diff --git a/src/ssl.c b/src/ssl.c index 57d0c91591..3604be73c9 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1489,8 +1489,10 @@ WOLFSSL_ABI void wolfSSL_free(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_free"); + if (ssl) FreeSSL(ssl, ssl->ctx->heap); + WOLFSSL_LEAVE("wolfSSL_free", 0); } diff --git a/src/tls13.c b/src/tls13.c index 2386704c77..46789c2c8d 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -4180,7 +4180,6 @@ int SendTls13ClientHello(WOLFSSL* ssl) tls12minor = DTLSv1_2_MINOR; } #endif /* WOLFSSL_DTLS */ - #ifdef HAVE_SESSION_TICKET if (ssl->options.resuming && (ssl->session->version.major != ssl->version.major || @@ -4345,7 +4344,6 @@ int SendTls13ClientHello(WOLFSSL* ssl) args->length = args->preXLength; } #endif - /* Include length of TLS extensions. */ ret = TLSX_GetRequestSize(ssl, client_hello, &args->length); if (ret != 0) diff --git a/wolfcrypt/src/port/Espressif/esp32_sha.c b/wolfcrypt/src/port/Espressif/esp32_sha.c index e159a1ad04..ad860ad3e6 100644 --- a/wolfcrypt/src/port/Espressif/esp32_sha.c +++ b/wolfcrypt/src/port/Espressif/esp32_sha.c @@ -60,11 +60,10 @@ static const char* TAG = "wolf_hw_sha"; #define WC_SHA_DIGEST_SIZE 20 #endif -/* RTOS mutex or just InUse variable */ -#if defined(SINGLE_THREADED) - static int InUse = 0; -#else - static wolfSSL_Mutex sha_mutex = NULL; +static int InUse = 0; +/* If not single threaded, protect InUse with a critical section */ +#if !defined(SINGLE_THREADED) + static portMUX_TYPE sha_crit_sect = portMUX_INITIALIZER_UNLOCKED; #endif #if defined(DEBUG_WOLFSSL) @@ -664,6 +663,34 @@ int esp_unroll_sha_module_enable(WC_ESP32SHA* ctx) ** lock HW engine. ** this should be called before using engine. */ +bool TryAcquireHardware() +{ + bool bCanUseHardware = false; + taskENTER_CRITICAL(&sha_crit_sect); + if (!InUse) + { + InUse = 1; + bCanUseHardware = true; + } + taskEXIT_CRITICAL(&sha_crit_sect); + + return bCanUseHardware; +} + +void ReleaseHardware() +{ + taskENTER_CRITICAL(&sha_crit_sect); + if (InUse) + { + InUse = 0; + } + else + { + assert(false); // bug: releasing hardware when not in use!! + } + taskEXIT_CRITICAL(&sha_crit_sect); +} + int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) { int ret = 0; @@ -714,24 +741,6 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) ** */ - if (sha_mutex == NULL) { - ESP_LOGV(TAG, "Initializing sha_mutex"); - - /* created, but not yet locked */ - ret = esp_CryptHwMutexInit(&sha_mutex); - if (ret == 0) { - ESP_LOGV(TAG, "esp_CryptHwMutexInit sha_mutex init success."); - } - else { - ESP_LOGE(TAG, "esp_CryptHwMutexInit sha_mutex failed."); - sha_mutex = 0; - - ESP_LOGI(TAG, "Revert to ctx->mode = ESP32_SHA_SW."); - ctx->mode = ESP32_SHA_SW; - return 0; /* success, just not using HW */ - } - } - /* check if this SHA has been operated as SW or HW, or not yet init */ if (ctx->mode == ESP32_SHA_INIT) { /* try to lock the HW engine */ @@ -740,7 +749,9 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) /* we don't wait: ** either the engine is free, or we fall back to SW **/ - if (esp_CryptHwMutexLock(&sha_mutex, (TickType_t)0) == 0) { + if (TryAcquireHardware()) { + ctx->mode = ESP32_SHA_HW; // present in single threaded, but not here. not sure why? + /* check to see if we had a prior fail and need to unroll enables */ ret = esp_unroll_sha_module_enable(ctx); ESP_LOGV(TAG, "Hardware Mode, lock depth = %d, %x", @@ -752,12 +763,12 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) ESP_LOGW(TAG, "WARNING: Hardware Mode " "interesting lock depth = %d, %x", ctx->lockDepth, (int)ctx->initializer); - } + } } else { /* We should have otherwise anticipated this; how did we get here? ** This code should rarely, ideally never be reached. */ - ESP_LOGI(TAG, "\nHardware in use; Mode REVERT to ESP32_SHA_SW\n"); + ESP_LOGI(TAG, "\nHardware in use for WC_ESP32SHA @ 0x%0xd; Mode REVERT to ESP32_SHA_SW\n", (unsigned)ctx); ctx->mode = ESP32_SHA_SW; return 0; /* success, but revert to SW */ } @@ -798,7 +809,9 @@ int esp_sha_hw_unlock(WC_ESP32SHA* ctx) /* ESP32-C3 RISC-V TODO */ #else /* Disable AES hardware */ - periph_module_disable(PERIPH_SHA_MODULE); + // Note: Jim, is there any cost associated with enable/disable hardware here? This seems like + // a power saving feature that could be handled at a different level than per-calculation. + periph_module_disable(PERIPH_SHA_MODULE); #endif /* we'll keep track of our lock depth. * in case of unexpected results, all the periph_module_disable() calls @@ -812,12 +825,15 @@ int esp_sha_hw_unlock(WC_ESP32SHA* ctx) ctx->lockDepth = 0; } + if (0 == ctx->lockDepth) // should we only unlock if depth is 0? + { #if defined(SINGLE_THREADED) - InUse = 0; + InUse = 0; #else - /* unlock HW engine for next use */ - esp_CryptHwMutexUnLock(&sha_mutex); + /* unlock HW engine for next use */ + ReleaseHardware(); #endif + } ESP_LOGV(TAG, "leave esp_sha_hw_unlock, %x", (int)ctx->initializer); return 0; } /* esp_sha_hw_unlock */ diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 40c6b16e9b..e0734ebcbb 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -1809,7 +1809,7 @@ void wc_Sha256Free(wc_Sha256* sha256) * the unexpected. by the time free is called, the hardware * should have already been released (lockDepth = 0) */ - (void)InitSha256(sha256); /* unlock mutex, set mode to ESP32_SHA_INIT */ + (void)InitSha256(sha256); /* unlock mutex, set mode to ESP32_SHA_INIT */ ESP_LOGV(TAG, "Alert: hardware unlock needed in wc_Sha256Free."); } else {