wolfRand

In configure.ac,
1. Change some whitespace in the FIPS enable section.
2. Reorganize the FIPS section a little bit.
3. When enabling wolfRand, also force cryptonly.
4. Treat wolfRand like FIPSv2 at build time.
In the source include.am,
5. Add checks against BUILD_FIPS_RAND as appropriate.
6. Add the SHA-256 assembly to the wolfRand source list.

configure.ac

@@ -2282,7 +2282,7 @@ AS_CASE([$ENABLED_FIPS],
     ["rand"],[
         ENABLED_FIPS="yes"
         FIPS_VERSION="rand"
-            AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_FIPS_RAND"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_FIPS_RAND -DHAVE_FIPS -DHAVE_FIPS_VERSION=2"
     ],
     ["no"],[FIPS_VERSION="none"],
     [
@@ -2291,13 +2291,15 @@ AS_CASE([$ENABLED_FIPS],
         AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
     ])
 
-AS_IF([test "x$ENABLED_FIPS" = "xyes"],
+AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$thread_ls_on" = "xno"],
+    [AC_MSG_ERROR([FIPS requires Thread Local Storage])])
+
+AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$FIPS_VERSION" != "xrand"],
 [
-    # Check prerequisites, force them on or error out.
+    # Force enable the prerequisites.
-    AS_IF([test "x$thread_ls_on" = "xno"],[AC_MSG_ERROR([FIPS requires Thread Local Storage])])
     AS_IF([test "x$ENABLED_SHA512" = "xno"],
         [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
-    AS_IF([test "x$ENABLED_AESGCM" != "xyes"],
+    AS_IF([test "x$ENABLED_AESGCM" = "xno"],
         [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
     AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])
 ],
@@ -3485,6 +3487,8 @@ AC_ARG_ENABLE([cryptonly],
     [ENABLED_CRYPTONLY=$enableval],
     [ENABLED_CRYPTONLY=no])
 
+AS_IF([test "x$FIPS_VERSION" = "xrand"],[ENABLED_CRYPTONLY="yes"])
+
 if test "$ENABLED_CRYPTONLY" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_ONLY"

src/include.am

@@ -124,42 +124,45 @@ src_libwolfssl_la_SOURCES += \
                wolfcrypt/src/hmac.c \
                wolfcrypt/src/random.c \
                wolfcrypt/src/sha256.c \
+               wolfcrypt/src/sha256_asm.S \
                wolfcrypt/src/fips.c \
                wolfcrypt/src/fips_test.c \
                wolfcrypt/src/wolfcrypt_last.c
-endif
+endif BUILD_FIPS_RAND
 
-endif
+endif BUILD_FIPS
+
+# For wolfRand, exclude everything else.
+if !BUILD_FIPS_RAND
 
 # For FIPSV2, exclude the wolfCrypt files included above.
 # For wolfRand, exclude just a couple files.
 # For old FIPS, keep the wolfCrypt versions of the
 # CtaoCrypt files included above.
 if !BUILD_FIPS_V2
-if !BUILD_FIPS_RAND
 src_libwolfssl_la_SOURCES += wolfcrypt/src/hmac.c
 endif
-endif
 
 # CAVP self test
 if BUILD_SELFTEST
 src_libwolfssl_la_SOURCES += wolfcrypt/src/selftest.c
 endif
 
+endif !BUILD_FIPS_RAND
+
 src_libwolfssl_la_SOURCES += \
                wolfcrypt/src/hash.c \
                wolfcrypt/src/cpuid.c
 
-if !BUILD_FIPS_V2
 if !BUILD_FIPS_RAND
+
+if !BUILD_FIPS_V2
 if BUILD_RNG
 src_libwolfssl_la_SOURCES += wolfcrypt/src/random.c
 endif
 endif
-endif
 
 if !BUILD_FIPS_V2
-if !BUILD_FIPS_RAND
 if BUILD_ARMASM
 src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c
 else
@@ -169,7 +172,6 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/sha256_asm.S
 endif
 endif
 endif
-endif
 
 if BUILD_AFALG
 src_libwolfssl_la_SOURCES += wolfcrypt/src/port/af_alg/afalg_hash.c
@@ -272,18 +274,25 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/sha3.c
 endif
 endif
 
+endif !BUILD_FIPS_RAND
+
 src_libwolfssl_la_SOURCES += \
                wolfcrypt/src/logging.c \
                wolfcrypt/src/wc_encrypt.c \
                wolfcrypt/src/wc_port.c \
-               wolfcrypt/src/error.c \
+               wolfcrypt/src/error.c
+
+if !BUILD_FIPS_RAND
+src_libwolfssl_la_SOURCES += \
                wolfcrypt/src/signature.c \
                wolfcrypt/src/wolfmath.c
+endif !BUILD_FIPS_RAND
 
 if BUILD_MEMORY
 src_libwolfssl_la_SOURCES += wolfcrypt/src/memory.c
 endif
 
+if !BUILD_FIPS_RAND
 if !BUILD_FIPS_V2
 if BUILD_DH
 src_libwolfssl_la_SOURCES += wolfcrypt/src/dh.c
@@ -294,10 +303,14 @@ if BUILD_ASN
 src_libwolfssl_la_SOURCES += wolfcrypt/src/asn.c
 endif
 
+endif !BUILD_FIPS_RAND
+
 if BUILD_CODING
 src_libwolfssl_la_SOURCES += wolfcrypt/src/coding.c
 endif
 
+if !BUILD_FIPS_RAND
+
 if BUILD_POLY1305
 src_libwolfssl_la_SOURCES += wolfcrypt/src/poly1305.c
 if BUILD_INTELASM
@@ -481,4 +494,6 @@ if BUILD_SNIFFER
 src_libwolfssl_la_SOURCES += src/sniffer.c
 endif
 
-endif # !BUILD_CRYPTONLY
+endif !BUILD_CRYPTONLY
+
+endif !BUILD_FIPS_RAND