feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

FIPS 140-3

Browse Source 
1. Added enable option for FIPS 140-3 in configure script.
2. Modify DES3 source to disallow DES3 for the new option.
3. Added the new constants to fips_test.h.
4. Added some new test functions.
5. Added API for doing the POST.
6. Added a processing state for the CASTs.
7. Delete some unused prototypes from FIPS test API.
This commit is contained in:
John Safranek
2020-10-12 16:06:20 -07:00
parent c201b6801c
commit 2b6dc31145
7 changed files with 220 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
configure.ac
View File

@ -174,7 +174,7 @@ ENABLED_CERTS="no"
# FIPS
# FIPS 140-2
AC_ARG_ENABLE([fips],
[AS_HELP_STRING([--enable-fips],[Enable FIPS 140-2, Will NOT work w/o FIPS license (default: disabled)])],
[ENABLED_FIPS=$enableval],
@ -190,7 +190,7 @@ AS_CASE([$ENABLED_FIPS],
FIPS_VERSION="none"
ENABLED_FIPS="no"
],
[rand|v1|v2],[
[rand|v1|v2|v3],[
FIPS_VERSION="$ENABLED_FIPS"
ENABLED_FIPS="yes"
],
@ -221,6 +221,13 @@ AS_CASE([$FIPS_VERSION],
]
)
# FIPS 140-3
AC_ARG_ENABLE([fips-3],
[AS_HELP_STRING([--enable-fips-3],[Enable FIPS 140-3, Will NOT work w/o FIPS license (default: disabled)])],
[ENABLED_FIPS_3=$enableval],
[ENABLED_FIPS_3="no"])
AS_IF([test "x$ENABLED_FIPS_3" = "xyes"],[ENABLED_FIPS="yes";FIPS_VERSION="v3"])
# Linux Kernel Module
AC_ARG_ENABLE([linuxkm],
[AS_HELP_STRING([--enable-linuxkm],[Enable Linux Kernel Module (default: disabled)])],
@ -2938,6 +2945,33 @@ fi
# FIPS
AS_CASE([$FIPS_VERSION],
["v3"], [
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=3 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
ENABLED_KEYGEN="yes"; ENABLED_SHA224="yes"; ENABLED_DES3="no"
# Shake256 is a SHA-3 algorithm not in our FIPS algorithm list
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"
AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
[ENABLED_AESCCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
AS_IF([test "x$ENABLED_RSAPSS" != "xyes"],
[ENABLED_RSAPSS="yes"; AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
AS_IF([test "x$ENABLED_ECC" != "xyes"],
[ENABLED_ECC="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DWOLFSSL_VALIDATE_ECC_IMPORT"
AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT"])
AS_IF([test "x$ENABLED_AESCTR" != "xyes"],
[ENABLED_AESCTR="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
AS_IF([test "x$ENABLED_CMAC" != "xyes"],
[ENABLED_CMAC="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
AS_IF([test "x$ENABLED_HKDF" != "xyes"],
[ENABLED_HKDF="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
AS_IF([test "x$ENABLED_INTELASM" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"])
AS_IF([test "x$ENABLED_SHA512" = "xno"],
[ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
AS_IF([test "x$ENABLED_AESGCM" = "xno"],
[ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
],
["v2"],[
AS_IF([test "x$FIPS_READY" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=3"],
@ -2970,29 +3004,27 @@ AS_CASE([$FIPS_VERSION],
AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
AS_IF([test "x$ENABLED_INTELASM" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"])
AS_IF([test "x$ENABLED_SHA512" = "xno"],
[ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
AS_IF([test "x$ENABLED_AESGCM" = "xno"],
[ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])
],
["rand"],[
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_FIPS_RAND -DHAVE_FIPS -DHAVE_FIPS_VERSION=2"
],
["v1"],[
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
AS_IF([test "x$ENABLED_SHA512" = "xno"],
[ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
AS_IF([test "x$ENABLED_AESGCM" = "xno"],
[ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])
])
AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$thread_ls_on" = "xno"],
[AC_MSG_ERROR([FIPS requires Thread Local Storage])])
AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$FIPS_VERSION" != "xrand"],
[
# Force enable the prerequisites.
AS_IF([test "x$ENABLED_SHA512" = "xno"],
[ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
AS_IF([test "x$ENABLED_AESGCM" = "xno"],
[ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])
],
[
AS_IF([test "x$ENABLED_FORTRESS" = "xyes"],[ENABLED_DES3="yes"])
])
# SELFTEST
@ -3023,16 +3055,6 @@ AS_CASE([$SELFTEST_VERSION],
AM_CFLAGS="$AM_CFLAGS -DHAVE_SELFTEST"
])
# set POLY1305 default
POLY1305_DEFAULT=yes
if test "x$ENABLED_FIPS" = "xyes"
then
POLY1305_DEFAULT=no
fi
# Set SHA-3 and SHAKE256 flags
if test "$ENABLED_SHA3" = "yes" && test "$ENABLED_32BIT" = "no"
@ -3054,6 +3076,14 @@ then
fi
# set POLY1305 default
POLY1305_DEFAULT=yes
if test "x$ENABLED_FIPS" = "xyes"
then
POLY1305_DEFAULT=no
fi
# POLY1305
AC_ARG_ENABLE([poly1305],
[AS_HELP_STRING([--enable-poly1305],[Enable wolfSSL POLY1305 support (default: enabled)])],
@ -6148,7 +6178,7 @@ AM_CONDITIONAL([BUILD_FIPS],[test "x$ENABLED_FIPS" = "xyes"])
AM_CONDITIONAL([BUILD_FIPS_V1],[test "x$FIPS_VERSION" = "xv1"])
AM_CONDITIONAL([BUILD_FIPS_V2],[test "x$FIPS_VERSION" = "xv2"])
AM_CONDITIONAL([BUILD_FIPS_RAND],[test "x$FIPS_VERSION" = "xrand"])
AM_CONDITIONAL([BUILD_FIPS_READY],[test "x$FIPS_READY" = "xyes"])
AM_CONDITIONAL([BUILD_FIPS_V3],[test "x$FIPS_VERSION" = "xv3"])
AM_CONDITIONAL([BUILD_CMAC],[test "x$ENABLED_CMAC" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_SELFTEST],[test "x$ENABLED_SELFTEST" = "xyes"])
AM_CONDITIONAL([BUILD_SHA224],[test "x$ENABLED_SHA224" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])

28
fips-check.sh
View File

@ -36,6 +36,7 @@ Platform is one of:
stm32l4-v2 (FIPSv2, use for STM32L4)
wolfrand
solaris
linuxv3 (FIPS 140-3)
Keep (default off) retains the XXX-fips-test temp dir for inspection.
Example:
@ -265,6 +266,15 @@ solaris)
FIPS_OPTION=v2
MAKE=gmake
;;
linuxv3)
FIPS_REPO='/Users/john/src/fips'
CRYPT_REPO='/Users/john/src/wolfssl'
CRYPT_INC_PATH='wolfssl/wolfcrypt'
CRYPT_SRC_PATH='wolfcrypt/src'
FIPS_SRCS+=( wolfcrypt_first.c wolfcrypt_last.c )
FIPS_INCS=( fips.h )
FIPS_OPTION='v3'
;;
*)
Usage
exit 1
@ -319,20 +329,30 @@ then
elif [ "x$FIPS_OPTION" == "xready" ]
then
echo "Don't need to copy anything in particular for FIPS Ready."
elif [ "x$FIPS_OPTION" == "xv3" ]
then
echo "Don't need to copy anything in particular for FIPS 140-3, yet."
else
echo "fips-check: Invalid FIPS option."
exit 1
fi
# clone the FIPS repository
if [ "x$FIPS_OPTION" != "xready" ]
if [ "x$FIPS_OPTION" = "xready" ]
then
if ! $GIT clone --depth 1 -b $FIPS_VERSION $FIPS_REPO fips; then
echo "fips-check: Couldn't checkout the FIPS repository."
if ! $GIT clone --depth 1 $FIPS_REPO fips; then
echo "fips-check: Couldn't checkout the FIPS repository for FIPS Ready."
exit 1
fi
FIPS_OPTION="v2"
elif test "x$FIPS_OPTION" = "xv3"
then
if ! $GIT clone $FIPS_REPO fips; then
echo "fips-check: Couldn't checkout the FIPS repository FIPS 140-3."
exit 1
fi
else
if ! $GIT clone --depth 1 $FIPS_REPO fips; then
if ! $GIT clone --depth 1 -b $FIPS_VERSION $FIPS_REPO fips; then
echo "fips-check: Couldn't checkout the FIPS repository."
exit 1
fi

117
src/include.am
View File

@ -66,7 +66,7 @@ endif
if BUILD_FIPS_V2
# FIPSv2 first file
src_libwolfssl_la_SOURCES += \
wolfcrypt/src/wolfcrypt_first.c
wolfcrypt/src/wolfcrypt_first.c
src_libwolfssl_la_SOURCES += \
wolfcrypt/src/hmac.c \
@ -83,11 +83,6 @@ endif
if BUILD_AES
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes.c
if BUILD_ARMASM
if BUILD_FIPS_READY
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c
endif
endif
endif
if BUILD_AESNI
@ -105,24 +100,12 @@ if BUILD_SHA
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha.c
endif
if BUILD_ARMASM
if BUILD_FIPS_READY
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c
endif
endif
if BUILD_INTELASM
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha256_asm.S
endif
if BUILD_SHA512
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha512.c
if BUILD_ARMASM
if BUILD_FIPS_READY
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512-asm.S
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
endif
endif
if BUILD_INTELASM
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha512_asm.S
endif
@ -159,6 +142,80 @@ src_libwolfssl_la_SOURCES += \
wolfcrypt/src/wolfcrypt_last.c
endif BUILD_FIPS_RAND
if BUILD_FIPS_V3
# FIPS 140-3 first file
src_libwolfssl_la_SOURCES += \
wolfcrypt/src/wolfcrypt_first.c
src_libwolfssl_la_SOURCES += \
wolfcrypt/src/hmac.c \
wolfcrypt/src/random.c \
wolfcrypt/src/sha256.c
if BUILD_RSA
src_libwolfssl_la_SOURCES += wolfcrypt/src/rsa.c
endif
if BUILD_ECC
src_libwolfssl_la_SOURCES += wolfcrypt/src/ecc.c
endif
if BUILD_AES
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes.c
if BUILD_ARMASM
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c
endif
endif
if BUILD_AESNI
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes_asm.S
if BUILD_INTELASM
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes_gcm_asm.S
endif
endif
if BUILD_SHA
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha.c
endif
if BUILD_ARMASM
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c
endif
if BUILD_INTELASM
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha256_asm.S
endif
if BUILD_SHA512
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha512.c
if BUILD_ARMASM
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512-asm.S
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
endif
if BUILD_INTELASM
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha512_asm.S
endif
endif
if BUILD_SHA3
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha3.c
endif
if BUILD_DH
src_libwolfssl_la_SOURCES += wolfcrypt/src/dh.c
endif
if BUILD_CMAC
src_libwolfssl_la_SOURCES += wolfcrypt/src/cmac.c
endif
src_libwolfssl_la_SOURCES += wolfcrypt/src/fips.c \
wolfcrypt/src/fips_test.c
# fips last file
src_libwolfssl_la_SOURCES += wolfcrypt/src/wolfcrypt_last.c
endif
endif BUILD_FIPS
# For wolfRand, exclude everything else.
@ -168,9 +225,11 @@ if !BUILD_FIPS_RAND
# For wolfRand, exclude just a couple files.
# For old FIPS, keep the wolfCrypt versions of the
# CtaoCrypt files included above.
if !BUILD_FIPS_V3
if !BUILD_FIPS_V2
src_libwolfssl_la_SOURCES += wolfcrypt/src/hmac.c
endif
endif
# CAVP self test
if BUILD_SELFTEST
@ -185,12 +244,15 @@ src_libwolfssl_la_SOURCES += \
if !BUILD_FIPS_RAND
if !BUILD_FIPS_V3
if !BUILD_FIPS_V2
if BUILD_RNG
src_libwolfssl_la_SOURCES += wolfcrypt/src/random.c
endif
endif
endif
if !BUILD_FIPS_V3
if !BUILD_FIPS_V2
if BUILD_ARMASM
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c
@ -201,6 +263,7 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/sha256_asm.S
endif
endif
endif
endif
if BUILD_AFALG
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/af_alg/afalg_hash.c
@ -219,12 +282,14 @@ if BUILD_RSA
if BUILD_FAST_RSA
src_libwolfssl_la_SOURCES += wolfcrypt/user-crypto/src/rsa.c
else
if !BUILD_FIPS_V3
if !BUILD_FIPS_V2
src_libwolfssl_la_SOURCES += wolfcrypt/src/rsa.c
endif
endif
endif
endif
endif
if BUILD_RC2
src_libwolfssl_la_SOURCES += wolfcrypt/src/rc2.c
@ -260,6 +325,7 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/sp_cortexm.c
endif
endif
if !BUILD_FIPS_V3
if !BUILD_FIPS_V2
if BUILD_AES
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes.c
@ -271,12 +337,15 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/port/af_alg/afalg_aes.c
endif
endif
endif
endif
if !BUILD_FIPS_V3
if !BUILD_FIPS_V2
if BUILD_CMAC
src_libwolfssl_la_SOURCES += wolfcrypt/src/cmac.c
endif
endif
endif
if !BUILD_FIPS_V2
if BUILD_DES3
@ -284,12 +353,15 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/des3.c
endif
endif
if !BUILD_FIPS_V3
if !BUILD_FIPS_V2
if BUILD_SHA
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha.c
endif
endif
endif
if !BUILD_FIPS_V3
if !BUILD_FIPS_V2
if BUILD_SHA512
if BUILD_ARMASM
@ -304,12 +376,15 @@ endif
endif
endif
endif
endif
if !BUILD_FIPS_V3
if !BUILD_FIPS_V2
if BUILD_SHA3
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha3.c
endif
endif
endif
endif !BUILD_FIPS_RAND
@ -331,11 +406,13 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/memory.c
endif
if !BUILD_FIPS_RAND
if !BUILD_FIPS_V3
if !BUILD_FIPS_V2
if BUILD_DH
src_libwolfssl_la_SOURCES += wolfcrypt/src/dh.c
endif
endif
endif
if BUILD_ASN
src_libwolfssl_la_SOURCES += wolfcrypt/src/asn.c
@ -380,12 +457,14 @@ if BUILD_DSA
src_libwolfssl_la_SOURCES += wolfcrypt/src/dsa.c
endif
if !BUILD_FIPS_V3
if !BUILD_FIPS_V2
if BUILD_AESNI
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes_asm.S
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes_gcm_asm.S
endif
endif
endif
if BUILD_CAMELLIA
src_libwolfssl_la_SOURCES += wolfcrypt/src/camellia.c
@ -440,11 +519,13 @@ if BUILD_SLOWMATH
src_libwolfssl_la_SOURCES += wolfcrypt/src/integer.c
endif
if !BUILD_FIPS_V3
if !BUILD_FIPS_V2
if BUILD_ECC
src_libwolfssl_la_SOURCES += wolfcrypt/src/ecc.c
endif
endif
endif
if BUILD_CURVE25519
src_libwolfssl_la_SOURCES += wolfcrypt/src/curve25519.c

2
wolfcrypt/src/des3.c
View File

@ -32,7 +32,7 @@
#ifndef NO_DES3
#if defined(HAVE_FIPS) && \
defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2)
/* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
#define FIPS_NO_WRAPPERS

6
wolfssl/wolfcrypt/des3.h
View File

@ -31,12 +31,12 @@
#ifndef NO_DES3
#if defined(HAVE_FIPS) && \
defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2)
#include <wolfssl/wolfcrypt/fips.h>
#endif /* HAVE_FIPS_VERSION >= 2 */
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
/* included for fips @wc_fips */
#include <cyassl/ctaocrypt/des3.h>
#endif
@ -55,7 +55,7 @@ enum {
/* avoid redefinition of structs */
#if !defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2))
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>

36
wolfssl/wolfcrypt/fips_test.h
View File

@ -31,8 +31,35 @@
extern "C" {
#endif
/* Known Answer Test string inputs are hex, internal */
WOLFSSL_LOCAL int DoKnownAnswerTests(char*, int);
enum FipsCastId {
FIPS_CAST_AES_CBC,
FIPS_CAST_AES_GCM,
FIPS_CAST_HMAC_SHA1,
FIPS_CAST_HMAC_SHA2_256,
FIPS_CAST_HMAC_SHA2_512,
FIPS_CAST_HMAC_SHA3_256,
FIPS_CAST_DRBG,
FIPS_CAST_RSA_SIGN_PKCS1v15,
FIPS_CAST_ECC_CDH,
FIPS_CAST_ECC_PRIMITIVE_Z,
FIPS_CAST_DH_PRIMITIVE_Z,
FIPS_CAST_ECDSA_PAIRWISE,
FIPS_CAST_COUNT
};
enum FipsCastStateId {
FIPS_CAST_STATE_INIT,
FIPS_CAST_STATE_PROCESSING,
FIPS_CAST_STATE_SUCCESS,
FIPS_CAST_STATE_FAILURE
};
enum FipsModeId {
FIPS_MODE_INIT,
FIPS_MODE_NORMAL,
FIPS_MODE_DEGRADED,
FIPS_MODE_FAILED
};
/* FIPS failure callback */
@ -50,6 +77,11 @@ WOLFSSL_API const char* wolfCrypt_GetCoreHash_fips(void);
WOLFSSL_API int wolfCrypt_SetStatus_fips(int);
#endif
WOLFSSL_LOCAL int DoIntegrityTest(char*, int);
WOLFSSL_API int wc_GetCastStatus_fips(int);
WOLFSSL_LOCAL int DoPOST(char*, int);
WOLFSSL_LOCAL int DoCAST(int);
#ifdef __cplusplus
} /* extern "C" */

4
wolfssl/wolfcrypt/include.am
View File

@ -146,3 +146,7 @@ endif
if BUILD_FIPS_RAND
nobase_include_HEADERS+= wolfssl/wolfcrypt/fips.h
endif
if BUILD_FIPS_V3
nobase_include_HEADERS+= wolfssl/wolfcrypt/fips.h
endif