From 9fe2ddacf45174f7d4b4d0da046a3a397b72a559 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 5 Mar 2020 13:38:02 -0800 Subject: [PATCH] HMAC Init 1. wc_HmacSetKey() has a check against the hmac's type that assumes one has called wc_HmacInit() on the object first. In FIPS Ready builds we do not have wc_HmacInit() in the boundary. This change removes that check and action when making a FIPS build. The free called doesn't do anything in the FIPS build case. 2. Initialize the Hmac's macType to WC_HASH_TYPE_NONE. Check the macType against that rather than 0. There are some build configs where none isn't 0. --- wolfcrypt/src/hmac.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index be26310cf..bcebc1ce2 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -293,10 +293,16 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) return BAD_FUNC_ARG; } +#ifndef HAVE_FIPS /* if set key has already been run then make sure and free existing */ - if (hmac->macType != 0) { + /* This is for async and PIC32MZ situations, and just normally OK, + provided the user calls wc_HmacInit() first. That function is not + available in FIPS builds. In current FIPS builds, the hashes are + not allocating resources. */ + if (hmac->macType != WC_HASH_TYPE_NONE) { wc_HmacFree(hmac); } +#endif hmac->innerHashKeyed = 0; hmac->macType = (byte)type; @@ -979,6 +985,7 @@ int wc_HmacInit(Hmac* hmac, void* heap, int devId) return BAD_FUNC_ARG; XMEMSET(hmac, 0, sizeof(Hmac)); + hmac->macType = WC_HASH_TYPE_NONE; hmac->heap = heap; #ifdef WOLF_CRYPTO_CB hmac->devId = devId;