gojimmypi · PaulMartinsen · Jul 25, 2023 · Jul 29, 2023 · Jul 29, 2023 · Aug 9, 2023
diff --git a/src/ssl.c b/src/ssl.c
@@ -1489,8 +1489,10 @@ WOLFSSL_ABI
 void wolfSSL_free(WOLFSSL* ssl)
 {
     WOLFSSL_ENTER("wolfSSL_free");
+
     if (ssl)
         FreeSSL(ssl, ssl->ctx->heap);
+
     WOLFSSL_LEAVE("wolfSSL_free", 0);
 }
 

diff --git a/src/tls13.c b/src/tls13.c
@@ -4180,7 +4180,6 @@ int SendTls13ClientHello(WOLFSSL* ssl)
         tls12minor = DTLSv1_2_MINOR;
     }
 #endif /* WOLFSSL_DTLS */
-
 #ifdef HAVE_SESSION_TICKET
     if (ssl->options.resuming &&
             (ssl->session->version.major != ssl->version.major ||
@@ -4345,7 +4344,6 @@ int SendTls13ClientHello(WOLFSSL* ssl)
         args->length = args->preXLength;
     }
 #endif
-
     /* Include length of TLS extensions. */
     ret = TLSX_GetRequestSize(ssl, client_hello, &args->length);
     if (ret != 0)

diff --git a/wolfcrypt/src/port/Espressif/esp32_sha.c b/wolfcrypt/src/port/Espressif/esp32_sha.c
@@ -60,11 +60,10 @@ static const char* TAG = "wolf_hw_sha";
     #define WC_SHA_DIGEST_SIZE 20
 #endif
 
-/* RTOS mutex or just InUse variable  */
-#if defined(SINGLE_THREADED)
-    static int InUse = 0;
-#else
-    static wolfSSL_Mutex sha_mutex = NULL;
+static int InUse = 0;
+/* If not single threaded, protect InUse with a critical section */
+#if !defined(SINGLE_THREADED)
+    static portMUX_TYPE sha_crit_sect = portMUX_INITIALIZER_UNLOCKED;
 #endif
 
 #if defined(DEBUG_WOLFSSL)
@@ -664,6 +663,34 @@ int esp_unroll_sha_module_enable(WC_ESP32SHA* ctx)
 ** lock HW engine.
 ** this should be called before using engine.
 */
+bool TryAcquireHardware()
+{
+    bool bCanUseHardware = false;
+    taskENTER_CRITICAL(&sha_crit_sect);
+        if (!InUse)
+        {
+            InUse = 1;
+            bCanUseHardware = true; 
+        }
+    taskEXIT_CRITICAL(&sha_crit_sect);
+
+    return bCanUseHardware;
+}
+
+void ReleaseHardware()
+{
+    taskENTER_CRITICAL(&sha_crit_sect);
+        if (InUse)
+        {
+            InUse = 0;
+        }
+        else
+        {
+            assert(false); // bug: releasing hardware when not in use!!
+        }
+    taskEXIT_CRITICAL(&sha_crit_sect);
+}
+
 int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
 {
     int ret = 0;
@@ -714,24 +741,6 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
     **
     */
 
-    if (sha_mutex == NULL) {
-        ESP_LOGV(TAG, "Initializing sha_mutex");
-
-        /* created, but not yet locked */
-        ret = esp_CryptHwMutexInit(&sha_mutex);
-        if (ret == 0) {
-            ESP_LOGV(TAG, "esp_CryptHwMutexInit sha_mutex init success.");
-        }
-        else {
-            ESP_LOGE(TAG, "esp_CryptHwMutexInit sha_mutex failed.");
-            sha_mutex = 0;
-
-            ESP_LOGI(TAG, "Revert to ctx->mode = ESP32_SHA_SW.");
-            ctx->mode = ESP32_SHA_SW;
-            return 0; /* success, just not using HW */
-        }
-    }
-
     /* check if this SHA has been operated as SW or HW, or not yet init */
     if (ctx->mode == ESP32_SHA_INIT) {
         /* try to lock the HW engine */
@@ -740,7 +749,9 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
         /* we don't wait:
         ** either the engine is free, or we fall back to SW
         **/
-        if (esp_CryptHwMutexLock(&sha_mutex, (TickType_t)0) == 0) {
+        if (TryAcquireHardware()) {
+            ctx->mode = ESP32_SHA_HW; // present in single threaded, but not here. not sure why?
+
             /* check to see if we had a prior fail and need to unroll enables */
             ret = esp_unroll_sha_module_enable(ctx);
             ESP_LOGV(TAG, "Hardware Mode, lock depth = %d,  %x",
@@ -752,12 +763,12 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
                 ESP_LOGW(TAG, "WARNING: Hardware Mode "
                               "interesting lock depth = %d,  %x",
                               ctx->lockDepth, (int)ctx->initializer);
-            }
+           }
         }
         else {
             /* We should have otherwise anticipated this; how did we get here?
             ** This code should rarely, ideally never be reached. */
-            ESP_LOGI(TAG, "\nHardware in use; Mode REVERT to ESP32_SHA_SW\n");
+            ESP_LOGI(TAG, "\nHardware in use for WC_ESP32SHA @ 0x%0xd; Mode REVERT to ESP32_SHA_SW\n", (unsigned)ctx);
             ctx->mode = ESP32_SHA_SW;
             return 0; /* success, but revert to SW */
         }
@@ -798,7 +809,9 @@ int esp_sha_hw_unlock(WC_ESP32SHA* ctx)
     /* ESP32-C3 RISC-V TODO */
 #else
     /* Disable AES hardware */
-    periph_module_disable(PERIPH_SHA_MODULE);
+    // Note: Jim, is there any cost associated with enable/disable hardware here? This seems like
+    // a power saving feature that could be handled at a different level than per-calculation. 
+    periph_module_disable(PERIPH_SHA_MODULE); 
 #endif
     /* we'll keep track of our lock depth.
      * in case of unexpected results, all the periph_module_disable() calls
@@ -812,12 +825,15 @@ int esp_sha_hw_unlock(WC_ESP32SHA* ctx)
         ctx->lockDepth = 0;
     }
 
+    if (0 == ctx->lockDepth) // should we only unlock if depth is 0?
+    {
 #if defined(SINGLE_THREADED)
-    InUse = 0;
+        InUse = 0;
 #else
-    /* unlock HW engine for next use */
-    esp_CryptHwMutexUnLock(&sha_mutex);
+        /* unlock HW engine for next use */
+        ReleaseHardware();
 #endif
+    }
     ESP_LOGV(TAG, "leave esp_sha_hw_unlock, %x", (int)ctx->initializer);
     return 0;
 } /* esp_sha_hw_unlock */

diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
@@ -1809,7 +1809,7 @@ void wc_Sha256Free(wc_Sha256* sha256)
          * the unexpected. by the time free is called, the hardware
          * should have already been released (lockDepth = 0)
          */
-        (void)InitSha256(sha256); /* unlock mutex, set mode to ESP32_SHA_INIT */
+       (void)InitSha256(sha256); /* unlock mutex, set mode to ESP32_SHA_INIT */
         ESP_LOGV(TAG, "Alert: hardware unlock needed in wc_Sha256Free.");
     }
     else {