Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c
Original file line number Diff line number Diff line change
Expand Up @@ -586,7 +586,7 @@ int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
}

if (authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) {
WOLFSSL_MSG("GcmEncrypt authTagSz too small error");
WOLFSSL_MSG("GcmDecrypt authTagSz too small error");
return BAD_FUNC_ARG;
}

Expand Down
78 changes: 59 additions & 19 deletions wolfcrypt/src/port/Renesas/renesas_fspsm_util.c
Original file line number Diff line number Diff line change
Expand Up @@ -759,6 +759,13 @@ int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
key_server_aes = (FSPSM_AES_PWKEY)XMALLOC(sizeof(FSPSM_AES_WKEY),
ssl->heap, DYNAMIC_TYPE_AES);
if (key_client_aes == NULL || key_server_aes == NULL) {
if (key_client_aes != NULL) {
XFREE(key_client_aes, ssl->heap, DYNAMIC_TYPE_AES);
}
if (key_server_aes != NULL) {
XFREE(key_server_aes, ssl->heap, DYNAMIC_TYPE_AES);
}
wc_fspsm_hw_unlock();
return MEMORY_E;
}

Expand Down Expand Up @@ -790,51 +797,84 @@ int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
if (enc->aes == NULL) {
enc->aes = (Aes*)XMALLOC(sizeof(Aes), ssl->heap,
DYNAMIC_TYPE_CIPHER);
if (enc->aes == NULL)
if (enc->aes == NULL) {
XFREE(key_client_aes, ssl->heap, DYNAMIC_TYPE_AES);
XFREE(key_server_aes, ssl->heap, DYNAMIC_TYPE_AES);
wc_fspsm_hw_unlock();
return MEMORY_E;
}
}
XMEMSET(enc->aes, 0, sizeof(Aes));
enc->aes->ctx.wrapped_key = (FSPSM_AES_PWKEY)XMALLOC
(sizeof(FSPSM_AES_WKEY),
ssl->heap, DYNAMIC_TYPE_AES);
if (enc->aes->ctx.wrapped_key == NULL)
if (enc->aes->ctx.wrapped_key == NULL) {
XFREE(enc->aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
enc->aes = NULL;
XFREE(key_client_aes, ssl->heap, DYNAMIC_TYPE_AES);
XFREE(key_server_aes, ssl->heap, DYNAMIC_TYPE_AES);
wc_fspsm_hw_unlock();
return MEMORY_E;
}
}
if (dec) {
if (dec->aes == NULL) {
dec->aes = (Aes*)XMALLOC(sizeof(Aes), ssl->heap,
DYNAMIC_TYPE_CIPHER);
if (dec->aes == NULL) {
if (enc) {
XFREE(enc->aes, NULL, DYNAMIC_TYPE_CIPHER);
XFREE(enc->aes->ctx.wrapped_key, ssl->heap,
DYNAMIC_TYPE_AES);
XFREE(enc->aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
enc->aes = NULL;
}
XFREE(key_client_aes, ssl->heap, DYNAMIC_TYPE_AES);
XFREE(key_server_aes, ssl->heap, DYNAMIC_TYPE_AES);
wc_fspsm_hw_unlock();
return MEMORY_E;
}
XMEMSET(dec->aes, 0, sizeof(Aes));

dec->aes->ctx.wrapped_key = (FSPSM_AES_PWKEY)XMALLOC
(sizeof(FSPSM_AES_WKEY),
ssl->heap, DYNAMIC_TYPE_AES);
if (dec->aes->ctx.wrapped_key == NULL)
if (dec->aes->ctx.wrapped_key == NULL) {
if (enc) {
XFREE(enc->aes->ctx.wrapped_key, ssl->heap,
DYNAMIC_TYPE_AES);
XFREE(enc->aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
enc->aes = NULL;
}
XFREE(dec->aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
dec->aes = NULL;
XFREE(key_client_aes, ssl->heap, DYNAMIC_TYPE_AES);
XFREE(key_server_aes, ssl->heap, DYNAMIC_TYPE_AES);
wc_fspsm_hw_unlock();
return MEMORY_E;
}
}
}
/* copy key index into aes */
if (ssl->options.side == PROVISION_CLIENT) {
XMEMCPY(enc->aes->ctx.wrapped_key, key_client_aes,
sizeof(FSPSM_AES_WKEY));
XMEMCPY(dec->aes->ctx.wrapped_key, key_server_aes,
sizeof(FSPSM_AES_WKEY));
}
else {
XMEMCPY(enc->aes->ctx.wrapped_key, key_server_aes,
sizeof(FSPSM_AES_WKEY));
XMEMCPY(dec->aes->ctx.wrapped_key, key_client_aes,
sizeof(FSPSM_AES_WKEY));
/* copy key/mac index into aes/keys. Skipped when AES-GCM
* session-key generation was deferred above -- key_client_aes/
* key_server_aes/key_client_mac/key_server_mac are all
* uninitialized in that case, and the real per-record key is
* generated later inside wc_fspsm_AesGcmEncrypt/Decrypt. */
if (key_client_aes != NULL && key_server_aes != NULL) {
if (ssl->options.side == PROVISION_CLIENT) {
XMEMCPY(enc->aes->ctx.wrapped_key, key_client_aes,
sizeof(FSPSM_AES_WKEY));
XMEMCPY(dec->aes->ctx.wrapped_key, key_server_aes,
Comment thread
miyazakh marked this conversation as resolved.
sizeof(FSPSM_AES_WKEY));
}
else {
XMEMCPY(enc->aes->ctx.wrapped_key, key_server_aes,
sizeof(FSPSM_AES_WKEY));
XMEMCPY(dec->aes->ctx.wrapped_key, key_client_aes,
sizeof(FSPSM_AES_WKEY));
}
ssl->keys.fspsm_client_write_MAC_secret = key_client_mac;
ssl->keys.fspsm_server_write_MAC_secret = key_server_mac;
}
/* copy mac key index into keys */
ssl->keys.fspsm_client_write_MAC_secret = key_client_mac;
ssl->keys.fspsm_server_write_MAC_secret = key_server_mac;

/* set up key size and marked ready */
if (enc) {
Expand Down
Loading