Pulling in wc_DhGeneratePublic API

wolfcrypt/src/aes.c

@@ -4395,7 +4395,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
                 return BAD_FUNC_ARG;
             }
 
-            return wc_AesSetKeyLocal(aes, key, len, iv, dir, 0);
+            return wc_AesSetKey(aes, key, len, iv, dir);
         }
 
     #endif /* NEED_AES_CTR_SOFT */

wolfcrypt/src/dh.c

@@ -1348,6 +1348,38 @@ static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz,
     return ret;
 }
 
+#if defined(WOLFSSL_DH_GEN_PUB)
+/**
+ * Given a DhKey with set params and a priv key, generate the corresponding
+ * public key. If fips, does pub key validation.
+ * */
+WOLFSSL_API int wc_DhGeneratePublic(DhKey* key, byte* priv, word32 privSz,
+    byte* pub, word32* pubSz)
+{
+    int ret = 0;
+
+    if (key == NULL || priv == NULL || privSz == 0 ||
+        pub == NULL || pubSz == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    SAVE_VECTOR_REGISTERS(return _svr_ret;);
+
+    ret = GeneratePublicDh(key, priv, privSz, pub, pubSz);
+
+    #if FIPS_VERSION_GE(5,0) || defined(WOLFSSL_VALIDATE_DH_KEYGEN)
+    if (ret == 0)
+        ret = _ffc_validate_public_key(key, pub, *pubSz, NULL, 0, 0);
+    if (ret == 0)
+        ret = _ffc_pairwise_consistency_test(key, pub, *pubSz, priv, privSz);
+    #endif /* FIPS V5 or later || WOLFSSL_VALIDATE_DH_KEYGEN */
+
+    RESTORE_VECTOR_REGISTERS();
+
+    return ret;
+}
+#endif /* WOLFSSL_DH_GEN_PUB */
+
 static int wc_DhGenerateKeyPair_Sync(DhKey* key, WC_RNG* rng,
     byte* priv, word32* privSz, byte* pub, word32* pubSz)
 {
@@ -2340,8 +2372,8 @@ int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz,
 #endif /* WOLFSSL_DH_EXTRA */
 
 static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
-                   word32 gSz, const byte* q, word32 qSz, int trusted,
-                   WC_RNG* rng)
+                     word32 gSz, const byte* q, word32 qSz, int trusted,
+                     WC_RNG* rng)
 {
     int ret = 0;
     mp_int* keyP = NULL;

wolfcrypt/src/random.c

@@ -1972,6 +1972,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
     int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
     {
         int ret;
+        word32 retVal;
         RNG_HandleTypeDef hrng;
         word32 i = 0;
         (void)os;
@@ -2004,7 +2005,9 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
             }
             else {
                 /* Use native 32 instruction */
-                if (HAL_RNG_GenerateRandomNumber(&hrng, (uint32_t*)&output[i]) != HAL_OK) {
+                retVal = HAL_RNG_GenerateRandomNumber(&hrng,
+                                                    (uint32_t*)&output[i]);
+                if (retVal != HAL_OK) {
                     wolfSSL_CryptHwMutexUnLock();
                     return RAN_BLOCK_E;
                 }

wolfcrypt/src/rsa.c

@@ -2271,10 +2271,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
     #endif
     #ifndef RSA_LOW_MEM
             if ((mp_count_bits(&key->p) == 1024) &&
-                    (mp_count_bits(&key->q) == 1024) &&
-                    (mp_count_bits(&key->dP) > 0) &&
-                    (mp_count_bits(&key->dQ) > 0) &&
-                    (mp_count_bits(&key->u) > 0)) {
+                                             (mp_count_bits(&key->q) == 1024)) {
                 return sp_RsaPrivate_2048(in, inLen, &key->d, &key->p, &key->q,
                                           &key->dP, &key->dQ, &key->u, &key->n,
                                           out, outLen);
@@ -2305,10 +2302,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
     #endif
     #ifndef RSA_LOW_MEM
             if ((mp_count_bits(&key->p) == 1536) &&
-                    (mp_count_bits(&key->q) == 1536) &&
-                    (mp_count_bits(&key->dP) > 0) &&
-                    (mp_count_bits(&key->dQ) > 0) &&
-                    (mp_count_bits(&key->u) > 0)) {
+                                             (mp_count_bits(&key->q) == 1536)) {
                 return sp_RsaPrivate_3072(in, inLen, &key->d, &key->p, &key->q,
                                           &key->dP, &key->dQ, &key->u, &key->n,
                                           out, outLen);
@@ -2339,10 +2333,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
     #endif
     #ifndef RSA_LOW_MEM
             if ((mp_count_bits(&key->p) == 2048) &&
-                    (mp_count_bits(&key->q) == 2048) &&
-                    (mp_count_bits(&key->dP) > 0) &&
-                    (mp_count_bits(&key->dQ) > 0) &&
-                    (mp_count_bits(&key->u) > 0)) {
+                                             (mp_count_bits(&key->q) == 2048)) {
                 return sp_RsaPrivate_4096(in, inLen, &key->d, &key->p, &key->q,
                                           &key->dP, &key->dQ, &key->u, &key->n,
                                           out, outLen);
@@ -2443,13 +2434,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
             if (ret == 0 && mp_exptmod(tmp, &key->d, &key->n, tmp) != MP_OKAY)
                 ret = MP_EXPTMOD_E;
         #else
-            if (ret == 0 && (mp_iszero(&key->p) || mp_iszero(&key->q) ||
-                    mp_iszero(&key->dP) || mp_iszero(&key->dQ))) {
-                if (mp_exptmod(tmp, &key->d, &key->n, tmp) != MP_OKAY) {
-                    ret = MP_EXPTMOD_E;
-                }
-            }
-            else if (ret == 0) {
+            if (ret == 0) {
             #ifdef WOLFSSL_SMALL_STACK
                 mp_int* tmpa;
                 mp_int* tmpb = NULL;

wolfcrypt/src/sha.c

@@ -137,7 +137,7 @@
         ret = wolfSSL_CryptHwMutexLock();
         if (ret == 0) {
             ret = wc_Stm32_Hash_Update(&sha->stmCtx, HASH_AlgoSelection_SHA1,
-                data, len);
+                data, len, WC_SHA_BLOCK_SIZE);
             wolfSSL_CryptHwMutexUnLock();
         }
         return ret;

wolfcrypt/src/sha256.c

@@ -553,7 +553,7 @@ static int InitSha256(wc_Sha256* sha256)
         ret = wolfSSL_CryptHwMutexLock();
         if (ret == 0) {
             ret = wc_Stm32_Hash_Update(&sha256->stmCtx,
-                HASH_AlgoSelection_SHA256, data, len);
+                HASH_AlgoSelection_SHA256, data, len, WC_SHA256_BLOCK_SIZE);
             wolfSSL_CryptHwMutexUnLock();
         }
         return ret;
@@ -1384,7 +1384,7 @@ static int InitSha256(wc_Sha256* sha256)
         ret = wolfSSL_CryptHwMutexLock();
         if (ret == 0) {
             ret = wc_Stm32_Hash_Update(&sha224->stmCtx,
-                HASH_AlgoSelection_SHA224, data, len);
+                HASH_AlgoSelection_SHA224, data, len, WC_SHA224_BLOCK_SIZE);
             wolfSSL_CryptHwMutexUnLock();
         }
         return ret;

wolfssl/wolfcrypt/dh.h

@@ -112,6 +112,10 @@ WOLFSSL_API const DhParams* wc_Dh_ffdhe8192_Get(void);
 WOLFSSL_API int wc_InitDhKey(DhKey* key);
 WOLFSSL_API int wc_InitDhKey_ex(DhKey* key, void* heap, int devId);
 WOLFSSL_API int wc_FreeDhKey(DhKey* key);
+#if defined(WOLFSSL_DH_GEN_PUB)
+WOLFSSL_API int wc_DhGeneratePublic(DhKey* key, byte* priv, word32 privSz,
+                                    byte* pub, word32* pubSz);
+#endif /* WOLFSSL_DH_GEN_PUB */
 
 WOLFSSL_API int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv,
                                  word32* privSz, byte* pub, word32* pubSz);