WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix one shot hash routines to attempt offloading to crypto callbacks. Fix random.c health test to use devId. Fix FIPS unused "ssl".

pull/7070/head
David Garske 2023-12-19 11:20:18 -08:00
parent 2001d1c74b
commit fb5eab8f79
4 changed files with 143 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/tls13.c
View File

@ -1142,6 +1142,7 @@ static int Tls13_HKDF_Extract(WOLFSSL *ssl, byte* prk, const byte* salt,
ssl->heap, ssl->devId);
#else
ret = wc_Tls13_HKDF_Extract(prk, salt, saltLen, ikm, ikmLen, digest);
(void)ssl;
#endif
}
return ret;

3
wolfcrypt/src/cryptocb.c
View File

@ -1446,7 +1446,8 @@ int wc_CryptoCb_DefaultDevID(void)
#elif defined(WC_USE_DEVID)
ret = WC_USE_DEVID;
#else
ret = INVALID_DEVID;
/* try first available */
ret = wc_CryptoCb_GetDevIdAtIndex(0);
#endif
return ret;

105
wolfcrypt/src/hash.c
View File

@ -1302,6 +1302,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E;
#endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitMd5_ex(md5, heap, devId)) != 0) {
WOLFSSL_MSG("InitMd5 failed");
}
@ -1344,6 +1351,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E;
#endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSha_ex(sha, heap, devId)) != 0) {
WOLFSSL_MSG("InitSha failed");
}
@ -1387,6 +1401,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E;
#endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSha224_ex(sha224, heap, devId)) != 0) {
WOLFSSL_MSG("InitSha224 failed");
}
@ -1430,6 +1451,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E;
#endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSha256_ex(sha256, heap, devId)) != 0) {
WOLFSSL_MSG("InitSha256 failed");
}
@ -1477,6 +1505,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E;
#endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSha512_ex(sha512, heap, devId)) != 0) {
WOLFSSL_MSG("InitSha512 failed");
}
@ -1519,6 +1554,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E;
#endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSha512_224_ex(sha512, heap, devId)) != 0) {
WOLFSSL_MSG("wc_InitSha512_224 failed");
}
@ -1564,6 +1606,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E;
#endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSha512_256_ex(sha512, heap, devId)) != 0) {
WOLFSSL_MSG("wc_InitSha512_256 failed");
}
@ -1610,6 +1659,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E;
#endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSha384_ex(sha384, heap, devId)) != 0) {
WOLFSSL_MSG("InitSha384 failed");
}
@ -1654,6 +1710,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E;
#endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSha3_224(sha3, heap, devId)) != 0) {
WOLFSSL_MSG("InitSha3_224 failed");
}
@ -1697,6 +1760,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E;
#endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSha3_256(sha3, heap, devId)) != 0) {
WOLFSSL_MSG("InitSha3_256 failed");
}
@ -1740,6 +1810,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E;
#endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSha3_384(sha3, heap, devId)) != 0) {
WOLFSSL_MSG("InitSha3_384 failed");
}
@ -1783,6 +1860,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E;
#endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSha3_512(sha3, heap, devId)) != 0) {
WOLFSSL_MSG("InitSha3_512 failed");
}
@ -1826,6 +1910,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E;
#endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitShake128(shake, heap, devId)) != 0) {
WOLFSSL_MSG("InitShake128 failed");
}
@ -1870,6 +1961,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E;
#endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitShake256(shake, heap, devId)) != 0) {
WOLFSSL_MSG("InitShake256 failed");
}
@ -1914,6 +2012,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return MEMORY_E;
#endif
#ifdef WOLF_CRYPTO_CB
/* find devId if its not an empty hash */
if (devId == INVALID_DEVID && data != NULL && len > 0) {
devId = wc_CryptoCb_DefaultDevID();
}
#endif
if ((ret = wc_InitSm3(sm3, heap, devId)) != 0) {
WOLFSSL_MSG("InitSm3 failed");
}

62
wolfcrypt/src/random.c
View File

@ -311,7 +311,7 @@ enum {
typedef struct DRBG_internal DRBG_internal;
static int wc_RNG_HealthTestLocal(int reseed);
static int wc_RNG_HealthTestLocal(int reseed, void* heap, int devId);
/* Hash Derivation Function */
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
@ -1619,7 +1619,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
if (nonceSz == 0)
seedSz = MAX_SEED_SZ;
if (wc_RNG_HealthTestLocal(0) == 0) {
if (wc_RNG_HealthTestLocal(0, rng->heap, devId) == 0) {
#ifndef WOLFSSL_SMALL_STACK
byte seed[MAX_SEED_SZ];
#else
@ -1830,7 +1830,11 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg, output, sz);
if (ret == DRBG_NEED_RESEED) {
if (wc_RNG_HealthTestLocal(1) == 0) {
int devId = INVALID_DEVID;
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
devId = rng->devId;
#endif
if (wc_RNG_HealthTestLocal(1, rng->heap, devId) == 0) {
#ifndef WOLFSSL_SMALL_STACK
byte newSeed[SEED_SZ + SEED_BLOCK_SZ];
ret = DRBG_SUCCESS;
@ -2083,7 +2087,7 @@ const FLASH_QUALIFIER byte outputB_data[] = {
};
static int wc_RNG_HealthTestLocal(int reseed)
static int wc_RNG_HealthTestLocal(int reseed, void* heap, int devId)
{
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK
@ -2102,17 +2106,17 @@ static int wc_RNG_HealthTestLocal(int reseed)
if (reseed) {
#ifdef WOLFSSL_USE_FLASHMEM
byte* seedA = (byte*)XMALLOC(sizeof(seedA_data), NULL,
byte* seedA = (byte*)XMALLOC(sizeof(seedA_data), heap,
DYNAMIC_TYPE_TMP_BUFFER);
byte* reseedSeedA = (byte*)XMALLOC(sizeof(reseedSeedA_data), NULL,
byte* reseedSeedA = (byte*)XMALLOC(sizeof(reseedSeedA_data), heap,
DYNAMIC_TYPE_TMP_BUFFER);
byte* outputA = (byte*)XMALLOC(sizeof(outputA_data), NULL,
byte* outputA = (byte*)XMALLOC(sizeof(outputA_data), heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (!seedA || !reseedSeedA || !outputA) {
XFREE(seedA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(reseedSeedA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outputA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(seedA, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(reseedSeedA, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outputA, heap, DYNAMIC_TYPE_TMP_BUFFER);
ret = MEMORY_E;
}
else {
@ -2124,9 +2128,11 @@ static int wc_RNG_HealthTestLocal(int reseed)
const byte* reseedSeedA = reseedSeedA_data;
const byte* outputA = outputA_data;
#endif
ret = wc_RNG_HealthTest(1, seedA, sizeof(seedA_data),
reseedSeedA, sizeof(reseedSeedA_data),
check, RNG_HEALTH_TEST_CHECK_SIZE);
ret = wc_RNG_HealthTest_ex(1, NULL, 0,
seedA, sizeof(seedA_data),
reseedSeedA, sizeof(reseedSeedA_data),
check, RNG_HEALTH_TEST_CHECK_SIZE,
heap, devId);
if (ret == 0) {
if (ConstantCompare(check, outputA,
RNG_HEALTH_TEST_CHECK_SIZE) != 0)
@ -2142,14 +2148,14 @@ static int wc_RNG_HealthTestLocal(int reseed)
}
else {
#ifdef WOLFSSL_USE_FLASHMEM
byte* seedB = (byte*)XMALLOC(sizeof(seedB_data), NULL,
byte* seedB = (byte*)XMALLOC(sizeof(seedB_data), heap,
DYNAMIC_TYPE_TMP_BUFFER);
byte* outputB = (byte*)XMALLOC(sizeof(outputB_data), NULL,
byte* outputB = (byte*)XMALLOC(sizeof(outputB_data), heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (!seedB || !outputB) {
XFREE(seedB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outputB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(seedB, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outputB, heap, DYNAMIC_TYPE_TMP_BUFFER);
ret = MEMORY_E;
}
else {
@ -2159,9 +2165,11 @@ static int wc_RNG_HealthTestLocal(int reseed)
const byte* seedB = seedB_data;
const byte* outputB = outputB_data;
#endif
ret = wc_RNG_HealthTest(0, seedB, sizeof(seedB_data),
NULL, 0,
check, RNG_HEALTH_TEST_CHECK_SIZE);
ret = wc_RNG_HealthTest_ex(0, NULL, 0,
seedB, sizeof(seedB_data),
NULL, 0,
check, RNG_HEALTH_TEST_CHECK_SIZE,
heap, devId);
if (ret == 0) {
if (ConstantCompare(check, outputB,
RNG_HEALTH_TEST_CHECK_SIZE) != 0)
@ -2174,11 +2182,11 @@ static int wc_RNG_HealthTestLocal(int reseed)
* byte 32, feed them into the health test separately. */
if (ret == 0) {
ret = wc_RNG_HealthTest_ex(0,
seedB + 32, sizeof(seedB_data) - 32,
seedB, 32,
NULL, 0,
check, RNG_HEALTH_TEST_CHECK_SIZE,
NULL, INVALID_DEVID);
seedB + 32, sizeof(seedB_data) - 32,
seedB, 32,
NULL, 0,
check, RNG_HEALTH_TEST_CHECK_SIZE,
heap, devId);
if (ret == 0) {
if (ConstantCompare(check, outputB, sizeof(outputB_data)) != 0)
ret = -1;
@ -2186,8 +2194,8 @@ static int wc_RNG_HealthTestLocal(int reseed)
}
#ifdef WOLFSSL_USE_FLASHMEM
XFREE(seedB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outputB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(seedB, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outputB, heap, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
}