Reverted the Hmac_UpdateFinal change to call final as it causing constant timing issues. Improved the wc_HmacFree to handle the case were final isn't called for Crypto callbacks.

2019-02-13 10:24:53 -08:00 · 2019-02-13 10:24:53 -08:00 · d98ebc4da2
commit d98ebc4da2
parent 95db819d45
2 changed files with 11 additions and 3 deletions
--- a/src/tls.c
+++ b/src/tls.c
@ -1112,9 +1112,6 @@ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in,
            if (ret != 0)
                break;
        }
-        /* call final to cleanup */
-        if (ret == 0)
-            ret = wc_HmacFinal(hmac, dummy);
    }

    return ret;
--- a/wolfcrypt/src/hmac.c
+++ b/wolfcrypt/src/hmac.c
@ -1076,6 +1076,17 @@ void wc_HmacFree(Hmac* hmac)
    if (hmac == NULL)
        return;

+#ifdef WOLF_CRYPTO_CB
+    /* handle cleanup case where final is not called */
+    if (hmac->devId != INVALID_DEVID && hmac->devCtx != NULL) {
+        int  ret;
+        byte finalHash[WC_HMAC_BLOCK_SIZE];
+        ret = wc_CryptoCb_Hmac(hmac, hmac->macType, NULL, 0, finalHash);
+        (void)ret; /* must ignore return code here */
+        (void)finalHash;
+    }
+#endif
+
    switch (hmac->macType) {
    #ifndef NO_MD5
        case WC_MD5: