diff --git a/src/tls13.c b/src/tls13.c index af7971aa3..e59942576 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -241,7 +241,6 @@ static int Tls13HKDFExpandLabel(WOLFSSL* ssl, byte* okm, word32 okmLen, return ret; } -#if !defined(HAVE_FIPS) || !defined(wc_Tls13_HKDF_Expand_Label) /* Same as above, but pass in the side we are expanding for. * * side The side (WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END). @@ -253,8 +252,9 @@ static int Tls13HKDFExpandKeyLabel(WOLFSSL* ssl, byte* okm, word32 okmLen, const byte* info, word32 infoLen, int digest, int side) { + int ret; #if defined(HAVE_PK_CALLBACKS) - int ret = NOT_COMPILED_IN; + ret = NOT_COMPILED_IN; if (ssl->ctx && ssl->ctx->HKDFExpandLabelCb) { ret = ssl->ctx->HKDFExpandLabelCb(okm, okmLen, prk, prkLen, protocol, protocolLen, @@ -262,33 +262,38 @@ static int Tls13HKDFExpandKeyLabel(WOLFSSL* ssl, byte* okm, word32 okmLen, info, infoLen, digest, side); } - if (ret != NOT_COMPILED_IN) return ret; #endif -/* hash buffer may not be fully initialized, but the sending length won't - * extend beyond the initialized span. - */ + /* Hash buffer may not be fully initialized, but the sending length won't + * extend beyond the initialized span. */ PRAGMA_GCC_DIAG_PUSH PRAGMA_GCC("GCC diagnostic ignored \"-Wmaybe-uninitialized\"") - (void)ssl; - (void)side; #if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) - return wc_Tls13_HKDF_Expand_Label_ex(okm, okmLen, prk, prkLen, + ret = wc_Tls13_HKDF_Expand_Label_ex(okm, okmLen, prk, prkLen, protocol, protocolLen, label, labelLen, info, infoLen, digest, ssl->heap, ssl->devId); + +#elif defined(HAVE_FIPS) && defined(wc_Tls13_HKDF_Expand_Label) + ret = wc_Tls13_HKDF_Expand_Label_fips(okm, okmLen, prk, prkLen, + protocol, protocolLen, + label, labelLen, + info, infoLen, digest); #else - return wc_Tls13_HKDF_Expand_Label(okm, okmLen, prk, prkLen, + ret = wc_Tls13_HKDF_Expand_Label(okm, okmLen, prk, prkLen, protocol, protocolLen, label, labelLen, info, infoLen, digest); #endif PRAGMA_GCC_DIAG_POP + (void)ssl; + (void)side; + return ret; } -#endif /* !HAVE_FIPS || !wc_Tls13_HKDF_Expand_Label */ + /* Derive a key from a message. * @@ -493,26 +498,16 @@ int Tls13DeriveKey(WOLFSSL* ssl, byte* output, int outputLen, /* hash buffer may not be fully initialized, but the sending length won't * extend beyond the initialized span. */ - PRAGMA_GCC_DIAG_PUSH - PRAGMA_GCC("GCC diagnostic ignored \"-Wmaybe-uninitialized\"") PRIVATE_KEY_UNLOCK(); - #if defined(HAVE_FIPS) && defined(wc_Tls13_HKDF_Expand_Label) - (void)side; - ret = wc_Tls13_HKDF_Expand_Label_fips(output, outputLen, secret, hashSz, - protocol, protocolLen, label, labelLen, - hash, hashOutSz, digestAlg); - #else ret = Tls13HKDFExpandKeyLabel(ssl, output, outputLen, secret, hashSz, protocol, protocolLen, label, labelLen, hash, hashOutSz, digestAlg, side); - #endif PRIVATE_KEY_LOCK(); #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Add("TLS 1.3 derived key", output, outputLen); #endif return ret; - PRAGMA_GCC_DIAG_POP } /* Convert TLS mac ID to a hash algorithm ID diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c index e46429d87..ce49e4671 100644 --- a/wolfcrypt/src/cryptocb.c +++ b/wolfcrypt/src/cryptocb.c @@ -181,27 +181,35 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info) else #endif { - printf("Crypto CB: %s %s (%d)\n", GetAlgoTypeStr(info->algo_type), + printf("Crypto CB: %s %s (%d)\n", + GetAlgoTypeStr(info->algo_type), GetPkTypeStr(info->pk.type), info->pk.type); } } else if (info->algo_type == WC_ALGO_TYPE_CIPHER) { - printf("Crypto CB: %s %s (%d) (%p ctx)\n", GetAlgoTypeStr(info->algo_type), - GetCipherTypeStr(info->cipher.type), info->cipher.type, info->cipher.ctx); + printf("Crypto CB: %s %s (%d) (%p ctx)\n", + GetAlgoTypeStr(info->algo_type), + GetCipherTypeStr(info->cipher.type), + info->cipher.type, info->cipher.ctx); } else if (info->algo_type == WC_ALGO_TYPE_HASH) { - printf("Crypto CB: %s %s (%d) (%p ctx) %s\n", GetAlgoTypeStr(info->algo_type), - GetHashTypeStr(info->hash.type), info->hash.type, info->hash.ctx, + printf("Crypto CB: %s %s (%d) (%p ctx) %s\n", + GetAlgoTypeStr(info->algo_type), + GetHashTypeStr(info->hash.type), + info->hash.type, info->hash.ctx, (info->hash.in != NULL) ? "Update" : "Final"); } else if (info->algo_type == WC_ALGO_TYPE_HMAC) { - printf("Crypto CB: %s %s (%d) (%p ctx) %s\n", GetAlgoTypeStr(info->algo_type), - GetHashTypeStr(info->hmac.macType), info->hmac.macType, info->hmac.hmac, + printf("Crypto CB: %s %s (%d) (%p ctx) %s\n", + GetAlgoTypeStr(info->algo_type), + GetHashTypeStr(info->hmac.macType), + info->hmac.macType, info->hmac.hmac, (info->hmac.in != NULL) ? "Update" : "Final"); } #ifdef WOLF_CRYPTO_CB_CMD else if (info->algo_type == WC_ALGO_TYPE_NONE) { - printf("Crypto CB: %s %s (%d)\n", GetAlgoTypeStr(info->algo_type), + printf("Crypto CB: %s %s (%d)\n", + GetAlgoTypeStr(info->algo_type), GetCryptoCbCmdTypeStr(info->cmd.type), info->cmd.type); } #endif