diff --git a/sslSniffer/README.md b/sslSniffer/README.md index 34d46c2ab..ad5bade76 100644 --- a/sslSniffer/README.md +++ b/sslSniffer/README.md @@ -88,7 +88,7 @@ To build with OCTEON III support for a Linux host: ## Command Line Options -The wolfSSL sniffer includes a test application `snifftest` in the `sslSniffer/sslSnifferTest/ directory`. The command line application has several options that can be passed in at runtime to change the default behavior of the application. To execute a “live” sniff just run the application without any parameters and then pick an interface to sniff on followed by the port. +The wolfSSL sniffer includes a test application `snifftest` in the `sslSniffer/sslSnifferTest/` directory. The command line application has several options that can be passed in at runtime to change the default behavior of the application. To execute a “live” sniff just run the application without any parameters and then pick an interface to sniff on followed by the port. An example startup may look like this: diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 90ed9b70a..e828f5f06 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -3920,11 +3920,12 @@ static int wc_ecc_shared_secret_gen_async(ecc_key* private_key, int err; #if defined(HAVE_CAVIUM_V) || defined(HAVE_INTEL_QA) -#ifdef HAVE_CAVIUM_V - /* verify the curve is supported by hardware */ - if (NitroxEccIsCurveSupported(private_key)) -#endif - { + if (private_key->dp && private_key->dp->id != ECC_CURVE_CUSTOM + #ifdef HAVE_CAVIUM_V + /* verify the curve is supported by hardware */ + && NitroxEccIsCurveSupported(private_key) + #endif + ) { word32 keySz = private_key->dp->size; /* sync public key x/y */ diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index e5d619703..538ea6b16 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -1027,6 +1027,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags) #else wc_Sha sha[1]; #endif + int devId = INVALID_DEVID; #ifdef WOLFSSL_SMALL_STACK sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1034,8 +1035,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags) return MEMORY_E; #endif - if ((ret = wc_InitSha_ex(sha, NULL, - wc_CryptoCb_GetDevIdAtIndex(0))) != 0) { + #ifdef WOLF_CRYPTO_CB + /* only use devId if its not an empty hash */ + if (data != NULL && len > 0) + devId = wc_CryptoCb_GetDevIdAtIndex(0); + #endif + + if ((ret = wc_InitSha_ex(sha, NULL, devId)) != 0) { WOLFSSL_MSG("InitSha failed"); } else { @@ -1103,6 +1109,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags) #else wc_Sha256 sha256[1]; #endif + int devId = INVALID_DEVID; #ifdef WOLFSSL_SMALL_STACK sha256 = (wc_Sha256*)XMALLOC(sizeof(wc_Sha256), NULL, @@ -1111,8 +1118,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags) return MEMORY_E; #endif - if ((ret = wc_InitSha256_ex(sha256, NULL, - wc_CryptoCb_GetDevIdAtIndex(0))) != 0) { + #ifdef WOLF_CRYPTO_CB + /* only use devId if its not an empty hash */ + if (data != NULL && len > 0) + devId = wc_CryptoCb_GetDevIdAtIndex(0); + #endif + + if ((ret = wc_InitSha256_ex(sha256, NULL, devId)) != 0) { WOLFSSL_MSG("InitSha256 failed"); } else { diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 58e24fb6c..d228e678b 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -3158,7 +3158,8 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out, defined(HAVE_CAVIUM) if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA && pad_type != WC_RSA_PSS_PAD) { - if (ret > 0) { + ret = key->asyncDev.event.ret; + if (ret >= 0) { /* convert result */ byte* dataLen = (byte*)&key->dataLen; ret = (dataLen[0] << 8) | (dataLen[1]); diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 39d573304..ee50ac907 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -526,6 +526,11 @@ int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len) return BAD_FUNC_ARG; } + if (data == NULL && len == 0) { + /* valid, but do nothing */ + return 0; + } + #ifdef WOLF_CRYPTO_CB if (sha->devId != INVALID_DEVID) { ret = wc_CryptoCb_ShaHash(sha, data, len, NULL); @@ -547,11 +552,6 @@ int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len) if (sha->buffLen >= WC_SHA_BLOCK_SIZE) return BUFFER_E; - if (data == NULL && len == 0) { - /* valid, but do nothing */ - return 0; - } - /* add length for final */ AddLength(sha, len); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 88287970e..3d1db9f1f 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -9196,8 +9196,8 @@ static int aesgcm_test(void) #endif #endif -#if !defined(BENCH_EMBEDDED) - #ifndef BENCH_AESGCM_LARGE +#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) + #if !defined(BENCH_AESGCM_LARGE) #define BENCH_AESGCM_LARGE 1024 #endif byte *large_input = (byte *)XMALLOC(BENCH_AESGCM_LARGE, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -9561,7 +9561,7 @@ static int aesgcm_test(void) out: -#if !defined(BENCH_EMBEDDED) +#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) if (large_input) XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (large_output) @@ -12142,8 +12142,7 @@ static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng) #elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) /* async may not require RNG */ if (ret != 0 && ret != MISSING_RNG_E) -#elif defined(HAVE_FIPS) || defined(WOLFSSL_ASYNC_CRYPT) || \ - !defined(WC_RSA_BLINDING) +#elif defined(HAVE_FIPS) || !defined(WC_RSA_BLINDING) /* FIPS140 implementation does not do blinding */ if (ret != 0) #elif defined(WOLFSSL_RSA_PUBLIC_ONLY) diff --git a/wolfssl/wolfcrypt/cryptocb.h b/wolfssl/wolfcrypt/cryptocb.h index 0ca091146..5981d0f00 100644 --- a/wolfssl/wolfcrypt/cryptocb.h +++ b/wolfssl/wolfcrypt/cryptocb.h @@ -306,10 +306,6 @@ WOLFSSL_LOCAL int wc_CryptoCb_RandomBlock(WC_RNG* rng, byte* out, word32 sz); WOLFSSL_LOCAL int wc_CryptoCb_RandomSeed(OS_Seed* os, byte* seed, word32 sz); #endif -#else - -#define wc_CryptoCb_GetDevIdAtIndex(idx) (INVALID_DEVID) - #endif /* WOLF_CRYPTO_CB */ #ifdef __cplusplus