FIPS 140-3
1. Change the internal version number for the FIPS 140-3 changes as v4. 2. Insert v3 as an alias for FIPS Ready. 3. Use the correct directory for the FIPS old files sources. (For local testing of 140-3 builds.) 4. Change back the check for the FIPS version in internal.c for EccMakeKey().
This commit is contained in:
John Safranek
Daniel Pouzzner
parent
1683644e77
commit
df859d30f3
94
configure.ac
94
configure.ac
@ -223,8 +223,17 @@ AC_ARG_ENABLE([fips],
|
||||
[ENABLED_FIPS=$enableval],
|
||||
[ENABLED_FIPS="no"])
|
||||
|
||||
# The FIPS options are:
|
||||
# v4 - FIPS 140-3
|
||||
# v3 - FIPS Ready
|
||||
# ready - same as v3
|
||||
# rand - wolfRand
|
||||
# v2 - FIPS 140-2 Cert 3389
|
||||
# no - FIPS build disabled
|
||||
# v1 - FIPS 140-2 Cert 2425
|
||||
# default - same as v1
|
||||
AS_CASE([$ENABLED_FIPS],
|
||||
[ready],[
|
||||
[ready|v3],[
|
||||
ENABLED_FIPS="yes"
|
||||
FIPS_VERSION="v2"
|
||||
FIPS_READY="yes"
|
||||
@ -233,7 +242,7 @@ AS_CASE([$ENABLED_FIPS],
|
||||
FIPS_VERSION="none"
|
||||
ENABLED_FIPS="no"
|
||||
],
|
||||
[rand|v1|v2|v3],[
|
||||
[rand|v1|v2|v4],[
|
||||
FIPS_VERSION="$ENABLED_FIPS"
|
||||
ENABLED_FIPS="yes"
|
||||
],
|
||||
@ -267,9 +276,9 @@ AS_CASE([$FIPS_VERSION],
|
||||
# FIPS 140-3
|
||||
AC_ARG_ENABLE([fips-3],
|
||||
[AS_HELP_STRING([--enable-fips-3],[Enable FIPS 140-3, Will NOT work w/o FIPS license (default: disabled)])],
|
||||
[ENABLED_FIPS_3=$enableval],
|
||||
[ENABLED_FIPS_3="no"])
|
||||
AS_IF([test "x$ENABLED_FIPS_3" = "xyes"],[ENABLED_FIPS="yes";FIPS_VERSION="v3"])
|
||||
[ENABLED_FIPS_140_3=$enableval],
|
||||
[ENABLED_FIPS_140_3="no"])
|
||||
AS_IF([test "x$ENABLED_FIPS_140_3" = "xyes"],[ENABLED_FIPS="yes";FIPS_VERSION="v4"])
|
||||
|
||||
# Linux Kernel Module
|
||||
AC_ARG_ENABLE([linuxkm],
|
||||
@ -2005,7 +2014,7 @@ fi
|
||||
SHA3_DEFAULT=no
|
||||
if (test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64") && test "$ENABLED_32BIT" = "no"
|
||||
then
|
||||
if test "x$ENABLED_FIPS" = "xno" || test "x$FIPS_VERSION" = "xv2"
|
||||
if test "x$ENABLED_FIPS" = "xno" || test "x$FIPS_VERSION" = "xv2" || test "x$FIPS_VERSION" = "xv3" || test "x$FIPS_VERSION" = "xv4"
|
||||
then
|
||||
SHA3_DEFAULT=yes
|
||||
fi
|
||||
@ -3337,8 +3346,8 @@ fi
|
||||
|
||||
# FIPS
|
||||
AS_CASE([$FIPS_VERSION],
|
||||
["v3"], [
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=3 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
|
||||
["v4"], [ # FIPS 140-3
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=4 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
|
||||
ENABLED_KEYGEN="yes"; ENABLED_SHA224="yes"; ENABLED_DES3="no"
|
||||
# Shake256 is a SHA-3 algorithm not in our FIPS algorithm list
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"
|
||||
@ -3364,13 +3373,48 @@ AS_CASE([$FIPS_VERSION],
|
||||
AS_IF([test "x$ENABLED_AESGCM" = "xno"],
|
||||
[ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
|
||||
],
|
||||
["v2"],[
|
||||
AS_IF([test "x$FIPS_READY" = "xyes"],
|
||||
[AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=3"; ENABLED_DES3="no"],
|
||||
[AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2"; ENABLED_DES3="yes"])
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
|
||||
["v3"],[ # FIPS Ready
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=3 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
|
||||
ENABLED_KEYGEN="yes"
|
||||
ENABLED_SHA224="yes"
|
||||
ENABLED_DES3="yes"
|
||||
# Shake256 is a SHA-3 algorithm not in our FIPS algorithm list
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"
|
||||
AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
|
||||
[ENABLED_AESCCM="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
|
||||
AS_IF([test "x$ENABLED_RSAPSS" != "xyes"],
|
||||
[ENABLED_RSAPSS="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
|
||||
AS_IF([test "x$ENABLED_ECC" != "xyes"],
|
||||
[ENABLED_ECC="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DWOLFSSL_VALIDATE_ECC_IMPORT"
|
||||
AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"],
|
||||
[AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])],
|
||||
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT"])
|
||||
AS_IF([test "x$ENABLED_AESCTR" != "xyes"],
|
||||
[ENABLED_AESCTR="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
|
||||
AS_IF([test "x$ENABLED_CMAC" != "xyes"],
|
||||
[ENABLED_CMAC="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
|
||||
AS_IF([test "x$ENABLED_HKDF" != "xyes"],
|
||||
[ENABLED_HKDF="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
|
||||
AS_IF([test "x$ENABLED_INTELASM" = "xyes"],
|
||||
[AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"])
|
||||
AS_IF([test "x$ENABLED_SHA512" = "xno"],
|
||||
[ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
|
||||
AS_IF([test "x$ENABLED_AESGCM" = "xno"],
|
||||
[ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
|
||||
],
|
||||
["v2"],[ # Cert 3389
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
|
||||
ENABLED_KEYGEN="yes"
|
||||
ENABLED_SHA224="yes"
|
||||
ENABLED_DES3="yes"
|
||||
# Shake256 is a SHA-3 algorithm not in our FIPS algorithm list
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"
|
||||
AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
|
||||
[ENABLED_AESCCM="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
|
||||
@ -3402,7 +3446,7 @@ AS_CASE([$FIPS_VERSION],
|
||||
["rand"],[
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_FIPS_RAND -DHAVE_FIPS -DHAVE_FIPS_VERSION=2"
|
||||
],
|
||||
["v1"],[
|
||||
["v1"],[ # Cert 2425
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
|
||||
AS_IF([test "x$ENABLED_SHA512" = "xno"],
|
||||
[ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
|
||||
@ -3444,26 +3488,6 @@ AS_CASE([$SELFTEST_VERSION],
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_SELFTEST"
|
||||
])
|
||||
|
||||
# Set SHA-3 and SHAKE256 flags
|
||||
|
||||
if test "$ENABLED_SHA3" = "yes" && test "$ENABLED_32BIT" = "no"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3"
|
||||
fi
|
||||
|
||||
|
||||
if test "$ENABLED_SHAKE256" = "yes" || test "$ENABLED_SHAKE256" = "small"
|
||||
then
|
||||
if test "$ENABLED_32BIT" = "no"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHAKE256"
|
||||
if test "$ENABLED_SHA3" = "no"
|
||||
then
|
||||
AC_MSG_ERROR([Must have SHA-3 enabled: --enable-sha3])
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
# set POLY1305 default
|
||||
POLY1305_DEFAULT=yes
|
||||
@ -7049,6 +7073,8 @@ AM_CONDITIONAL([BUILD_FIPS_V1],[test "x$FIPS_VERSION" = "xv1"])
|
||||
AM_CONDITIONAL([BUILD_FIPS_V2],[test "x$FIPS_VERSION" = "xv2"])
|
||||
AM_CONDITIONAL([BUILD_FIPS_RAND],[test "x$FIPS_VERSION" = "xrand"])
|
||||
AM_CONDITIONAL([BUILD_FIPS_V3],[test "x$FIPS_VERSION" = "xv3"])
|
||||
AM_CONDITIONAL([BUILD_FIPS_V4],[test "x$FIPS_VERSION" = "xv4"])
|
||||
AM_CONDITIONAL([BUILD_FIPS_CURRENT],[test "x$FIPS_VERSION" = "xv2" || test "x$FIPS_VERSION" = "xv3" || test "x$FIPS_VERSION" = "xv4"])
|
||||
AM_CONDITIONAL([BUILD_CMAC],[test "x$ENABLED_CMAC" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_SELFTEST],[test "x$ENABLED_SELFTEST" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_SHA224],[test "x$ENABLED_SHA224" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
||||
|
||||
@ -268,12 +268,12 @@ solaris)
|
||||
;;
|
||||
linuxv3)
|
||||
FIPS_REPO='/Users/john/src/fips'
|
||||
CRYPT_REPO='/Users/john/src/wolfssl'
|
||||
CRYPT_REPO='/Users/john/src/wolfssl/FIPS-3'
|
||||
CRYPT_INC_PATH='wolfssl/wolfcrypt'
|
||||
CRYPT_SRC_PATH='wolfcrypt/src'
|
||||
FIPS_SRCS+=( wolfcrypt_first.c wolfcrypt_last.c )
|
||||
FIPS_INCS=( fips.h )
|
||||
FIPS_OPTION='v3'
|
||||
FIPS_OPTION='v4'
|
||||
;;
|
||||
*)
|
||||
Usage
|
||||
@ -329,7 +329,7 @@ then
|
||||
elif [ "x$FIPS_OPTION" == "xready" ]
|
||||
then
|
||||
echo "Don't need to copy anything in particular for FIPS Ready."
|
||||
elif [ "x$FIPS_OPTION" == "xv3" ]
|
||||
elif [ "x$FIPS_OPTION" == "xv4" ]
|
||||
then
|
||||
echo "Don't need to copy anything in particular for FIPS 140-3, yet."
|
||||
else
|
||||
@ -344,7 +344,7 @@ then
|
||||
echo "fips-check: Couldn't checkout the FIPS repository for FIPS Ready."
|
||||
exit 1
|
||||
fi
|
||||
elif test "x$FIPS_OPTION" = "xv3"
|
||||
elif test "x$FIPS_OPTION" = "xv4"
|
||||
then
|
||||
if ! $GIT clone $FIPS_REPO fips; then
|
||||
echo "fips-check: Couldn't checkout the FIPS repository FIPS 140-3."
|
||||
|
||||
147
src/include.am
147
src/include.am
@ -103,7 +103,7 @@ src_libwolfssl_la_SOURCES += ctaocrypt/src/fips_test.c
|
||||
|
||||
# fips last file
|
||||
src_libwolfssl_la_SOURCES += ctaocrypt/src/wolfcrypt_last.c
|
||||
endif
|
||||
endif BUILD_FIPS_V1
|
||||
|
||||
if BUILD_FIPS_V2
|
||||
# FIPSv2 first file
|
||||
@ -170,7 +170,7 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/fips.c \
|
||||
|
||||
# fips last file
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/wolfcrypt_last.c
|
||||
endif
|
||||
endif BUILD_FIPS_V2
|
||||
|
||||
if BUILD_FIPS_RAND
|
||||
src_libwolfssl_la_SOURCES += \
|
||||
@ -185,6 +185,72 @@ src_libwolfssl_la_SOURCES += \
|
||||
endif BUILD_FIPS_RAND
|
||||
|
||||
if BUILD_FIPS_V3
|
||||
# FIPS Ready first file
|
||||
src_libwolfssl_la_SOURCES += \
|
||||
wolfcrypt/src/wolfcrypt_first.c
|
||||
|
||||
src_libwolfssl_la_SOURCES += \
|
||||
wolfcrypt/src/hmac.c \
|
||||
wolfcrypt/src/random.c \
|
||||
wolfcrypt/src/sha256.c
|
||||
|
||||
if BUILD_RSA
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/rsa.c
|
||||
endif
|
||||
|
||||
if BUILD_ECC
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/ecc.c
|
||||
endif
|
||||
|
||||
if BUILD_AES
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes.c
|
||||
endif
|
||||
|
||||
if BUILD_AESNI
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes_asm.S
|
||||
if BUILD_INTELASM
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes_gcm_asm.S
|
||||
endif
|
||||
endif
|
||||
|
||||
if BUILD_DES3
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/des3.c
|
||||
endif
|
||||
|
||||
if BUILD_SHA
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha.c
|
||||
if BUILD_INTELASM
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha256_asm.S
|
||||
endif
|
||||
endif
|
||||
|
||||
if BUILD_SHA512
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha512.c
|
||||
if BUILD_INTELASM
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha512_asm.S
|
||||
endif
|
||||
endif
|
||||
|
||||
if BUILD_SHA3
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha3.c
|
||||
endif
|
||||
|
||||
if BUILD_DH
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/dh.c
|
||||
endif
|
||||
|
||||
if BUILD_CMAC
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/cmac.c
|
||||
endif
|
||||
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/fips.c \
|
||||
wolfcrypt/src/fips_test.c
|
||||
|
||||
# FIPS Ready last file
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/wolfcrypt_last.c
|
||||
endif BUILD_FIPS_V3
|
||||
|
||||
if BUILD_FIPS_V4
|
||||
# FIPS 140-3 first file
|
||||
src_libwolfssl_la_SOURCES += \
|
||||
wolfcrypt/src/wolfcrypt_first.c
|
||||
@ -256,7 +322,7 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/fips.c \
|
||||
|
||||
# fips last file
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/wolfcrypt_last.c
|
||||
endif
|
||||
endif BUILD_FIPS_V4
|
||||
|
||||
endif BUILD_FIPS
|
||||
|
||||
@ -267,11 +333,9 @@ if !BUILD_FIPS_RAND
|
||||
# For wolfRand, exclude just a couple files.
|
||||
# For old FIPS, keep the wolfCrypt versions of the
|
||||
# CtaoCrypt files included above.
|
||||
if !BUILD_FIPS_V3
|
||||
if !BUILD_FIPS_V2
|
||||
if !BUILD_FIPS_CURRENT
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/hmac.c
|
||||
endif
|
||||
endif
|
||||
endif !BUILD_FIPS_CURRENT
|
||||
|
||||
# CAVP self test
|
||||
if BUILD_SELFTEST
|
||||
@ -286,16 +350,13 @@ src_libwolfssl_la_SOURCES += \
|
||||
|
||||
if !BUILD_FIPS_RAND
|
||||
|
||||
if !BUILD_FIPS_V3
|
||||
if !BUILD_FIPS_V2
|
||||
if !BUILD_FIPS_CURRENT
|
||||
if BUILD_RNG
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/random.c
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
endif !BUILD_FIPS_CURRENT
|
||||
|
||||
if !BUILD_FIPS_V3
|
||||
if !BUILD_FIPS_V2
|
||||
if !BUILD_FIPS_CURRENT
|
||||
if BUILD_ARMASM
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c
|
||||
else
|
||||
@ -304,8 +365,7 @@ if BUILD_INTELASM
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha256_asm.S
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
endif !BUILD_FIPS_CURRENT
|
||||
|
||||
if BUILD_AFALG
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/af_alg/afalg_hash.c
|
||||
@ -333,11 +393,9 @@ if BUILD_RSA
|
||||
if BUILD_FAST_RSA
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/user-crypto/src/rsa.c
|
||||
else
|
||||
if !BUILD_FIPS_V3
|
||||
if !BUILD_FIPS_V2
|
||||
if !BUILD_FIPS_CURRENT
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/rsa.c
|
||||
endif
|
||||
endif
|
||||
endif !BUILD_FIPS_CURRENT
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
@ -350,7 +408,7 @@ if BUILD_SP
|
||||
if BUILD_SP_C
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/sp_c32.c
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/sp_c64.c
|
||||
endif
|
||||
endif BUILD_SP_C
|
||||
if BUILD_SP_X86_64
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/sp_x86_64.c
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/sp_x86_64_asm.S
|
||||
@ -374,10 +432,9 @@ endif
|
||||
if BUILD_SP_ARM_CORTEX
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/sp_cortexm.c
|
||||
endif
|
||||
endif
|
||||
endif BUILD_SP
|
||||
|
||||
if !BUILD_FIPS_V3
|
||||
if !BUILD_FIPS_V2
|
||||
if !BUILD_FIPS_CURRENT
|
||||
if BUILD_AES
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes.c
|
||||
if BUILD_ARMASM
|
||||
@ -387,33 +444,27 @@ if BUILD_AFALG
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/af_alg/afalg_aes.c
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
endif !BUILD_FIPS_CURRENT
|
||||
|
||||
if !BUILD_FIPS_V3
|
||||
if !BUILD_FIPS_V2
|
||||
if !BUILD_FIPS_CURRENT
|
||||
if BUILD_CMAC
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/cmac.c
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
endif !BUILD_FIPS_CURRENT
|
||||
|
||||
if !BUILD_FIPS_V2
|
||||
if !BUILD_FIPS_CURRENT
|
||||
if BUILD_DES3
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/des3.c
|
||||
endif
|
||||
endif
|
||||
endif !BUILD_FIPS_CURRENT
|
||||
|
||||
if !BUILD_FIPS_V3
|
||||
if !BUILD_FIPS_V2
|
||||
if !BUILD_FIPS_CURRENT
|
||||
if BUILD_SHA
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha.c
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
endif !BUILD_FIPS_CURRENT
|
||||
|
||||
if !BUILD_FIPS_V3
|
||||
if !BUILD_FIPS_V2
|
||||
if !BUILD_FIPS_CURRENT
|
||||
if BUILD_SHA512
|
||||
if BUILD_ARMASM
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c
|
||||
@ -426,17 +477,13 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/sha512_asm.S
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
endif !BUILD_FIPS_CURRENT
|
||||
|
||||
if !BUILD_FIPS_V3
|
||||
if !BUILD_FIPS_V2
|
||||
if !BUILD_FIPS_CURRENT
|
||||
if BUILD_SHA3
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha3.c
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
|
||||
endif !BUILD_FIPS_CURRENT
|
||||
|
||||
endif !BUILD_FIPS_RAND
|
||||
|
||||
@ -457,13 +504,11 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/memory.c
|
||||
endif
|
||||
|
||||
if !BUILD_FIPS_RAND
|
||||
if !BUILD_FIPS_V3
|
||||
if !BUILD_FIPS_V2
|
||||
if !BUILD_FIPS_CURRENT
|
||||
if BUILD_DH
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/dh.c
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
|
||||
if BUILD_ASN
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/asn.c
|
||||
@ -508,14 +553,12 @@ if BUILD_DSA
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/dsa.c
|
||||
endif
|
||||
|
||||
if !BUILD_FIPS_V3
|
||||
if !BUILD_FIPS_V2
|
||||
if !BUILD_FIPS_CURRENT
|
||||
if BUILD_AESNI
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes_asm.S
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes_gcm_asm.S
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
|
||||
if BUILD_CAMELLIA
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/camellia.c
|
||||
@ -570,8 +613,7 @@ if BUILD_SLOWMATH
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/integer.c
|
||||
endif
|
||||
|
||||
if !BUILD_FIPS_V3
|
||||
if !BUILD_FIPS_V2
|
||||
if !BUILD_FIPS_CURRENT
|
||||
if BUILD_ECC
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/ecc.c
|
||||
endif
|
||||
@ -582,7 +624,6 @@ if BUILD_SAKKE
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/sakke.c
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
|
||||
if BUILD_CURVE25519
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/curve25519.c
|
||||
|
||||
@ -4700,7 +4700,7 @@ int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key, ecc_key* pub_key,
|
||||
#endif
|
||||
{
|
||||
#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
|
||||
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
|
||||
!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2)) && \
|
||||
!defined(HAVE_SELFTEST)
|
||||
ret = wc_ecc_set_rng(priv_key, ssl->rng);
|
||||
if (ret == 0)
|
||||
|
||||
@ -31,8 +31,8 @@
|
||||
|
||||
#ifndef NO_DES3
|
||||
|
||||
#if defined(HAVE_FIPS) && \
|
||||
defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2)
|
||||
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
|
||||
(HAVE_FIPS_VERSION == 2 || HAVE_FIPS_VERSION == 3)
|
||||
|
||||
/* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
|
||||
#define FIPS_NO_WRAPPERS
|
||||
|
||||
@ -30,15 +30,15 @@
|
||||
|
||||
#ifndef NO_DES3
|
||||
|
||||
#if defined(HAVE_FIPS) && \
|
||||
defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2)
|
||||
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
|
||||
(HAVE_FIPS_VERSION == 2 || HAVE_FIPS_VERSION == 3)
|
||||
#include <wolfssl/wolfcrypt/fips.h>
|
||||
#endif /* HAVE_FIPS_VERSION >= 2 */
|
||||
|
||||
#if defined(HAVE_FIPS) && \
|
||||
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
|
||||
/* included for fips @wc_fips */
|
||||
#include <cyassl/ctaocrypt/des3.h>
|
||||
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
|
||||
/* included for fips @wc_fips */
|
||||
#include <cyassl/ctaocrypt/des3.h>
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
@ -54,8 +54,8 @@ enum {
|
||||
|
||||
|
||||
/* avoid redefinition of structs */
|
||||
#if !defined(HAVE_FIPS) || \
|
||||
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2))
|
||||
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
|
||||
(HAVE_FIPS_VERSION == 2 || HAVE_FIPS_VERSION == 3))
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
#include <wolfssl/wolfcrypt/async.h>
|
||||
@ -117,7 +117,7 @@ struct Des3 {
|
||||
typedef struct Des3 Des3;
|
||||
#define WC_DES3_TYPE_DEFINED
|
||||
#endif
|
||||
#endif /* HAVE_FIPS */
|
||||
#endif /* HAVE_FIPS && HAVE_FIPS_VERSION >= 2 */
|
||||
|
||||
|
||||
WOLFSSL_API int wc_Des_SetKey(Des* des, const byte* key,
|
||||
|
||||
@ -173,3 +173,7 @@ nobase_include_HEADERS+= wolfssl/wolfcrypt/port/iotsafe/iotsafe.h
|
||||
if BUILD_FIPS_V3
|
||||
nobase_include_HEADERS+= wolfssl/wolfcrypt/fips.h
|
||||
endif
|
||||
|
||||
if BUILD_FIPS_V4
|
||||
nobase_include_HEADERS+= wolfssl/wolfcrypt/fips.h
|
||||
endif
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user