Fixes for Cavium Nitrox and Intel QuickAssist.

sslSniffer/README.md

@@ -88,7 +88,7 @@ To build with OCTEON III support for a Linux host:
 
 ## Command Line Options
 
-The wolfSSL sniffer includes a test application `snifftest` in the `sslSniffer/sslSnifferTest/ directory`. The command line application has several options that can be passed in at runtime to change the default behavior of the application. To execute a “live” sniff just run the application without any parameters and then pick an interface to sniff on followed by the port.
+The wolfSSL sniffer includes a test application `snifftest` in the `sslSniffer/sslSnifferTest/` directory. The command line application has several options that can be passed in at runtime to change the default behavior of the application. To execute a “live” sniff just run the application without any parameters and then pick an interface to sniff on followed by the port.
 
 An example startup may look like this:
 

wolfcrypt/src/ecc.c

@@ -3920,11 +3920,12 @@ static int wc_ecc_shared_secret_gen_async(ecc_key* private_key,
     int err;
 
 #if defined(HAVE_CAVIUM_V) || defined(HAVE_INTEL_QA)
-#ifdef HAVE_CAVIUM_V
-    /* verify the curve is supported by hardware */
-    if (NitroxEccIsCurveSupported(private_key))
-#endif
-    {
+    if (private_key->dp && private_key->dp->id != ECC_CURVE_CUSTOM
+    #ifdef HAVE_CAVIUM_V
+        /* verify the curve is supported by hardware */
+        && NitroxEccIsCurveSupported(private_key)
+    #endif
+    ) {
         word32 keySz = private_key->dp->size;
 
         /* sync public key x/y */

wolfcrypt/src/hash.c

@@ -1027,6 +1027,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
     #else
         wc_Sha sha[1];
     #endif
+        int devId = INVALID_DEVID;
 
     #ifdef WOLFSSL_SMALL_STACK
         sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1034,8 +1035,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-        if ((ret = wc_InitSha_ex(sha, NULL, 
-                wc_CryptoCb_GetDevIdAtIndex(0))) != 0) {
+    #ifdef WOLF_CRYPTO_CB
+        /* only use devId if its not an empty hash */
+        if (data != NULL && len > 0)
+            devId = wc_CryptoCb_GetDevIdAtIndex(0);
+    #endif
+
+        if ((ret = wc_InitSha_ex(sha, NULL, devId)) != 0) {
             WOLFSSL_MSG("InitSha failed");
         }
         else {
@@ -1103,6 +1109,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
     #else
         wc_Sha256 sha256[1];
     #endif
+        int devId = INVALID_DEVID;
 
     #ifdef WOLFSSL_SMALL_STACK
         sha256 = (wc_Sha256*)XMALLOC(sizeof(wc_Sha256), NULL,
@@ -1111,8 +1118,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-        if ((ret = wc_InitSha256_ex(sha256, NULL, 
-                wc_CryptoCb_GetDevIdAtIndex(0))) != 0) {
+    #ifdef WOLF_CRYPTO_CB
+        /* only use devId if its not an empty hash */
+        if (data != NULL && len > 0)
+            devId = wc_CryptoCb_GetDevIdAtIndex(0);
+    #endif
+
+        if ((ret = wc_InitSha256_ex(sha256, NULL, devId)) != 0) {
             WOLFSSL_MSG("InitSha256 failed");
         }
         else {

wolfcrypt/src/rsa.c

@@ -3158,7 +3158,8 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
             defined(HAVE_CAVIUM)
         if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA &&
                                                    pad_type != WC_RSA_PSS_PAD) {
-            if (ret > 0) {
+            ret = key->asyncDev.event.ret;
+            if (ret >= 0) {
                 /* convert result */
                 byte* dataLen = (byte*)&key->dataLen;
                 ret = (dataLen[0] << 8) | (dataLen[1]);

wolfcrypt/src/sha.c

@@ -526,6 +526,11 @@ int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len)
         return BAD_FUNC_ARG;
     }
 
+    if (data == NULL && len == 0) {
+        /* valid, but do nothing */
+        return 0;
+    }
+
 #ifdef WOLF_CRYPTO_CB
     if (sha->devId != INVALID_DEVID) {
         ret = wc_CryptoCb_ShaHash(sha, data, len, NULL);
@@ -547,11 +552,6 @@ int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len)
     if (sha->buffLen >= WC_SHA_BLOCK_SIZE)
         return BUFFER_E;
 
-    if (data == NULL && len == 0) {
-        /* valid, but do nothing */
-        return 0;
-    }
-
     /* add length for final */
     AddLength(sha, len);
 

wolfcrypt/test/test.c

@@ -9196,8 +9196,8 @@ static int aesgcm_test(void)
     #endif
 #endif
 
-#if !defined(BENCH_EMBEDDED)
-    #ifndef BENCH_AESGCM_LARGE
+#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM)
+    #if !defined(BENCH_AESGCM_LARGE)
         #define BENCH_AESGCM_LARGE 1024
     #endif
     byte *large_input = (byte *)XMALLOC(BENCH_AESGCM_LARGE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -9561,7 +9561,7 @@ static int aesgcm_test(void)
 
   out:
 
-#if !defined(BENCH_EMBEDDED)
+#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM)
     if (large_input)
         XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (large_output)
@@ -12142,8 +12142,7 @@ static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng)
 #elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
     /* async may not require RNG */
     if (ret != 0 && ret != MISSING_RNG_E)
-#elif defined(HAVE_FIPS) || defined(WOLFSSL_ASYNC_CRYPT) || \
-     !defined(WC_RSA_BLINDING)
+#elif defined(HAVE_FIPS) || !defined(WC_RSA_BLINDING)
     /* FIPS140 implementation does not do blinding */
     if (ret != 0)
 #elif defined(WOLFSSL_RSA_PUBLIC_ONLY)

wolfssl/wolfcrypt/cryptocb.h

@@ -306,10 +306,6 @@ WOLFSSL_LOCAL int wc_CryptoCb_RandomBlock(WC_RNG* rng, byte* out, word32 sz);
 WOLFSSL_LOCAL int wc_CryptoCb_RandomSeed(OS_Seed* os, byte* seed, word32 sz);
 #endif
 
-#else
-
-#define wc_CryptoCb_GetDevIdAtIndex(idx) (INVALID_DEVID)
-
 #endif /* WOLF_CRYPTO_CB */
 
 #ifdef __cplusplus