diff --git a/examples/server/server.c b/examples/server/server.c index 544ff46cf..7bc9fce7e 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -27,7 +27,7 @@ #include #ifdef HAVE_ECC - #include /* ecc_fp_free */ + #include /* wc_ecc_fp_free */ #endif #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) @@ -1137,7 +1137,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) if (useAnon) { #ifdef HAVE_ANON - SSL_CTX_allow_anon_cipher(ctx); + wolfSSL_CTX_allow_anon_cipher(ctx); if (cipherList == NULL || (cipherList && useDefCipherList)) { const char* defaultCipherList; defaultCipherList = "ADH-AES256-GCM-SHA384:" @@ -1179,7 +1179,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #ifdef HAVE_SNI if (sniHostName) - if (SSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, sniHostName, + if (wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, sniHostName, (word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS) err_sys_ex(runWithErrors, "UseSNI failed"); #endif @@ -1681,7 +1681,7 @@ exit: #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) - ecc_fp_free(); /* free per thread cache */ + wc_ecc_fp_free(); /* free per thread cache */ #endif #ifdef WOLFSSL_TIRTOS diff --git a/src/include.am b/src/include.am index 8ef4afbe0..26112e16e 100644 --- a/src/include.am +++ b/src/include.am @@ -326,7 +326,7 @@ if BUILD_SLOWMATH src_libwolfssl_la_SOURCES += wolfcrypt/src/integer.c endif -if !BUILD_FIPS +if !BUILD_FIPS_V2 if BUILD_ECC src_libwolfssl_la_SOURCES += wolfcrypt/src/ecc.c endif diff --git a/tests/api.c b/tests/api.c index 33f8836e1..2da8be757 100644 --- a/tests/api.c +++ b/tests/api.c @@ -8408,12 +8408,19 @@ static int test_wc_AesGcmEncryptDecrypt (void) } } - /* This case is now considered good. Long IVs are now allowed. */ + /* This case is now considered good. Long IVs are now allowed. + * Except for the original FIPS release, it still has an upper + * bound on the IV length. */ +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) if (gcmE == 0) { gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV, sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)); } +#else + (void)longIV; +#endif /* Old FIPS */ /* END wc_AesGcmEncrypt */ printf(resultFmt, gcmE == 0 ? passed : failed); diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 099d0ce17..1c8d569ed 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -8016,6 +8016,8 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, #endif /* (WOLFSSL_XILINX_CRYPT) */ +#ifndef WC_NO_RNG + int wc_AesGcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz, byte* iv, word32 ivSz, byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz, WC_RNG* rng) @@ -8039,6 +8041,8 @@ int wc_AesGcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz, return ret; } +#endif /* WC_NO_RNG */ + WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len) { diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 687ac9425..982b4eaed 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -6601,6 +6601,8 @@ int aesgcm_test(void) #endif /* WOLFSSL_AES_256 */ /* Test encrypt with internally generated IV */ +#if !defined(WC_NO_RNG) && \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) { WC_RNG rng; byte randIV[12]; @@ -6646,6 +6648,7 @@ int aesgcm_test(void) return -8212; wc_FreeRng(&rng); } +#endif /* WC_NO_RNG && FIPSv2 */ wc_AesFree(&enc); diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index 418b50b10..44b77df11 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -38,7 +38,7 @@ /* included for fips @wc_fips */ #if defined(HAVE_FIPS) && \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) #include #if defined(CYASSL_AES_COUNTER) && !defined(WOLFSSL_AES_COUNTER) #define WOLFSSL_AES_COUNTER @@ -62,6 +62,10 @@ #include "xsecure_aes.h" #endif +#if defined(HAVE_AESGCM) && !defined(WC_NO_RNG) + #include +#endif + #ifdef __cplusplus extern "C" { @@ -140,8 +144,6 @@ typedef struct XtsAes { #endif #ifdef HAVE_AESGCM -#include - typedef struct Gmac { Aes aes; } Gmac; @@ -215,12 +217,14 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz); +#ifndef WC_NO_RNG WOLFSSL_API int wc_AesGcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz, byte* iv, word32 ivSz, byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz, WC_RNG* rng); +#endif /* WC_NO_RNG */ WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len); WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz, diff --git a/wolfssl/wolfcrypt/dh.h b/wolfssl/wolfcrypt/dh.h index 4c6c8fd29..f53885393 100644 --- a/wolfssl/wolfcrypt/dh.h +++ b/wolfssl/wolfcrypt/dh.h @@ -42,10 +42,6 @@ extern "C" { #endif -/* avoid redefinition of structs */ -#if !defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) - #ifdef WOLFSSL_ASYNC_CRYPT #include #endif @@ -65,7 +61,6 @@ typedef struct DhKey { #endif } DhKey; -#endif /* HAVE_FIPS */ #ifdef HAVE_FFDHE_2048 WOLFSSL_API const DhParams* wc_Dh_ffdhe2048_Get(void); diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index 2e0f9f6b8..ead4fe8b3 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -35,6 +35,12 @@ #include #endif /* HAVE_FIPS_VERSION >= 2 */ +/* included for fips @wc_fips */ +#if defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) +#include +#endif + #ifdef __cplusplus extern "C" { #endif