feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity
Files
17a70aee1b80de14df3445ba124cf6ee90bbbd0d
wolfssl/fips-check.sh

301 lines
8.2 KiB
Bash
Raw Normal View History

Added fips-check script when running commit-tests.
2014-11-19 12:00:04 -08:00
#!/bin/bash
# fips-check.sh
# This script checks the current revision of the code against the
# previous release of the FIPS code. While wolfSSL and wolfCrypt
# may be advancing, they must work correctly with the last tested
# copy of our FIPS approved code.
updated fips-check to cover all builds
2015-06-19 22:21:27 -07:00
#
# This should check out all the approved versions. The command line
# option selects the version.
#
add keep option to fips-check.sh to keep FIPS temp folder around
2017-03-16 11:10:12 -07:00
# $ ./fips-check [version] [keep]
updated fips-check to cover all builds
2015-06-19 22:21:27 -07:00
#
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
# - version: linux (default), ios, android, windows, freertos, linux-ecc, netbsd-selftest, linuxv2
updated fips-check to cover all builds
2015-06-19 22:21:27 -07:00
#
add keep option to fips-check.sh to keep FIPS temp folder around
2017-03-16 11:10:12 -07:00
# - keep: (default off) XXX-fips-test temp dir around for inspection
#
updated fips-check to cover all builds
2015-06-19 22:21:27 -07:00
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
Usage() {
cat <<usageText
Usage: $0 [platform [keep]]
Platform is one of:
linux (default)
ios
android
windows
freertos
openrtos-3.9.2
linux-ecc
netbsd-selftest
sgx
netos-7.6
FIPS Revalidation (acceptance fixes) 1. The Windows 10 wolfcrypt test project was missing the flag for USE_CERT_BUFFERS_256. 2. Add note to fips-check about using linuxv2 with Win10.
2018-06-11 15:19:38 -07:00
linuxv2 (FIPSv2, use for Win10)
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
Keep (default off) retains the XXX-fips-test temp dir for inspection.
Example:
$0 windows keep
usageText
updated fips-check to cover all builds
2015-06-19 22:21:27 -07:00
}
LINUX_FIPS_VERSION=v3.2.6
LINUX_FIPS_REPO=git@github.com:wolfSSL/fips.git
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
LINUX_CRYPT_VERSION=v3.2.6
LINUX_CRYPT_REPO=git@github.com:cyassl/cyassl.git
updated fips-check to cover all builds
2015-06-19 22:21:27 -07:00
3.10.3 rel
2017-02-17 14:49:18 -08:00
LINUX_ECC_FIPS_VERSION=v3.10.3
LINUX_ECC_FIPS_REPO=git@github.com:wolfSSL/fips.git
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
LINUX_ECC_CRYPT_VERSION=v3.2.6
LINUX_ECC_CRYPT_REPO=git@github.com:cyassl/cyassl.git
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
LINUXV2_FIPS_VERSION=WCv4-stable
LINUXV2_FIPS_REPO=git@github.com:wolfSSL/fips.git
LINUXV2_CRYPT_VERSION=WCv4-stable
3.10.3 rel
2017-02-17 14:49:18 -08:00
updated fips-check to cover all builds
2015-06-19 22:21:27 -07:00
IOS_FIPS_VERSION=v3.4.8a
IOS_FIPS_REPO=git@github.com:wolfSSL/fips.git
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
IOS_CRYPT_VERSION=v3.4.8.fips
IOS_CRYPT_REPO=git@github.com:cyassl/cyassl.git
updated fips-check to cover all builds
2015-06-19 22:21:27 -07:00
ANDROID_FIPS_VERSION=v3.5.0
ANDROID_FIPS_REPO=git@github.com:wolfSSL/fips.git
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
ANDROID_CRYPT_VERSION=v3.5.0
ANDROID_CRYPT_REPO=git@github.com:cyassl/cyassl.git
updated fips-check to cover all builds
2015-06-19 22:21:27 -07:00
updated fips-check script with proper win versions
2015-09-01 17:57:37 -07:00
WINDOWS_FIPS_VERSION=v3.6.6
updated fips-check to cover all builds
2015-06-19 22:21:27 -07:00
WINDOWS_FIPS_REPO=git@github.com:wolfSSL/fips.git
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
WINDOWS_CRYPT_VERSION=v3.6.6
WINDOWS_CRYPT_REPO=git@github.com:cyassl/cyassl.git
Added fips-check script when running commit-tests.
2014-11-19 12:00:04 -08:00
added freertos build to fips-check script
2015-09-03 14:05:09 -07:00
FREERTOS_FIPS_VERSION=v3.6.1-FreeRTOS
FREERTOS_FIPS_REPO=git@github.com:wolfSSL/fips.git
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
FREERTOS_CRYPT_VERSION=v3.6.1
FREERTOS_CRYPT_REPO=git@github.com:cyassl/cyassl.git
added freertos build to fips-check script
2015-09-03 14:05:09 -07:00
fips checkout for OpenRTOS v9.0.0 w/ wolfCrypt v3.9.2 on Atmels ATSAM4L CPU
2017-01-30 15:32:59 -07:00
OPENRTOS_3_9_2_FIPS_VERSION=v3.9.2-OpenRTOS
OPENRTOS_3_9_2_FIPS_REPO=git@github.com:wolfSSL/fips.git
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
OPENRTOS_3_9_2_CRYPT_VERSION=v3.6.1
OPENRTOS_3_9_2_CRYPT_REPO=git@github.com:cyassl/cyassl.git
fips checkout for OpenRTOS v9.0.0 w/ wolfCrypt v3.9.2 on Atmels ATSAM4L CPU
2017-01-30 15:32:59 -07:00
backup updates for SGX and DB jobs
2018-03-16 15:34:30 -06:00
#NOTE: Does not include the SGX examples yet, update version once fipsv2 is
# finished and merge conflicts can be resolved. This will be tagged as
# v3.12.4.sgx-examples
Fixing some kinks
2018-03-30 12:46:59 -06:00
#SGX_FIPS_VERSION=v3.12.4.sgx-examples
backup updates for SGX and DB jobs
2018-03-16 15:34:30 -06:00
SGX_FIPS_VERSION=v3.6.6
Fixing some kinks
2018-03-30 12:46:59 -06:00
SGX_FIPS_REPO=git@github.com:wolfSSL/fips.git
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
SGX_CRYPT_VERSION=v3.12.4
SGX_CRYPT_REPO=git@github.com:cyassl/cyassl.git
backup updates for SGX and DB jobs
2018-03-16 15:34:30 -06:00
Fixing some kinks
2018-03-30 12:46:59 -06:00
NETOS_7_6_FIPS_VERSION=v3.12.6
NETOS_7_6_FIPS_REPO=git@github.com:wolfSSL/fips.git
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
NETOS_7_6_CRYPT_VERSION=v3.12.4
NETOS_7_6_CRYPT_REPO=git@github.com:cyassl/cyassl.git
add CAVP selftest option for special build
2018-02-22 16:17:08 -07:00
# non-FIPS, CAVP only but pull in selftest
# will reset above variables below in platform switch
update NetBSD fips-check version to include selftest ECDSA fix
2018-03-26 14:37:39 -06:00
NETBSD_FIPS_VERSION=v3.14.2a
add CAVP selftest option for special build
2018-02-22 16:17:08 -07:00
NETBSD_FIPS_REPO=git@github.com:wolfssl/fips.git
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
NETBSD_CRYPT_VERSION=v3.14.2
NETBSD_CRYPT_REPO=git@github.com:wolfssl/wolfssl.git
add CAVP selftest option for special build
2018-02-22 16:17:08 -07:00
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
FIPS_SRCS=( fips.c fips_test.c )
WC_MODS=( aes des3 sha sha256 sha512 rsa hmac random )
TEST_DIR=XXX-fips-test
CRYPT_INC_PATH=cyassl/ctaocrypt
CRYPT_SRC_PATH=ctaocrypt/src
FIPS_OPTION=v1
CAVP_SELFTEST_ONLY="no"
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
GIT="git -c advice.detachedHead=false"
Added fips-check script when running commit-tests.
2014-11-19 12:00:04 -08:00
updated fips-check to cover all builds
2015-06-19 22:21:27 -07:00
if [ "x$1" == "x" ]; then PLATFORM="linux"; else PLATFORM=$1; fi
add keep option to fips-check.sh to keep FIPS temp folder around
2017-03-16 11:10:12 -07:00
if [ "x$2" == "xkeep" ]; then KEEP="yes"; else KEEP="no"; fi
updated fips-check to cover all builds
2015-06-19 22:21:27 -07:00
case $PLATFORM in
ios)
FIPS_VERSION=$IOS_FIPS_VERSION
FIPS_REPO=$IOS_FIPS_REPO
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
CRYPT_VERSION=$IOS_CRYPT_VERSION
CRYPT_REPO=$IOS_CRYPT_REPO
updated fips-check to cover all builds
2015-06-19 22:21:27 -07:00
;;
android)
FIPS_VERSION=$ANDROID_FIPS_VERSION
FIPS_REPO=$ANDROID_FIPS_REPO
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
CRYPT_VERSION=$ANDROID_CRYPT_VERSION
CRYPT_REPO=$ANDROID_CRYPT_REPO
updated fips-check to cover all builds
2015-06-19 22:21:27 -07:00
;;
windows)
FIPS_VERSION=$WINDOWS_FIPS_VERSION
FIPS_REPO=$WINDOWS_FIPS_REPO
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
CRYPT_VERSION=$WINDOWS_CRYPT_VERSION
CRYPT_REPO=$WINDOWS_CRYPT_REPO
updated fips-check to cover all builds
2015-06-19 22:21:27 -07:00
;;
added freertos build to fips-check script
2015-09-03 14:05:09 -07:00
freertos)
FIPS_VERSION=$FREERTOS_FIPS_VERSION
FIPS_REPO=$FREERTOS_FIPS_REPO
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
CRYPT_VERSION=$FREERTOS_CRYPT_VERSION
CRYPT_REPO=$FREERTOS_CRYPT_REPO
added freertos build to fips-check script
2015-09-03 14:05:09 -07:00
;;
fips checkout for OpenRTOS v9.0.0 w/ wolfCrypt v3.9.2 on Atmels ATSAM4L CPU
2017-01-30 15:32:59 -07:00
openrtos-3.9.2)
FIPS_VERSION=$OPENRTOS_3_9_2_FIPS_VERSION
FIPS_REPO=$OPENRTOS_3_9_2_FIPS_REPO
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
CRYPT_VERSION=$OPENRTOS_3_9_2_CRYPT_VERSION
CRYPT_REPO=$OPENRTOS_3_9_2_CRYPT_REPO
fips checkout for OpenRTOS v9.0.0 w/ wolfCrypt v3.9.2 on Atmels ATSAM4L CPU
2017-01-30 15:32:59 -07:00
FIPS_CONFLICTS=( aes hmac random sha256 )
;;
updated fips-check to cover all builds
2015-06-19 22:21:27 -07:00
linux)
FIPS_VERSION=$LINUX_FIPS_VERSION
FIPS_REPO=$LINUX_FIPS_REPO
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
CRYPT_VERSION=$LINUX_CRYPT_VERSION
CRYPT_REPO=$LINUX_CRYPT_REPO
updated fips-check to cover all builds
2015-06-19 22:21:27 -07:00
;;
3.10.3 rel
2017-02-17 14:49:18 -08:00
linux-ecc)
FIPS_VERSION=$LINUX_ECC_FIPS_VERSION
FIPS_REPO=$LINUX_ECC_FIPS_REPO
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
CRYPT_VERSION=$LINUX_ECC_CRYPT_VERSION
CRYPT_REPO=$LINUX_ECC_CRYPT_REPO
;;
linuxv2)
FIPS_VERSION=$LINUXV2_FIPS_VERSION
FIPS_REPO=$LINUXV2_FIPS_REPO
CRYPT_VERSION=$LINUXV2_CRYPT_VERSION
CRYPT_INC_PATH=wolfssl/wolfcrypt
CRYPT_SRC_PATH=wolfcrypt/src
FIPS build and ECC fixes 1. The fips-check script was missing the ecc file when building the FIPSv2 test directory. The correct file was sent in for testing. 2. When building with ECC import validation enabled, one usage of the ALLOC_CURVE_SPECS macro had an extra parameter. (copy-and-paste error)
2018-07-19 10:02:14 -07:00
WC_MODS+=( cmac dh ecc )
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
FIPS_SRCS+=( wolfcrypt_first.c wolfcrypt_last.c )
FIPS_INCS=( fips.h )
FIPS_OPTION=v2
3.10.3 rel
2017-02-17 14:49:18 -08:00
;;
add CAVP selftest option for special build
2018-02-22 16:17:08 -07:00
netbsd-selftest)
FIPS_VERSION=$NETBSD_FIPS_VERSION
FIPS_REPO=$NETBSD_FIPS_REPO
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
CRYPT_VERSION=$NETBSD_CRYPT_VERSION
CRYPT_REPO=$NETBSD_CRYPT_REPO
add CAVP selftest option for special build
2018-02-22 16:17:08 -07:00
FIPS_SRCS=( selftest.c )
WC_MODS=( dh ecc rsa dsa aes sha sha256 sha512 hmac random )
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
CRYPT_INC_PATH=wolfssl/wolfcrypt
CRYPT_SRC_PATH=wolfcrypt/src
add CAVP selftest option for special build
2018-02-22 16:17:08 -07:00
CAVP_SELFTEST_ONLY="yes"
;;
backup updates for SGX and DB jobs
2018-03-16 15:34:30 -06:00
sgx)
FIPS_VERSION=$SGX_FIPS_VERSION
FIPS_REPO=$SGX_FIPS_REPO
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
CRYPT_VERSION=$SGX_CRYPT_VERSION
CRYPT_REPO=$SGX_CRYPT_REPO
backup updates for SGX and DB jobs
2018-03-16 15:34:30 -06:00
;;
netos-7.6)
FIPS_VERSION=$NETOS_7_6_FIPS_VERSION
FIPS_REPO=$NETOS_7_6_FIPS_REPO
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
CRYPT_VERSION=$NETOS_7_6_CRYPT_VERSION
CRYPT_REPO=$NETOS_7_6_CRYPT_REPO
backup updates for SGX and DB jobs
2018-03-16 15:34:30 -06:00
;;
updated fips-check to cover all builds
2015-06-19 22:21:27 -07:00
*)
Usage
exit 1
esac
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
if ! $GIT clone . $TEST_DIR; then
echo "fips-check: Couldn't duplicate current working directory."
exit 1
fi
Added fips-check script when running commit-tests.
2014-11-19 12:00:04 -08:00
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
pushd $TEST_DIR || exit 2
Added fips-check script when running commit-tests.
2014-11-19 12:00:04 -08:00
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
if [ "x$FIPS_OPTION" == "xv1" ];
then
# make a clone of the last FIPS release tag
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
if ! $GIT clone -b $CRYPT_VERSION $CRYPT_REPO old-tree; then
echo "fips-check: Couldn't checkout the FIPS release."
exit 1
fi
Added fips-check script when running commit-tests.
2014-11-19 12:00:04 -08:00
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
for MOD in "${WC_MODS[@]}"
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
do
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
cp "old-tree/$CRYPT_SRC_PATH/${MOD}.c" $CRYPT_SRC_PATH
cp "old-tree/$CRYPT_INC_PATH/${MOD}.h" $CRYPT_INC_PATH
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
done
Added fips-check script when running commit-tests.
2014-11-19 12:00:04 -08:00
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
# The following is temporary. We are using random.c from a separate release
# This is forcefully overwriting any other checkout of the cyassl sources.
# Removing this as default behavior for SGX and netos projects.
if [ "x$CAVP_SELFTEST_ONLY" == "xno" ] && [ "x$PLATFORM" != "xsgx" ] && \
[ "x$PLATFORM" != "xnetos-7.6" ];
then
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
pushd old-tree || exit 2
$GIT checkout v3.6.0
popd || exit 2
cp "old-tree/$CRYPT_SRC_PATH/random.c" $CRYPT_SRC_PATH
cp "old-tree/$CRYPT_INC_PATH/random.h" $CRYPT_INC_PATH
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
fi
else
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
$GIT branch --no-track "my$CRYPT_VERSION" $CRYPT_VERSION
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
# Checkout the fips versions of the wolfCrypt files from the repo.
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
for MOD in "${WC_MODS[@]}"
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
do
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
$GIT checkout "my$CRYPT_VERSION" -- "$CRYPT_SRC_PATH/$MOD.c" "$CRYPT_INC_PATH/$MOD.h"
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
done
rever to default but exclude for sgx/netos projects
2018-04-30 14:57:29 -06:00
fi
updated fips-check to cover all builds
2015-06-19 22:21:27 -07:00
Added fips-check script when running commit-tests.
2014-11-19 12:00:04 -08:00
# clone the FIPS repository
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
if ! $GIT clone -b $FIPS_VERSION $FIPS_REPO fips; then
echo "fips-check: Couldn't checkout the FIPS repository."
exit 1
fi
Added fips-check script when running commit-tests.
2014-11-19 12:00:04 -08:00
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
for SRC in "${FIPS_SRCS[@]}"
Added fips-check script when running commit-tests.
2014-11-19 12:00:04 -08:00
do
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
cp "fips/$SRC" $CRYPT_SRC_PATH
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
done
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
for INC in "${FIPS_INCS[@]}"
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
do
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
cp "fips/$INC" $CRYPT_INC_PATH
Added fips-check script when running commit-tests.
2014-11-19 12:00:04 -08:00
done
# run the make test
./autogen.sh
add CAVP selftest option for special build
2018-02-22 16:17:08 -07:00
if [ "x$CAVP_SELFTEST_ONLY" == "xyes" ];
then
./configure --enable-selftest
else
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
./configure --enable-fips=$FIPS_OPTION
add CAVP selftest option for special build
2018-02-22 16:17:08 -07:00
fi
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
if ! make; then
echo "fips-check: Make failed. Debris left for analysis."
exit 3
fi
Added fips-check script when running commit-tests.
2014-11-19 12:00:04 -08:00
add CAVP selftest option for special build
2018-02-22 16:17:08 -07:00
if [ "x$CAVP_SELFTEST_ONLY" == "xno" ];
then
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
NEWHASH=$(./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p')
add CAVP selftest option for special build
2018-02-22 16:17:08 -07:00
if [ -n "$NEWHASH" ]; then
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
sed -i.bak "s/^\".*\";/\"${NEWHASH}\";/" $CRYPT_SRC_PATH/fips_test.c
add CAVP selftest option for special build
2018-02-22 16:17:08 -07:00
make clean
fi
bugfix in the FIPS check script
2014-11-24 12:50:55 -08:00
fi
Added fips-check script when running commit-tests.
2014-11-19 12:00:04 -08:00
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
if ! make test; then
echo "fips-check: Test failed. Debris left for analysis."
exit 3
fi
Added fips-check script when running commit-tests.
2014-11-19 12:00:04 -08:00
fips checkout for OpenRTOS v9.0.0 w/ wolfCrypt v3.9.2 on Atmels ATSAM4L CPU
2017-01-30 15:32:59 -07:00
if [ ${#FIPS_CONFLICTS[@]} -ne 0 ];
then
echo "Due to the way this package is compiled by the customer duplicate"
echo "source file names are an issue, renaming:"
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
for FNAME in "${FIPS_CONFLICTS[@]}"
fips checkout for OpenRTOS v9.0.0 w/ wolfCrypt v3.9.2 on Atmels ATSAM4L CPU
2017-01-30 15:32:59 -07:00
do
echo "wolfcrypt/src/$FNAME.c to wolfcrypt/src/wc_$FNAME.c"
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
mv "./wolfcrypt/src/$FNAME.c" "./wolfcrypt/src/wc_$FNAME.c"
fips checkout for OpenRTOS v9.0.0 w/ wolfCrypt v3.9.2 on Atmels ATSAM4L CPU
2017-01-30 15:32:59 -07:00
done
echo "Confirming files were renamed..."
ls -la ./wolfcrypt/src/wc_*.c
fi
Added fips-check script when running commit-tests.
2014-11-19 12:00:04 -08:00
# Clean up
FIPS Revalidation (acceptance fixes) 1. Update the fips-check script to pull the FIPSv2 code from the main repositories. 2. Script cleanup. 3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
popd || exit 2
add keep option to fips-check.sh to keep FIPS temp folder around
2017-03-16 11:10:12 -07:00
if [ "x$KEEP" == "xno" ];
then
rm -rf $TEST_DIR
fi
Copy Permalink