feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

FIPS Revalidation (acceptance fixes)

Browse Source 
1. Add a couple of missing options to user_settings.h for Win10 and configure.ac.
2. Clear the execute flag from the ecc.h.
This commit is contained in:
John Safranek
2018-06-07 10:50:39 -07:00
parent 234228e5af
commit 391d1953fa
3 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
IDE/WIN10/user_settings.h Executable file → Normal file
View File

@ -32,13 +32,16 @@
#define ECC_SHAMIR #define ECC_SHAMIR
#define HAVE_ECC_CDH #define HAVE_ECC_CDH
#define ECC_TIMING_RESISTANT #define ECC_TIMING_RESISTANT
#define TFM_TIMING_RESISTANT
#define WOLFSSL_AES_COUNTER #define WOLFSSL_AES_COUNTER
#define WOLFSSL_AES_DIRECT #define WOLFSSL_AES_DIRECT
#define HAVE_AES_ECB #define HAVE_AES_ECB
#define HAVE_AESCCM #define HAVE_AESCCM
#define WOLFSSL_CMAC #define WOLFSSL_CMAC
#define HAVE_HKDF #define HAVE_HKDF
#define WOLFSSL_PUBLIC_MP #define WOLFSSL_VALIDATE_ECC_IMPORT
#define WOLFSSL_VALIDATE_FFC_IMPORT
#define HAVE_FFDHE_Q
#endif /* FIPS v2 */ #endif /* FIPS v2 */
#else #else
/* Enables blinding mode, to prevent timing attacks */ /* Enables blinding mode, to prevent timing attacks */

5
configure.ac
View File

@ -2060,7 +2060,7 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS" AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
# Add the FIPS flag. # Add the FIPS flag.
AS_IF([test "x$FIPS_VERSION" = "xv2"], AS_IF([test "x$FIPS_VERSION" = "xv2"],
[AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DFP_MAX_BITS=6144 -DWOLFSSL_VALIDATE_FFC_IMPORT" [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DFP_MAX_BITS=6144 -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
ENABLED_KEYGEN="yes" ENABLED_KEYGEN="yes"
ENABLED_SHA224="yes" ENABLED_SHA224="yes"
AS_IF([test "x$ENABLED_AESCCM" != "xyes"], AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
@ -2073,7 +2073,8 @@ then
[ENABLED_ECC="yes" [ENABLED_ECC="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DWOLFSSL_VALIDATE_ECC_IMPORT" AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DWOLFSSL_VALIDATE_ECC_IMPORT"
AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"], AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])]) [AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT"])
AS_IF([test "x$ENABLED_AESCTR" != "xyes"], AS_IF([test "x$ENABLED_AESCTR" != "xyes"],
[ENABLED_AESCTR="yes" [ENABLED_AESCTR="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"]) AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])

0
wolfssl/wolfcrypt/ecc.h Executable file → Normal file
View File