From dc31b9238ff45961e0c5a317fce4165d14d8a2c0 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Fri, 23 Oct 2015 11:55:17 -0600
Subject: [PATCH] wolfcrypt init

---
 src/ssl.c                       |  6 ++-
 wolfcrypt/benchmark/benchmark.c |  4 +-
 wolfcrypt/src/wc_port.c         | 24 ++++++++++++
 wolfcrypt/user-crypto/src/rsa.c | 68 +++++++++++++++++++++++----------
 wolfssl/wolfcrypt/error-crypt.h |  2 +
 wolfssl/wolfcrypt/wc_port.h     |  2 +
 6 files changed, 83 insertions(+), 23 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index c6e39b417..575e9a8a7 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -2298,7 +2298,6 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify)
 
 #endif /* NO_SESSION_CACHE */
 
-
 int wolfSSL_Init(void)
 {
     int ret = SSL_SUCCESS;
@@ -2318,6 +2317,11 @@ int wolfSSL_Init(void)
             WOLFSSL_MSG("Bad Lock Mutex count");
             return BAD_MUTEX_E;
         }
+
+        /* Initialize crypto for use with TLS connection */
+        if (wolfcrypt_Init() != 0)
+            ret = WC_FAILURE_E;
+
         initRefCount++;
         UnLockMutex(&count_mutex);
     }
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index 5695a60df..fbcf360b2 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -244,6 +244,8 @@ int benchmark_test(void *args)
 {
 #endif
 
+    wolfcrypt_Init();
+
     #if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND)
         wolfSSL_Debugging_ON();
     #endif
@@ -259,7 +261,7 @@ int benchmark_test(void *args)
         printf("Cavium OpenNitroxDevice failed\n");
         exit(-1);
     }
-#endif /* HAVE_CAVIUM */
+    #endif /* HAVE_CAVIUM */
 
 #if defined(HAVE_LOCAL_RNG)
     {
diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c
index 8a6d7513a..9956da3c4 100644
--- a/wolfcrypt/src/wc_port.c
+++ b/wolfcrypt/src/wc_port.c
@@ -26,7 +26,13 @@
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
 
+/* IPP header files for library initialization */
+#ifdef HAVE_FAST_RSA
+#include <ipp.h>
+#include <ippcp.h>
+#endif
 
 #ifdef _MSC_VER
     /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
@@ -34,6 +40,24 @@
 #endif
 
 
+/* Used to initialize state for wolfcrypt
+   return 0 on success
+ */
+int wolfcrypt_Init()
+{
+    /* if defined have fast RSA then initialize Intel IPP */
+    #ifdef HAVE_FAST_RSA
+        WOLFSSL_MSG("Setting up IPP Library");
+        if (ippInit() != ippStsNoErr) {
+            WOLFSSL_MSG("Error setting up optimized Intel library to use!");
+            return -1;
+        }
+    #endif
+
+    return 0;
+}
+
+
 #if WOLFSSL_CRYPT_HW_MUTEX
 /* Mutex for protection of cryptograpghy hardware */
 static wolfSSL_Mutex wcCryptHwMutex;
diff --git a/wolfcrypt/user-crypto/src/rsa.c b/wolfcrypt/user-crypto/src/rsa.c
index 55ef3b1e4..7ba835803 100644
--- a/wolfcrypt/user-crypto/src/rsa.c
+++ b/wolfcrypt/user-crypto/src/rsa.c
@@ -77,7 +77,6 @@ enum {
 };
 
 
-static int ippSet = 0;
 int wc_InitRsaKey(RsaKey* key, void* heap)
 {
 
@@ -86,15 +85,6 @@ int wc_InitRsaKey(RsaKey* key, void* heap)
     if (key == NULL)
         return USER_CRYPTO_ERROR;
 
-    if (!ippSet) {
-        USER_DEBUG(("Setting up IPP Library\n"));
-        /* Selects the right optimizations to use */
-        if (ippInit() != ippStsNoErr) {
-            USER_DEBUG(("Error setting up optimized library to use!\n"));
-            return USER_CRYPTO_ERROR;
-        }
-        ippSet = 1;
-    }
     /* set full struct as 0 */
     ForceZero(key, sizeof(RsaKey));
 
@@ -579,39 +569,61 @@ int wc_FreeRsaKey(RsaKey* key)
     if (key == NULL)
         return 0;
 
-    if (key->pPub != NULL)
+    USER_DEBUG(("Entering wc_FreeRsaKey\n"));
+
+    if (key->pPub != NULL) {
         XFREE(key->pPub, NULL, DYNAMIC_TYPE_KEY);
+        key->pPub = NULL;
+    }
 
     if (key->pPrv != NULL) {
         /* write over senstive information */
         ForceZero(key->pPrv, key->prvSz);
         XFREE(key->pPrv, NULL, DYNAMIC_TYPE_KEY);
+        key->pPrv = NULL;
     }
 
-    if (key->n != NULL)
+    if (key->n != NULL) {
         XFREE(key->n, NULL, DYNAMIC_TYPE_ARRAYS);
+        key->n = NULL;
+    }
 
-    if (key->e != NULL)
+    if (key->e != NULL) {
         XFREE(key->e, NULL, DYNAMIC_TYPE_ARRAYS);
+        key->e = NULL;
+    }
 
-    if (key->dipp != NULL)
+    if (key->dipp != NULL) {
         XFREE(key->dipp, NULL, DYNAMIC_TYPE_ARRAYS);
+        key->dipp = NULL;
+    }
 
-    if (key->pipp != NULL)
+    if (key->pipp != NULL) {
         XFREE(key->pipp, NULL, DYNAMIC_TYPE_ARRAYS);
+        key->pipp = NULL;
+    }
 
-    if (key->qipp != NULL)
+    if (key->qipp != NULL) {
         XFREE(key->qipp, NULL, DYNAMIC_TYPE_ARRAYS);
+        key->qipp = NULL;
+    }
 
-    if (key->dPipp != NULL)
+    if (key->dPipp != NULL) {
         XFREE(key->dPipp, NULL, DYNAMIC_TYPE_ARRAYS);
+        key->dPipp = NULL;
+    }
 
-    if (key->dQipp != NULL)
+    if (key->dQipp != NULL) {
         XFREE(key->dQipp, NULL, DYNAMIC_TYPE_ARRAYS);
+        key->dQipp = NULL;
+    }
 
-    if (key->uipp != NULL)
+    if (key->uipp != NULL) {
         XFREE(key->uipp, NULL, DYNAMIC_TYPE_ARRAYS);
+        key->uipp = NULL;
+    }
 
+    USER_DEBUG(("\tExit wc_FreeRsaKey\n"));
     (void)key;
 
     return 0;
@@ -1151,12 +1163,26 @@ int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
 int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key)
 {
     int outSz;
+    byte* tmp;
 
     USER_DEBUG(("Entering wc_RsaPrivateDecryptInline\n"));
 
-    outSz = wc_RsaPrivateDecrypt(in, inLen, in, inLen, key);
-    *out = in;
+    /* allocate a buffer for max decrypted text */
+    tmp = XMALLOC(key->sz, NULL, DYNAMIC_TYPE_ARRAYS);
+    if (tmp == NULL)
+        return USER_CRYPTO_ERROR;
 
+    outSz = wc_RsaPrivateDecrypt(in, inLen, tmp, key->sz, key);
+    if (outSz >= 0) {
+        XMEMCPY(in, tmp, outSz);
+        *out = in;
+    }
+    else {
+        XFREE(tmp, NULL, DYNAMIC_TYPE_ARRAYS);
+        return USER_CRYPTO_ERROR;
+    }
+
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ARRAYS);
     USER_DEBUG(("\tExit wc_RsaPrivateDecryptInline\n"));
 
     return outSz;
diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h
index f08ecbd98..7a1100bcf 100644
--- a/wolfssl/wolfcrypt/error-crypt.h
+++ b/wolfssl/wolfcrypt/error-crypt.h
@@ -161,6 +161,8 @@ enum {
     KEYUSAGE_E          = -226,  /* Bad Key Usage value */
     CERTPOLICIES_E      = -227,  /* setting Certificate Policies error */
 
+    WC_FAILURE_E        = -228,  /* wolfcrypt failed to initialize */
+
     MIN_CODE_E          = -300   /* errors -101 - -299 */
 };
 
diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h
index 7e260f923..9697f8aa8 100644
--- a/wolfssl/wolfcrypt/wc_port.h
+++ b/wolfssl/wolfcrypt/wc_port.h
@@ -169,6 +169,8 @@ WOLFSSL_LOCAL int FreeMutex(wolfSSL_Mutex*);
 WOLFSSL_LOCAL int LockMutex(wolfSSL_Mutex*);
 WOLFSSL_LOCAL int UnLockMutex(wolfSSL_Mutex*);
 
+/* main crypto initialization function */
+WOLFSSL_API int wolfcrypt_Init(void);
 
 /* filesystem abstraction layer, used by ssl.c */
 #ifndef NO_FILESYSTEM