review: hash type macro protection and padding

Author: bigbrett

src/wh_client_crypto.c

@@ -5709,7 +5709,7 @@ int wh_Client_Sha384DmaUpdateRequest(whClientContext* ctx, wc_Sha384* sha,
     memcpy(req->resumeState.hash, sha->digest, WC_SHA512_DIGEST_SIZE);
     req->resumeState.hiLen    = sha->hiLen;
     req->resumeState.loLen    = sha->loLen;
-    req->resumeState.hashType = sha->hashType;
+    req->resumeState.hashType = WC_HASH_TYPE_SHA384;
     req->input.sz             = dmaSz;
     req->input.addr           = 0;
 
@@ -5817,7 +5817,7 @@ int wh_Client_Sha384DmaFinalRequest(whClientContext* ctx, wc_Sha384* sha)
     memcpy(req->resumeState.hash, sha->digest, WC_SHA512_DIGEST_SIZE);
     req->resumeState.hiLen    = sha->hiLen;
     req->resumeState.loLen    = sha->loLen;
-    req->resumeState.hashType = sha->hashType;
+    req->resumeState.hashType = WC_HASH_TYPE_SHA384;
     req->input.sz             = 0;
     req->input.addr           = 0;
 
@@ -6117,14 +6117,18 @@ int wh_Client_Sha512FinalResponse(whClientContext* ctx, wc_Sha512* sha,
         /* reset the state of the sha context (without blowing away devId and
          *  hashType), and copy only the digest bytes for the active variant */
         switch (hashType) {
+#ifndef WOLFSSL_NOSHA512_224
             case WC_HASH_TYPE_SHA512_224:
                 memcpy(out, res->hash, WC_SHA512_224_DIGEST_SIZE);
                 (void)wc_InitSha512_224_ex(sha, NULL, sha->devId);
                 break;
+#endif
+#ifndef WOLFSSL_NOSHA512_256
             case WC_HASH_TYPE_SHA512_256:
                 memcpy(out, res->hash, WC_SHA512_256_DIGEST_SIZE);
                 (void)wc_InitSha512_256_ex(sha, NULL, sha->devId);
                 break;
+#endif
             default:
                 memcpy(out, res->hash, WC_SHA512_DIGEST_SIZE);
                 (void)wc_InitSha512_ex(sha, NULL, sha->devId);
@@ -6408,14 +6412,18 @@ int wh_Client_Sha512DmaFinalResponse(whClientContext* ctx, wc_Sha512* sha,
              *  and hashType), and copy only the digest bytes for the active
              *  variant */
             switch (hashType) {
+#ifndef WOLFSSL_NOSHA512_224
                 case WC_HASH_TYPE_SHA512_224:
                     memcpy(out, resp->hash, WC_SHA512_224_DIGEST_SIZE);
                     (void)wc_InitSha512_224_ex(sha, NULL, sha->devId);
                     break;
+#endif
+#ifndef WOLFSSL_NOSHA512_256
                 case WC_HASH_TYPE_SHA512_256:
                     memcpy(out, resp->hash, WC_SHA512_256_DIGEST_SIZE);
                     (void)wc_InitSha512_256_ex(sha, NULL, sha->devId);
                     break;
+#endif
                 default:
                     memcpy(out, resp->hash, WC_SHA512_DIGEST_SIZE);
                     (void)wc_InitSha512_ex(sha, NULL, sha->devId);

src/wh_server_crypto.c

@@ -5149,12 +5149,16 @@ static int _HandleSha512Dma(whServerContext* ctx, uint16_t magic, int devId,
     if (ret == 0) {
         if (req.isLastBlock) {
             switch (hashType) {
+#ifndef WOLFSSL_NOSHA512_224
                 case WC_HASH_TYPE_SHA512_224:
                     ret = wc_Sha512_224Final(sha512, res.hash);
                     break;
+#endif
+#ifndef WOLFSSL_NOSHA512_256
                 case WC_HASH_TYPE_SHA512_256:
                     ret = wc_Sha512_256Final(sha512, res.hash);
                     break;
+#endif
                 default:
                     ret = wc_Sha512Final(sha512, res.hash);
                     break;

wolfhsm/wh_message_crypto.h

@@ -1052,6 +1052,7 @@ typedef struct {
         uint32_t loLen;
         uint8_t  hash[64]; /* WC_SHA512_DIGEST_SIZE */
         uint32_t hashType;
+        uint8_t  WH_PAD[4];
     } resumeState;
     whMessageCrypto_DmaBuffer input;
     uint32_t                  isLastBlock;
@@ -1065,6 +1066,7 @@ typedef struct {
     uint8_t  hash[64]; /* big enough for all SHA2 variants */
     uint32_t hashType;
     whMessageCrypto_DmaAddrStatus dmaAddrStatus;
+    uint8_t  WH_PAD[4];
 } whMessageCrypto_Sha2DmaResponse;
 
 /* SHA2 DMA translation functions */