Merge pull request #9750 from douzzer/20260206-fixes

20260206-fixes
This commit is contained in:
David Garske
2026-02-06 14:54:58 -08:00
committed by GitHub
3 changed files with 83 additions and 79 deletions
+3 -4
View File
@@ -36,7 +36,6 @@ BLAKE2B_SELFTEST
BLAKE2S_SELFTEST
BLOCKING
BSDKM_EXPORT_SYMS
ENABLED_BSDKM_REGISTER
BSP_DEFAULT_IO_CHANNEL_DEFINED
BSP_LED_0
BSP_LED_1
@@ -215,6 +214,7 @@ DTLS_RECEIVEFROM_NO_TIMEOUT_ON_INVALID_PEER
ECCSI_ORDER_MORE_BITS_THAN_PRIME
ECC_DUMP_OID
ECDHE_SIZE
ENABLED_BSDKM_REGISTER
ENABLE_SECURE_SOCKETS_LOGS
ESP32
ESP8266
@@ -281,10 +281,10 @@ HAVE_INTEL_QAT_SYNC
HAVE_INTEL_SPEEDUP
HAVE_MDK_RTX
HAVE_NETX_BSD
HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK
HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK
HAVE_PKCS11_STATIC
HAVE_PKCS11_V3_STATIC
HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK
HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK
HAVE_POCO_LIB
HAVE_RTP_SYS
HAVE_SECURE_GETENV
@@ -636,7 +636,6 @@ WC_NO_VERBOSE_RNG
WC_PKCS11_FIND_WITH_ID_ONLY
WC_PROTECT_ENCRYPTED_MEM
WC_RNG_BLOCKING
WC_RSA_DIRECT
WC_RSA_NONBLOCK
WC_RSA_NONBLOCK_TIME
WC_RSA_NO_FERMAT_CHECK
+14 -16
View File
@@ -84,14 +84,12 @@ static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz,
type = DYNAMIC_TYPE_DILITHIUM;
break;
#endif
#if defined(HAVE_FALCON)
#if defined(HAVE_FALCON)
case FALCON_LEVEL1k:
case FALCON_LEVEL5k:
type = DYNAMIC_TYPE_FALCON;
break;
#endif
default:
type = 0;
#endif
}
ret = CreateDevPrivateKey(&pkey, privKey, privSz, type, label, id, heap,
@@ -108,12 +106,12 @@ static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz,
ret = wc_CryptoCb_RsaCheckPrivKey((RsaKey*)pkey, pubKey, pubSz);
break;
#endif
#ifdef HAVE_ECC
#ifdef HAVE_ECC
case ECDSAk:
ret = wc_CryptoCb_EccCheckPrivKey((ecc_key*)pkey, pubKey,
pubSz);
break;
#endif
#endif
#if defined(HAVE_DILITHIUM)
case ML_DSA_LEVEL2k:
case ML_DSA_LEVEL3k:
@@ -127,13 +125,13 @@ static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz,
WC_PQC_SIG_TYPE_DILITHIUM, pubKey, pubSz);
break;
#endif
#if defined(HAVE_FALCON)
#if defined(HAVE_FALCON)
case FALCON_LEVEL1k:
case FALCON_LEVEL5k:
ret = wc_CryptoCb_PqcSignatureCheckPrivKey(pkey,
WC_PQC_SIG_TYPE_FALCON, pubKey, pubSz);
break;
#endif
#endif
default:
ret = 0;
}
@@ -146,31 +144,31 @@ static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz,
#endif
switch (keyOID) {
#ifndef NO_RSA
#ifndef NO_RSA
case RSAk:
#ifdef WC_RSA_PSS
#ifdef WC_RSA_PSS
case RSAPSSk:
#endif
#endif
wc_FreeRsaKey((RsaKey*)pkey);
break;
#endif
#endif
#ifdef HAVE_ECC
case ECDSAk:
wc_ecc_free((ecc_key*)pkey);
break;
#endif
#if defined(HAVE_DILITHIUM)
#if defined(HAVE_DILITHIUM)
case ML_DSA_LEVEL2k:
case ML_DSA_LEVEL3k:
case ML_DSA_LEVEL5k:
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
case DILITHIUM_LEVEL2k:
case DILITHIUM_LEVEL3k:
case DILITHIUM_LEVEL5k:
#endif
#endif
wc_dilithium_free((dilithium_key*)pkey);
break;
#endif
#endif
#if defined(HAVE_FALCON)
case FALCON_LEVEL1k:
case FALCON_LEVEL5k:
+66 -59
View File
@@ -31783,7 +31783,10 @@ typedef struct Srtp_Kdf_Tv {
word32 ksSz;
} Srtp_Kdf_Tv;
#define SRTP_KDF_LONG_KEY 5000
#if !defined(BENCH_EMBEDDED) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
#define SRTP_KDF_LONG_KEY 5000
#endif
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
{
@@ -32036,13 +32039,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
unsigned char keyE[32];
unsigned char keyA[20];
unsigned char keyS[14];
#ifndef BENCH_EMBEDDED
#ifdef SRTP_KDF_LONG_KEY
WC_DECLARE_VAR(keyELong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
WC_DECLARE_VAR(keyALong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
WC_DECLARE_VAR(keySLong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
#endif
#ifndef BENCH_EMBEDDED
#ifdef SRTP_KDF_LONG_KEY
WC_ALLOC_VAR(keyELong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
WC_ALLOC_VAR(keyALong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
WC_ALLOC_VAR(keySLong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
@@ -32071,73 +32074,73 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(keyE, tv[i].ke, tv[i].keSz) != 0)
return WC_TEST_RET_ENC_NC;
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(keyA, tv[i].ka, tv[i].kaSz) != 0)
return WC_TEST_RET_ENC_NC;
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(keyS, tv[i].ks, tv[i].ksSz) != 0)
return WC_TEST_RET_ENC_NC;
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_SRTP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
tv[i].saltSz, tv[i].kdfIdx, tv[i].index, WC_SRTP_LABEL_ENCRYPTION,
keyE, tv[i].keSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(keyE, tv[i].ke, tv[i].keSz) != 0)
return WC_TEST_RET_ENC_NC;
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_SRTP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
tv[i].saltSz, tv[i].kdfIdx, tv[i].index, WC_SRTP_LABEL_MSG_AUTH,
keyA, tv[i].kaSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(keyA, tv[i].ka, tv[i].kaSz) != 0)
return WC_TEST_RET_ENC_NC;
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_SRTP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
tv[i].saltSz, tv[i].kdfIdx, tv[i].index, WC_SRTP_LABEL_SALT, keyS,
tv[i].ksSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(keyS, tv[i].ks, tv[i].ksSz) != 0)
return WC_TEST_RET_ENC_NC;
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(keyE, tv[i].ke_c, tv[i].keSz) != 0)
return WC_TEST_RET_ENC_NC;
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(keyA, tv[i].ka_c, tv[i].kaSz) != 0)
return WC_TEST_RET_ENC_NC;
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(keyS, tv[i].ks_c, tv[i].ksSz) != 0)
return WC_TEST_RET_ENC_NC;
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_SRTCP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c,
WC_SRTCP_LABEL_ENCRYPTION, keyE, tv[i].keSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(keyE, tv[i].ke_c, tv[i].keSz) != 0)
return WC_TEST_RET_ENC_NC;
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_SRTCP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, WC_SRTCP_LABEL_MSG_AUTH,
keyA, tv[i].kaSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(keyA, tv[i].ka_c, tv[i].kaSz) != 0)
return WC_TEST_RET_ENC_NC;
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_SRTCP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, WC_SRTCP_LABEL_SALT,
keyS, tv[i].ksSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(keyS, tv[i].ks_c, tv[i].ksSz) != 0)
return WC_TEST_RET_ENC_NC;
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#ifdef WOLFSSL_AES_128
@@ -32151,115 +32154,115 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTCP_KDF(tv[i].key, 33, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTP_KDF(tv[i].key, 15, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTCP_KDF(tv[i].key, 15, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, 15,
tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, 15,
tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTP_KDF(NULL, tv[i].keySz, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTCP_KDF(NULL, tv[i].keySz, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, NULL, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, NULL, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
25, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
25, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
-2, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
-2, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index, NULL, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index_c, NULL, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, NULL, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, NULL, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
NULL, tv[i].ksSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
NULL, tv[i].ksSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
idx = wc_SRTP_KDF_kdr_to_idx(0);
if (idx != -1)
return WC_TEST_RET_ENC_NC;
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
for (i = 0; i < 32; i++) {
word32 kdr = 1U << i;
@@ -32271,13 +32274,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
keyA, tv[i].kaSz, keyS, tv[i].ksSz,
WC_SRTCP_48BIT_IDX);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(keyE, srtcpKe_48_1, tv[i].keSz) != 0)
return WC_TEST_RET_ENC_NC;
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(keyA, srtcpKa_48_1, tv[i].kaSz) != 0)
return WC_TEST_RET_ENC_NC;
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(keyS, srtcpKs_48_1, tv[i].ksSz) != 0)
return WC_TEST_RET_ENC_NC;
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_SRTCP_KDF_ex(mk48_2, (word32)sizeof(mk48_2),
ms48_2, (word32)sizeof(ms48_2),
@@ -32285,44 +32288,48 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
keyA, tv[i].kaSz, keyS, tv[i].ksSz,
WC_SRTCP_48BIT_IDX);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(keyE, srtcpKe_48_2, tv[i].keSz) != 0)
return WC_TEST_RET_ENC_NC;
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(keyA, srtcpKa_48_2, tv[i].kaSz) != 0)
return WC_TEST_RET_ENC_NC;
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(keyS, srtcpKs_48_2, tv[i].ksSz) != 0)
return WC_TEST_RET_ENC_NC;
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
idx = wc_SRTP_KDF_kdr_to_idx(kdr);
if (idx != i)
return WC_TEST_RET_ENC_NC;
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#ifndef BENCH_EMBEDDED
#ifdef SRTP_KDF_LONG_KEY
/* Check that long messages can be created. */
ret = wc_SRTP_KDF(tv[0].key, tv[0].keySz, tv[0].salt, tv[0].saltSz,
tv[0].kdfIdx, tv[0].index_c, keyELong, SRTP_KDF_LONG_KEY, keyALong,
SRTP_KDF_LONG_KEY, keySLong, SRTP_KDF_LONG_KEY);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* Check that two bytes of counter are being used. */
if (XMEMCMP(keyELong, keyELong + 4096, SRTP_KDF_LONG_KEY - 4096) == 0) {
return WC_TEST_RET_ENC_NC;
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
if (XMEMCMP(keyELong, keyALong + 4096, SRTP_KDF_LONG_KEY - 4096) == 0) {
return WC_TEST_RET_ENC_NC;
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
if (XMEMCMP(keyELong, keySLong + 4096, SRTP_KDF_LONG_KEY - 4096) == 0) {
return WC_TEST_RET_ENC_NC;
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif /* SRTP_KDF_LONG_KEY */
out:
#ifdef SRTP_KDF_LONG_KEY
WC_FREE_VAR(keyELong, HEAP_HINT);
WC_FREE_VAR(keyALong, HEAP_HINT);
WC_FREE_VAR(keySLong, HEAP_HINT);
#endif
return 0;
return ret;
}
#endif