp_cls_cep(cepid, TMO_FEVR);
 }
+#endif

IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg

@@ -11,7 +11,7 @@
             </toolchain>
         </configuration>
         <platform id="R5F572NNHxFB"/>
-        <option id="board" value="EnvisionKitRX72N (V1.12)"/>
+        <option id="board" value="EnvisionKitRX72N (V1.14)"/>
     </general>
     <tool id="Clock">
         <option enabled="true" id="vccinput" selection="textinputitem">
@@ -1166,8 +1166,8 @@
                 <gridItem id="TSIP_MD5" selectedIndex="1"/>
                 <gridItem id="TSIP_SHA_1_HMAC" selectedIndex="1"/>
                 <gridItem id="TSIP_SHA_256_HMAC" selectedIndex="1"/>
-                <gridItem id="TSIP_RSAES_1024" selectedIndex="0"/>
+                <gridItem id="TSIP_RSAES_1024" selectedIndex="1"/>
-                <gridItem id="TSIP_RSAES_2048" selectedIndex="0"/>
+                <gridItem id="TSIP_RSAES_2048" selectedIndex="1"/>
                 <gridItem id="TSIP_RSAES_3072" selectedIndex="0"/>
                 <gridItem id="TSIP_RSAES_4096" selectedIndex="0"/>
                 <gridItem id="TSIP_RSASSA_1024" selectedIndex="1"/>

IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h

@@ -103,6 +103,8 @@
   #define HAVE_AESGCM
   #define HAVE_AESCCM
   #define HAVE_AES_CBC
+  #define WOLFSSL_AES_DIRECT
+  #define WOLFSSL_AES_COUNTER
   #define WOLFSSL_SHA512
 
   #define HAVE_SUPPORTED_CURVES

IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c

@@ -191,6 +191,322 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
     return ret;
 }
 
+#if defined(WOLFSSL_AES_COUNTER)
+#if (defined(TSIP_AES_128_CTR) && TSIP_AES_128_CTR == 1) &&\
+    (defined(WOLFSSL_AES_128))
+static int tsip_aes128_ctr_test(int prnt, tsip_aes_key_index_t* aes_key)
+{
+    int ret;
+    Aes *enc = NULL;
+    Aes *dec = NULL;
+    byte cipher[WC_AES_BLOCK_SIZE * 4];
+    byte plain [WC_AES_BLOCK_SIZE * 4];
+    /* test vectors from "Recommendation for Block Cipher Modes of
+     * Operation" NIST Special Publication 800-38A */
+
+    WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
+    {
+        0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
+        0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
+    };
+
+    WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
+    {
+        0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
+        0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
+        0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
+        0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
+        0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
+        0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
+        0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
+        0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap128[] =
+    {
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte ctr128Key[] =
+    {
+        0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
+        0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
+    };
+
+    WOLFSSL_SMALL_STACK_STATIC const byte ctr128Cipher[] =
+    {
+        0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
+        0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
+        0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
+        0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
+        0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
+        0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
+        0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
+        0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128CipherLong[] =
+    {
+        0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62,
+        0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86,
+        0xd3,0xda,0xe1,0x5b,0x04,0xbb,0x35,0x2f,
+        0xa0,0xf5,0x9f,0xeb,0xfc,0xb4,0xda,0x3e
+    };
+    int i;
+    struct {
+        const byte* key;
+        int         keySz;
+        const byte* iv;
+        const byte* plain;
+        int         len;
+        const byte* cipher;
+    } testVec[] = {
+        { ctr128Key, (int)sizeof(ctr128Key), ctrIv,
+          ctrPlain, (int)sizeof(ctrPlain), ctr128Cipher },
+        { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128,
+          ctrPlain, (int)sizeof(ctr128Wrap128CipherLong),
+          ctr128Wrap128CipherLong },
+    };
+    int AES_CTR_TEST_LEN = (int)(sizeof(testVec) / sizeof(*testVec));
+
+    if (prnt)
+        printf(" tsip_aes128_ctr_test() ");
+
+    enc = wc_AesNew(NULL, INVALID_DEVID, &ret);
+    if (enc == NULL){
+        ret = -1;
+        goto out;
+    }
+    dec = wc_AesNew(NULL, INVALID_DEVID, &ret);
+    if (dec == NULL){
+        ret = -2;
+        goto out;
+    }
+
+    /* test failure cases - null */
+    ret = wc_tsip_AesCtr(NULL, NULL, NULL, 1);
+    if (ret != BAD_FUNC_ARG) {
+        ret = -8; goto out;
+    }
+    /* test failure cases - size, but no buffer */
+    ret = wc_tsip_AesCtr(enc, NULL, NULL, 1);
+    if (ret != BAD_FUNC_ARG) {
+        ret = -9; goto out;
+    }
+    /* test failure cases - non block aligned  */
+    ret = wc_tsip_AesCtr(enc, plain, cipher, 15);
+    if (ret != BAD_FUNC_ARG) {
+        ret = -10; goto out;
+    }
+
+    for (i = 0; i < AES_CTR_TEST_LEN; i++) {
+        if (testVec[i].key != NULL) {
+            ret = wc_AesSetKeyDirect(enc, testVec[i].key, (word32)testVec[i].keySz,
+                testVec[i].iv, AES_ENCRYPTION);
+
+            if (ret != 0) {
+                ret = -3;
+                goto out;
+            } else {
+                /* set TSIP Aes key */
+                XMEMCPY(&enc->ctx.tsip_keyIdx, aes_key,
+                            sizeof(tsip_aes_key_index_t));
+                enc->ctx.keySize = enc->keylen;
+            }
+            /* Ctr only uses encrypt, even on key setup */
+            ret = wc_AesSetKeyDirect(dec, testVec[i].key, (word32)testVec[i].keySz,
+                testVec[i].iv, AES_ENCRYPTION);
+            if (ret != 0) {
+                ret = -4;
+                goto out;
+            } else {
+                XMEMCPY(&dec->ctx.tsip_keyIdx, aes_key,
+                            sizeof(tsip_aes_key_index_t));
+                dec->ctx.keySize = dec->keylen;
+            }
+        }
+
+        ret = wc_tsip_AesCtr(enc, cipher, testVec[i].plain, (word32)testVec[i].len);
+        if (ret != 0) {
+            ret = -5;
+            goto out;
+        }
+        ret = wc_tsip_AesCtr(dec, plain, cipher, (word32)testVec[i].len);
+        if (ret != 0) {
+            ret = -6;
+            goto out;
+        }
+
+        if (XMEMCMP(plain, ctrPlain, (size_t)testVec[i].len)) {
+            ret = -7;
+            goto out;
+        }
+    }
+out:
+    wc_AesDelete(enc, &enc);
+    wc_AesDelete(dec, &dec);
+
+    return ret;
+}
+#endif /* WOLFSSL_AES_128 */
+#if (defined(TSIP_AES_256_CTR) && TSIP_AES_256_CTR == 1) &&\
+    (defined(WOLFSSL_AES_256))
+static int tsip_aes256_ctr_test(int prnt, tsip_aes_key_index_t* aes_key)
+{
+    int ret;
+    Aes *enc = NULL;
+    Aes *dec = NULL;
+    byte cipher[WC_AES_BLOCK_SIZE * 4];
+    byte plain [WC_AES_BLOCK_SIZE * 4];
+    /* test vectors from "Recommendation for Block Cipher Modes of
+     * Operation" NIST Special Publication 800-38A */
+
+    WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
+    {
+        0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
+        0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
+    };
+
+    WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
+    {
+        0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
+        0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
+        0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
+        0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
+        0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
+        0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
+        0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
+        0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap128[] =
+    {
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
+    {
+        0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
+        0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
+        0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
+        0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
+    };
+
+    WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
+    {
+        0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
+        0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28,
+        0xf4,0x43,0xe3,0xca,0x4d,0x62,0xb5,0x9a,
+        0xca,0x84,0xe9,0x90,0xca,0xca,0xf5,0xc5,
+        0x2b,0x09,0x30,0xda,0xa2,0x3d,0xe9,0x4c,
+        0xe8,0x70,0x17,0xba,0x2d,0x84,0x98,0x8d,
+        0xdf,0xc9,0xc5,0x8d,0xb6,0x7a,0xad,0xa6,
+        0x13,0xc2,0xdd,0x08,0x45,0x79,0x41,0xa6
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128CipherLong[] =
+    {
+        0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48,
+        0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6,
+        0x4b,0x45,0x7c,0xd6,0x8a,0xcc,0xda,0x4a,
+        0x89,0xfa,0x23,0x6c,0x06,0xbf,0x26,0x05
+    };
+
+    int i;
+    struct {
+        const byte* key;
+        int         keySz;
+        const byte* iv;
+        const byte* plain;
+        int         len;
+        const byte* cipher;
+    } testVec[] = {
+        { ctr256Key, (int)sizeof(ctr256Key), ctrIv,
+          ctrPlain, (int)sizeof(ctrPlain), ctr256Cipher },
+        { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128,
+          ctrPlain, (int)sizeof(ctr256Wrap128CipherLong),
+          ctr256Wrap128CipherLong },
+    };
+    int AES_CTR_TEST_LEN = (int)(sizeof(testVec) / sizeof(*testVec));
+
+    if (prnt)
+        printf(" tsip_aes256_ctr_test() ");
+
+    enc = wc_AesNew(NULL, INVALID_DEVID, &ret);
+    if (enc == NULL){
+        ret = -1;
+        goto out;
+    }
+    dec = wc_AesNew(NULL, INVALID_DEVID, &ret);
+    if (dec == NULL){
+        ret = -2;
+        goto out;
+    }
+
+    /* test failure cases - null */
+    ret = wc_tsip_AesCtr(NULL, NULL, NULL, 1);
+    if (ret != BAD_FUNC_ARG) {
+        ret = -8; goto out;
+    }
+    /* test failure cases - size, but no buffer */
+    ret = wc_tsip_AesCtr(enc, NULL, NULL, 1);
+    if (ret != BAD_FUNC_ARG) {
+        ret = -9; goto out;
+    }
+    /* test failure cases - non block aligned  */
+    ret = wc_tsip_AesCtr(enc, plain, cipher, 15);
+    if (ret != BAD_FUNC_ARG) {
+        ret = -10; goto out;
+    }
+
+    for (i = 0; i < AES_CTR_TEST_LEN; i++) {
+        if (testVec[i].key != NULL) {
+            ret = wc_AesSetKeyDirect(enc, testVec[i].key, (word32)testVec[i].keySz,
+                testVec[i].iv, AES_ENCRYPTION);
+            if (ret != 0) {
+                ret = -3;
+                goto out;
+            } else {
+                /* set TSIP Aes key */
+                XMEMCPY(&enc->ctx.tsip_keyIdx, aes_key,
+                            sizeof(tsip_aes_key_index_t));
+                enc->ctx.keySize = enc->keylen;
+            }
+            /* Ctr only uses encrypt, even on key setup */
+            ret = wc_AesSetKeyDirect(dec, testVec[i].key, (word32)testVec[i].keySz,
+                testVec[i].iv, AES_ENCRYPTION);
+            if (ret != 0) {
+                ret = -4;
+                goto out;
+            } else {
+                /* set TSIP Aes key */
+                XMEMCPY(&dec->ctx.tsip_keyIdx, aes_key,
+                            sizeof(tsip_aes_key_index_t));
+                dec->ctx.keySize = enc->keylen;
+            }
+        }
+
+        ret = wc_tsip_AesCtr(enc, cipher, testVec[i].plain, (word32)testVec[i].len);
+        if (ret != 0) {
+            ret = -5;
+            goto out;
+        }
+        ret = wc_tsip_AesCtr(dec, plain, cipher, (word32)testVec[i].len);
+        if (ret != 0) {
+            ret = -6;
+            goto out;
+        }
+
+        if (XMEMCMP(plain, ctrPlain, (size_t)testVec[i].len)) {
+            ret = -7;
+            goto out;
+        }
+    }
+out:
+    wc_AesDelete(enc, &enc);
+    wc_AesDelete(dec, &dec);
+
+    return ret;
+}
+#endif /* WOLFSSL_AES_256 */
+#endif /* TSIP_AES_256_CTR && WOLFSSL_AES_COUNTER */
+
 #ifdef FREERTOS
 static void tskAes128_Cbc_Test(void *pvParam)
 {
@@ -1250,7 +1566,17 @@ int tsip_crypt_test(void)
 
         }
 #endif
+#ifdef WOLFSSL_AES_COUNTER
+        if (ret == 0) {
+            ret = tsip_aes128_ctr_test(1, &g_user_aes128_key_index1);
+            RESULT_STR(ret)
+        }
 
+        if (ret == 0) {
+            ret = tsip_aes256_ctr_test(1, &g_user_aes256_key_index1);
+            RESULT_STR(ret)
+        }
+#endif
 #if defined(WOLFSSL_KEY_GEN) && \
     defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
 

wolfcrypt/src/cryptocb.c

@@ -577,6 +577,7 @@ int wc_CryptoCb_RsaGetSize(const RsaKey* key, int* keySize)
 #endif /* !NO_RSA */
 
 #ifdef HAVE_ECC
+#ifdef HAVE_ECC_DHE
 int wc_CryptoCb_MakeEccKey(WC_RNG* rng, int keySize, ecc_key* key, int curveId)
 {
     int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
@@ -629,7 +630,9 @@ int wc_CryptoCb_Ecdh(ecc_key* private_key, ecc_key* public_key,
 
     return wc_CryptoCb_TranslateErrorCode(ret);
 }
+#endif
 
+#ifdef HAVE_ECC_SIGN
 int wc_CryptoCb_EccSign(const byte* in, word32 inlen, byte* out,
     word32 *outlen, WC_RNG* rng, ecc_key* key)
 {
@@ -658,7 +661,9 @@ int wc_CryptoCb_EccSign(const byte* in, word32 inlen, byte* out,
 
     return wc_CryptoCb_TranslateErrorCode(ret);
 }
+#endif
 
+#ifdef HAVE_ECC_VERIFY
 int wc_CryptoCb_EccVerify(const byte* sig, word32 siglen,
     const byte* hash, word32 hashlen, int* res, ecc_key* key)
 {
@@ -687,7 +692,9 @@ int wc_CryptoCb_EccVerify(const byte* sig, word32 siglen,
 
     return wc_CryptoCb_TranslateErrorCode(ret);
 }
+#endif
 
+#ifdef HAVE_ECC_CHECK_KEY
 int wc_CryptoCb_EccCheckPrivKey(ecc_key* key, const byte* pubKey,
     word32 pubKeySz)
 {
@@ -713,6 +720,7 @@ int wc_CryptoCb_EccCheckPrivKey(ecc_key* key, const byte* pubKey,
 
     return wc_CryptoCb_TranslateErrorCode(ret);
 }
+#endif
 #endif /* HAVE_ECC */
 
 #ifdef HAVE_CURVE25519

wolfcrypt/src/ecc.c

@@ -5395,6 +5395,7 @@ static WC_INLINE void wc_ecc_reset(ecc_key* key)
     key->state = ECC_STATE_NONE;
 }
 
+
 /* create the public ECC key from a private key
  *
  * key     an initialized private key to generate public part from
@@ -5680,7 +5681,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
     #endif
     key->flags = (byte)flags;
 
-#ifdef WOLF_CRYPTO_CB
+#if defined(WOLF_CRYPTO_CB) && defined(HAVE_ECC_DHE)
     #ifndef WOLF_CRYPTO_CB_FIND
     if (key->devId != INVALID_DEVID)
     #endif
@@ -10263,7 +10264,7 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime)
         * (!WOLFSSL_SP_MATH && WOLFSSL_VALIDATE_ECC_IMPORT) */
 
 #if (FIPS_VERSION_GE(5,0) || defined(WOLFSSL_VALIDATE_ECC_KEYGEN)) && \
-    !defined(WOLFSSL_KCAPI_ECC)
+    !defined(WOLFSSL_KCAPI_ECC) && defined(HAVE_ECC_DHE)
 
 /* check privkey generator helper, creates prime needed */
 static int ecc_check_privkey_gen_helper(ecc_key* key)
@@ -10378,7 +10379,7 @@ static int _ecc_pairwise_consistency_test(ecc_key* key, WC_RNG* rng)
     return err;
 }
 #endif /* (FIPS v5 or later || WOLFSSL_VALIDATE_ECC_KEYGEN) && \
-          !WOLFSSL_KCAPI_ECC */
+          !WOLFSSL_KCAPI_ECC && HAVE_ECC_DHE */
 
 #ifndef WOLFSSL_SP_MATH
 /* validate order * pubkey = point at infinity, 0 on success */

wolfcrypt/src/port/Renesas/renesas_tsip_aes.c

@@ -36,7 +36,9 @@
 
 #include <wolfssl/wolfcrypt/wc_port.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
+#ifdef WOLFSSL_RENESAS_TSIP_TLS
 #include <wolfssl/internal.h>
+#endif
 #include <wolfssl/wolfcrypt/aes.h>
 #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
 #ifdef NO_INLINE
@@ -381,24 +383,25 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
 #if (WOLFSSL_RENESAS_TSIP_VER >= 109)
 #ifdef WOLF_CRYPTO_CB
 
-WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info,
+int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx)
-                                                                    void* ctx)
 {
     int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
     TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
 
     WOLFSSL_ENTER("wc_tsip_AesCipher");
 
-    if (info == NULL || ctx == NULL)
+    if (info == NULL) {
         return BAD_FUNC_ARG;
+    }
+
+    (void)devIdArg;
 
     if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
-
+#if !defined(NO_AES)
-#if !defined(NO_AES) || !defined(NO_DES3)
 #ifdef HAVE_AESGCM
         if (info->cipher.type == WC_CIPHER_AES_GCM
         #ifdef WOLFSSL_RENESAS_TSIP_TLS
-            && cbInfo->session_key_set == 1
+            && cbInfo != NULL && cbInfo->session_key_set == 1
         #endif
             ) {
 
@@ -433,10 +436,26 @@ WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info,
             }
         }
     #endif /* HAVE_AESGCM */
+
+    #ifdef WOLFSSL_AES_COUNTER
+        if (info->cipher.type == WC_CIPHER_AES_CTR
+        #ifdef WOLFSSL_RENESAS_TSIP_TLS
+            && cbInfo != NULL && cbInfo->session_key_set == 1
+        #endif
+            ) {
+            /* encrypt and decrypt use same routine */
+            ret = wc_tsip_AesCtr(
+                info->cipher.aesctr.aes,
+                (byte*)info->cipher.aesctr.out,
+                (byte*)info->cipher.aesctr.in,
+                info->cipher.aesctr.sz);
+        }
+    #endif /* WOLFSSL_AES_COUNTER */
+
     #ifdef HAVE_AES_CBC
         if (info->cipher.type == WC_CIPHER_AES_CBC
         #ifdef WOLFSSL_RENESAS_TSIP_TLS
-            && cbInfo->session_key_set == 1
+            && cbInfo != NULL && cbInfo->session_key_set == 1
         #endif
             ) {
 
@@ -457,17 +476,17 @@ WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info,
             }
         }
     #endif /* HAVE_AES_CBC */
-    #endif /* !NO_AES || !NO_DES3 */
+    #endif /* !NO_AES */
 
     }
+    (void)cbInfo;
     WOLFSSL_LEAVE("wc_tsip_AesCipher", ret);
     return ret;
 }
 #endif /* WOLF_CRYPTO_CB */
 #endif /* WOLFSSL_RENESAS_TSIP_VER >= 109 */
 
-
+#ifdef HAVE_AES_CBC
-
 int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
 {
     tsip_aes_handle_t _handle;
@@ -584,6 +603,85 @@ int wc_tsip_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
     tsip_hw_unlock();
     return ret;
 }
+#endif /* HAVE_AES_CBC */
+
+#ifdef WOLFSSL_AES_COUNTER
+/* API only supports even blocks (16 byte) */
+/* Use the public wc_AesCtrEncrypt with crypto callbacks to handle odd remain */
+int wc_tsip_AesCtr(struct Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    tsip_aes_handle_t _handle;
+    int ret;
+    int blocks = (int)(sz / WC_AES_BLOCK_SIZE);
+    int remain = (int)(sz % WC_AES_BLOCK_SIZE);
+    byte *iv;
+
+    if (aes == NULL || in == NULL || out == NULL || sz == 0 || remain != 0) {
+        return BAD_FUNC_ARG;
+    }
+
+    if ((ret = tsip_hw_lock()) != 0) {
+        WOLFSSL_MSG("Failed to lock");
+        return ret;
+    }
+
+    /* while doing TLS handshake, TSIP driver keeps true-key and iv *
+     * on the device. iv is dummy                                   */
+    iv = (uint8_t*)aes->reg;
+
+    if (aes->ctx.keySize == 16) {
+    #if defined(TSIP_AES_128_CTR) && TSIP_AES_128_CTR == 1
+        ret = R_TSIP_Aes128CtrInit(&_handle, &aes->ctx.tsip_keyIdx, iv);
+        if (ret == TSIP_SUCCESS) {
+            ret = R_TSIP_Aes128CtrUpdate(&_handle, (uint8_t*)in,
+                (uint8_t*)out, blocks * WC_AES_BLOCK_SIZE);
+            if (ret == TSIP_SUCCESS) {
+                ret = R_TSIP_Aes128CtrFinal(&_handle);
+            }
+        }
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
+    if (aes->ctx.keySize == 32) {
+    #if defined(TSIP_AES_256_CTR) && TSIP_AES_256_CTR == 1
+        ret = R_TSIP_Aes256CtrInit(&_handle, &aes->ctx.tsip_keyIdx, iv);
+        if (ret == TSIP_SUCCESS) {
+            ret = R_TSIP_Aes256CtrUpdate(&_handle, (uint8_t*)in,
+                (uint8_t*)out, blocks * WC_AES_BLOCK_SIZE);
+            if (ret == TSIP_SUCCESS) {
+                ret = R_TSIP_Aes256CtrFinal(&_handle);
+            }
+        }
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
+
+    if (ret == TSIP_SUCCESS) {
+        /* increment IV counter */
+        while (blocks--) {
+            /* in network byte order so start at end and work back */
+            int i;
+            for (i = WC_AES_BLOCK_SIZE - 1; i >= 0; i--) {
+                if (++iv[i]) /* we're done unless we overflow */
+                    break;
+            }
+        }
+    }
+    else {
+        WOLFSSL_ERROR(ret);
+        WOLFSSL_MSG("TSIP AES CTR failed");
+        ret = -1;
+    }
+
+    tsip_hw_unlock();
+
+    return ret;
+}
+#endif /* WOLFSSL_AES_COUNTER */
+
+#ifdef HAVE_AESGCM
 /*
  * Encrypt plain data then output encrypted data and authentication tag data.
  * The session key used for encryption is generated inside this function and
@@ -644,7 +742,7 @@ int wc_tsip_AesGcmEncrypt(
     if (aes->ctx.keySize != 16 && aes->ctx.keySize != 32) {
         WOLFSSL_MSG("illegal key size");
         WOLFSSL_LEAVE("wc_tsip_AesGcmEncrypt", BAD_FUNC_ARG);
-        return  BAD_FUNC_ARG;
+        return BAD_FUNC_ARG;
     }
 
     if (aes->ctx.keySize == 16) {
@@ -975,6 +1073,7 @@ int wc_tsip_AesGcmDecrypt(
     WOLFSSL_LEAVE("wc_tsip_AesGcmDecrypt", ret);
     return ret;
 }
+#endif /* HAVE_AESGCM */
 #endif /* WOLFSSL_RENESAS_TSIP_TLS) || WOLFSSL_RENESAS_TSIP_CRYPTONLY
          && NO_WOLFSSL_RENESAS_TSIP_CRYPT_AES */
 #endif /* NO_AES */

wolfcrypt/src/port/Renesas/renesas_tsip_util.c

@@ -72,8 +72,10 @@ extern uint32_t     s_flash[];
 extern uint32_t     s_inst1[R_TSIP_SINST_WORD_SIZE];
 #endif
 
+#ifndef SINGLE_THREADED
 wolfSSL_Mutex       tsip_mutex;
 static int          tsip_CryptHwMutexInit_ = 0;
+#endif
 static tsip_key_data g_user_key_info;
 struct WOLFSSL_HEAP_HINT*  tsip_heap_hint = NULL;
 
@@ -2476,6 +2478,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
                 tuc->keyflgs_crypt.bits.eccpub_key_set = 0;
             #endif
                 if (keyType == TSIP_KEY_TYPE_ECDSAP256) {
+                #if defined(TSIP_ECDSA_P256) && TSIP_ECDSA_P256 == 1
                     err = R_TSIP_GenerateEccP256PublicKeyIndex(
                                     provisioning_key, iv, (uint8_t*)encPubKey,
                             #if defined(WOLFSSL_RENESAS_TSIP_TLS)
@@ -2484,8 +2487,12 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
                                     &tuc->eccpub_keyIdx
                             #endif
                     );
+                #else
+                    err = NOT_COMPILED_IN;
+                #endif
                 }
                 else if (keyType == TSIP_KEY_TYPE_ECDSAP384) {
+                #if defined(TSIP_ECDSA_P384) && TSIP_ECDSA_P384 == 1
                     err = R_TSIP_GenerateEccP384PublicKeyIndex(
                                     provisioning_key, iv, (uint8_t*)encPubKey,
                             #if defined(WOLFSSL_RENESAS_TSIP_TLS)
@@ -2494,6 +2501,9 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
                                     &tuc->eccpub_keyIdx
                             #endif
                     );
+                #else
+                    err = NOT_COMPILED_IN;
+                #endif
                 }
                 if (err == TSIP_SUCCESS) {
                 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
@@ -2619,6 +2629,7 @@ int tsip_usable(const WOLFSSL *ssl, uint8_t session_key_generated)
 }
 #endif /* WOLFSSL_RENESAS_TSIP_TLS */
 
+#ifndef SINGLE_THREADED
 /*
 * lock hw engine.
 * this should be called before using engine.
@@ -2654,6 +2665,7 @@ void tsip_hw_unlock(void)
 {
     tsip_CryptHwMutexUnLock(&tsip_mutex);
 }
+#endif
 
 /* open TSIP driver
  * return 0 on success.

wolfcrypt/test/test.c

@@ -59474,7 +59474,6 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
 {
      wc_test_ret_t ret = 0;
 #if defined(HAVE_ECC)
-
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     ecc_key* key = (ecc_key *)XMALLOC(sizeof *key,
                                             HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -59482,21 +59481,19 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
                                             HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     byte* out = (byte*)XMALLOC(sizeof(byte),
                                             HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    #ifdef OPENSSL_EXTRA
+    #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
-    byte* check = (byte*)XMALLOC(sizeof(byte)*(256), HEAP_HINT,
+    byte* check = (byte*)XMALLOC(256, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-                                            DYNAMIC_TYPE_TMP_BUFFER);
-
     #endif
 #else
     ecc_key key[1];
+    #ifdef HAVE_ECC_DHE
     ecc_key pub[1];
-    byte    out[256];
+    #endif
-     #ifdef OPENSSL_EXTRA
+    #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
-    unsigned char check[256];
+    byte check[256];
     #endif
 #endif
-
+#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
-    #ifdef OPENSSL_EXTRA
     WOLFSSL_EVP_PKEY* privKey = NULL;
     WOLFSSL_EVP_PKEY* pubKey = NULL;
     #ifdef USE_CERT_BUFFERS_256
@@ -59535,17 +59532,22 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
         0x94,0x1d,0x7a,0x66,0xf8,0xd1,0x1d,0xcf,0xb0,0x48,
         0xef,0x8c,0x94,0x6f,0xdd,0x62,
     };
-    #endif
+#endif
-
+#ifdef HAVE_ECC_DHE
     WC_RNG rng;
+#endif
     EncryptedInfo encInfo;
     int keyFormat = 0;
+#ifdef USE_CERT_BUFFERS_256
     word32 keyIdx = 0;
-
+#endif
+#if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
     byte   in[] = "Everyone gets Friday off. ecc p";
     word32 inLen = (word32)XSTRLEN((char*)in);
+    byte   out[256];
     word32 outLen;
     int    verify;
+#endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if (key == NULL || pub == NULL) {
@@ -59556,7 +59558,8 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
 
-    /* wc_CryptoCb_MakeEccKey cb test, , no actual testing */
+    /* wc_CryptoCb_MakeEccKey cb test, no actual testing */
+#ifdef HAVE_ECC_DHE
     ctx->exampleVar = 99;
     ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, key);
     if (ret != 0)
@@ -59568,7 +59571,7 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     } else
         /* reset return code */
         ret = 0;
-
+#endif
 #ifdef USE_CERT_BUFFERS_256
     if (ret == 0) {
         /* load ECC private key and perform private transform */
@@ -59577,6 +59580,9 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     }
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
+#endif
+
+#ifdef HAVE_ECC_SIGN
     /* wc_CryptoCb_EccSign cb test, no actual testing */
     ctx->exampleVar = 99;
     if (ret == 0) {
@@ -59594,6 +59600,7 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     else
         ret = 0;
 
+#ifdef HAVE_ECC_VERIFY
     /* wc_CryptoCb_EccVerify cb test, no actual testing */
     ctx->exampleVar = 99;
     if (ret == 0) {
@@ -59611,7 +59618,10 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     }
     else
         ret = 0;
+#endif /* HAVE_ECC_VERIFY */
+#endif /* HAVE_ECC_SIGN */
 
+#ifdef HAVE_ECC_DHE
     /* wc_CryptoCb_Ecdh cb test, no actual testing */
 
     /* make public key for shared secret */
@@ -59633,9 +59643,9 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     else
         ret = 0;
 
+#endif /* HAVE_ECC_DHE */
 
-    #ifdef OPENSSL_EXTRA
+#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
-
     (void)pkey;
     cp = ecc_clikey_der_256;
     privKey = d2i_PrivateKey(WC_EVP_PKEY_EC, NULL, &cp,
@@ -59696,7 +59706,6 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     }
 
     /* verify */
-
     wolfSSL_EVP_MD_CTX_init(&mdCtx);
 
     if (ret == WOLFSSL_SUCCESS) {
@@ -59732,24 +59741,11 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
     } else
         ret = 0;
-    #endif
+#endif /* !WOLFCRYPT_ONLY && OPENSSL_EXTRA */
-#else
+
-    (void)verify;
-    (void)outLen;
-    (void)inLen;
-    (void)out;
-    (void)pub;
-    #ifdef OPENSSL_EXTRA
-    (void)privKey;
-    (void)pubKey;
-    (void)mdCtx;
-    (void)check;
-    (void)checkSz;
-    (void)p;
-     #endif
-#endif
     (void)keyFormat;
     (void)encInfo;
+    (void)ctx;
 
 exit_onlycb:
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -59759,14 +59755,14 @@ exit_onlycb:
     }
     XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    #ifdef OPENSSL_EXTRA
+    #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
     if (check) {
         FREE(check, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     }
     #endif
 #else
     wc_ecc_free(key);
-    #ifdef OPENSSL_EXTRA
+    #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
     if (privKey)
         wolfSSL_EVP_PKEY_free(privKey);
     if (pubKey)
@@ -59901,6 +59897,7 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
     #endif /* !NO_RSA */
     #ifdef HAVE_ECC
         if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {
+        #ifdef HAVE_ECC_DHE
             /* set devId to invalid, so software is used */
             info->pk.eckg.key->devId = INVALID_DEVID;
             #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
@@ -59917,8 +59914,10 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
 
             /* reset devId */
             info->pk.eckg.key->devId = devIdArg;
+        #endif
         }
         else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
+        #ifdef HAVE_ECC_SIGN
             /* set devId to invalid, so software is used */
             info->pk.eccsign.key->devId = INVALID_DEVID;
             #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
@@ -59937,8 +59936,10 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
 
             /* reset devId */
             info->pk.eccsign.key->devId = devIdArg;
+        #endif
         }
         else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) {
+        #ifdef HAVE_ECC_VERIFY
             /* set devId to invalid, so software is used */
             info->pk.eccverify.key->devId = INVALID_DEVID;
             #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
@@ -59957,8 +59958,10 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
 
             /* reset devId */
             info->pk.eccverify.key->devId = devIdArg;
+        #endif
         }
         else if (info->pk.type == WC_PK_TYPE_ECDH) {
+        #ifdef HAVE_ECC_DHE
             /* set devId to invalid, so software is used */
             info->pk.ecdh.private_key->devId = INVALID_DEVID;
             #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
@@ -59976,6 +59979,7 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
 
             /* reset devId */
             info->pk.ecdh.private_key->devId = devIdArg;
+        #endif
         }
     #endif /* HAVE_ECC */
     #ifdef HAVE_CURVE25519

wolfssl/wolfcrypt/cryptocb.h

@@ -176,6 +176,7 @@ typedef struct wc_CryptoInfo {
             } rsa_get_size;
         #endif
         #ifdef HAVE_ECC
+            #ifdef HAVE_ECC_DHE
             struct {
                 WC_RNG*  rng;
                 int      size;
@@ -188,6 +189,8 @@ typedef struct wc_CryptoInfo {
                 byte*    out;
                 word32*  outlen;
             } ecdh;
+            #endif
+            #ifdef HAVE_ECC_SIGN
             struct {
                 const byte* in;
                 word32      inlen;
@@ -196,6 +199,8 @@ typedef struct wc_CryptoInfo {
                 WC_RNG*     rng;
                 ecc_key*    key;
             } eccsign;
+            #endif
+            #ifdef HAVE_ECC_VERIFY
             struct {
                 const byte* sig;
                 word32      siglen;
@@ -204,12 +209,15 @@ typedef struct wc_CryptoInfo {
                 int*        res;
                 ecc_key*    key;
             } eccverify;
+            #endif
+            #ifdef HAVE_ECC_CHECK_KEY
             struct {
                 ecc_key*    key;
                 const byte* pubKey;
                 word32      pubKeySz;
             } ecc_check;
-        #endif
+            #endif
+        #endif /* HAVE_ECC */
         #ifdef HAVE_CURVE25519
             struct {
                 WC_RNG*  rng;

wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h

@@ -39,7 +39,7 @@
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/hash.h>
-#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
+#ifdef WOLFSSL_RENESAS_TSIP_TLS
 #include <wolfssl/ssl.h>
 #endif
 #ifdef WOLF_CRYPTO_CB
@@ -573,21 +573,33 @@ WOLFSSL_API int wc_tsip_generateVerifyData(
         const uint8_t*  side,
         const uint8_t*  handshake_hash,
         uint8_t*        hashes);
+
 #ifndef NO_AES
+#ifdef HAVE_AES_CBC
 WOLFSSL_API int wc_tsip_AesCbcEncrypt(
-        Aes* aes,
+        struct Aes* aes,
         byte*       out,
         const byte* in,
         word32      sz);
 
 WOLFSSL_API int wc_tsip_AesCbcDecrypt(
-        Aes* aes,
+        struct Aes* aes,
         byte*       out,
         const byte* in,
         word32      sz);
+#endif /* HAVE_AES_CBC */
 
+#ifdef WOLFSSL_AES_COUNTER
+WOLFSSL_API int wc_tsip_AesCtr(
+        struct Aes*,
+        byte*       out,
+        const byte* in,
+        word32      sz);
+#endif /* WOLFSSL_AES_COUNTER */
+
+#ifdef HAVE_AESGCM
 WOLFSSL_API int wc_tsip_AesGcmEncrypt(
-        Aes* aes, byte* out,
+        struct Aes* aes, byte* out,
         const byte* in, word32 sz,
               byte* iv, word32 ivSz,
               byte* authTag, word32 authTagSz,
@@ -595,13 +607,15 @@ WOLFSSL_API int wc_tsip_AesGcmEncrypt(
         void* ctx);
 
 WOLFSSL_API int wc_tsip_AesGcmDecrypt(
-        Aes* aes, byte* out,
+        struct Aes* aes, byte* out,
         const byte* in, word32 sz,
         const byte* iv, word32 ivSz,
         const byte* authTag, word32 authTagSz,
         const byte* authIn, word32 authInSz,
         void* ctx);
-#endif /* NO_AES */
+#endif /* HAVE_AESGCM */
+#endif /* !NO_AES */
+
 WOLFSSL_API int wc_tsip_ShaXHmacVerify(
         const struct WOLFSSL *ssl,
         const byte* message,
@@ -625,13 +639,17 @@ WOLFSSL_API int wc_tsip_Sha256HmacGenerate(
         word32      sz,
         byte*       digest);
 
-WOLFSSL_LOCAL int  tsip_Open();
+WOLFSSL_LOCAL int  tsip_Open(void);
 
-WOLFSSL_LOCAL void tsip_Close();
+WOLFSSL_LOCAL void tsip_Close(void);
 
-WOLFSSL_LOCAL int  tsip_hw_lock();
+#ifdef SINGLE_THREADED
-
+#define tsip_hw_lock() 0
-WOLFSSL_LOCAL void tsip_hw_unlock( void );
+#define tsip_hw_unlock()
+#else
+WOLFSSL_LOCAL int  tsip_hw_lock(void);
+WOLFSSL_LOCAL void tsip_hw_unlock(void);
+#endif
 
 WOLFSSL_LOCAL int  tsip_usable(const struct WOLFSSL *ssl,
                                 uint8_t session_key_generated);