HMAC Init

1. wc_HmacSetKey() has a check against the hmac's type that assumes one has called wc_HmacInit() on the object first. In FIPS Ready builds we do not have wc_HmacInit() in the boundary. This change removes that check and action when making a FIPS build. The free called doesn't do anything in the FIPS build case. 2. Initialize the Hmac's macType to WC_HASH_TYPE_NONE. Check the macType against that rather than 0. There are some build configs where none isn't 0.
2025-07-29 18:27:29 +02:00 · 2020-03-05 13:38:02 -08:00
parent 805034bca3
commit 9fe2ddacf4
1 changed files with 8 additions and 1 deletions
--- a/wolfcrypt/src/hmac.c
+++ b/wolfcrypt/src/hmac.c
@ -293,10 +293,16 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
        return BAD_FUNC_ARG;
    }

+#ifndef HAVE_FIPS
    /* if set key has already been run then make sure and free existing */
-    if (hmac->macType != 0) {
+    /* This is for async and PIC32MZ situations, and just normally OK,
+       provided the user calls wc_HmacInit() first. That function is not
+       available in FIPS builds. In current FIPS builds, the hashes are
+       not allocating resources. */
+    if (hmac->macType != WC_HASH_TYPE_NONE) {
        wc_HmacFree(hmac);
    }
+#endif

    hmac->innerHashKeyed = 0;
    hmac->macType = (byte)type;
@ -979,6 +985,7 @@ int wc_HmacInit(Hmac* hmac, void* heap, int devId)
        return BAD_FUNC_ARG;

    XMEMSET(hmac, 0, sizeof(Hmac));
+    hmac->macType = WC_HASH_TYPE_NONE;
    hmac->heap = heap;
 #ifdef WOLF_CRYPTO_CB
    hmac->devId = devId;