forked from wolfSSL/wolfssl
Test Fixes
1. Update gitignore with some more VS outputs. 2. Update the Windows IDE user settings with FIPSv2 settings. 3. Remove redundant _InitHmac() function from ssl.c. 4. In wc_DhGenerateParams(), initialize the groupSz and bufSz to 0. 5. In wc_DhExportParamsRaw(), initialize pLen, qLen, and gLen to 0. 6. In wc_MakeRsaKey(), initialize isPrime to 0. 7. In ecc_test_make_pub(), initialize exportBuf and tmp to NULL and initialize the ECC key before any chance of trying to free it. 8. In fips_test.h header, update types.h include to use the wolfCrypt types rather than ctaocrypt types. 9. In fips_test.h header, change the visibility tags on all the function prototypes to use the WOLFSSL tags rather than CYASSL. 10. Change the wolfCrypt visibility tags to use CyaSSL's tags for old FIPS and the regular tags for new FIPS and non-FIPS builds.
This commit is contained in:
John Safranek
5
.gitignore
vendored
5
.gitignore
vendored
@@ -224,6 +224,11 @@ wrapper/CSharp/x64/
|
||||
# Visual Studio Code Workspace Files
|
||||
*.vscode
|
||||
*.userprefs
|
||||
*.exe
|
||||
*.dll
|
||||
.vs
|
||||
Backup
|
||||
UpgradeLog.htm
|
||||
|
||||
IDE/INTIME-RTOS/Debug_*
|
||||
IDE/VS-ARM/.vs
|
||||
|
||||
@@ -22,6 +22,24 @@
|
||||
#define NO_RABBIT
|
||||
#define NO_DSA
|
||||
#define NO_MD4
|
||||
|
||||
#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
|
||||
#define WOLFSSL_SHA224
|
||||
#define WOLFSSL_SHA3
|
||||
#define WC_RSA_PSS
|
||||
#define WC_RSA_NO_PADDING
|
||||
#define HAVE_ECC
|
||||
#define ECC_SHAMIR
|
||||
#define HAVE_ECC_CDH
|
||||
#define ECC_TIMING_RESISTANT
|
||||
#define WOLFSSL_AES_COUNTER
|
||||
#define WOLFSSL_AES_DIRECT
|
||||
#define HAVE_AES_ECB
|
||||
#define HAVE_AESCCM
|
||||
#define WOLFSSL_CMAC
|
||||
#define HAVE_HKDF
|
||||
#define WOLFSSL_PUBLIC_MP
|
||||
#endif /* FIPS v2 */
|
||||
#else
|
||||
/* Enables blinding mode, to prevent timing attacks */
|
||||
#define WC_RSA_BLINDING
|
||||
|
||||
58
src/ssl.c
58
src/ssl.c
@@ -24380,64 +24380,6 @@ int wolfSSL_HMAC_CTX_copy(WOLFSSL_HMAC_CTX* des, WOLFSSL_HMAC_CTX* src)
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
#ifdef HAVE_FIPS
|
||||
int _InitHmac(Hmac* hmac, int type, void* heap)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
switch (type) {
|
||||
#ifndef NO_MD5
|
||||
case WC_MD5:
|
||||
ret = wc_InitMd5(&hmac->hash.md5);
|
||||
break;
|
||||
#endif /* !NO_MD5 */
|
||||
|
||||
#ifndef NO_SHA
|
||||
case WC_SHA:
|
||||
ret = wc_InitSha(&hmac->hash.sha);
|
||||
break;
|
||||
#endif /* !NO_SHA */
|
||||
|
||||
#ifdef WOLFSSL_SHA224
|
||||
case WC_SHA224:
|
||||
ret = wc_InitSha224(&hmac->hash.sha224);
|
||||
break;
|
||||
#endif /* WOLFSSL_SHA224 */
|
||||
|
||||
#ifndef NO_SHA256
|
||||
case WC_SHA256:
|
||||
ret = wc_InitSha256(&hmac->hash.sha256);
|
||||
break;
|
||||
#endif /* !NO_SHA256 */
|
||||
|
||||
#ifdef WOLFSSL_SHA512
|
||||
#ifdef WOLFSSL_SHA384
|
||||
case WC_SHA384:
|
||||
ret = wc_InitSha384(&hmac->hash.sha384);
|
||||
break;
|
||||
#endif /* WOLFSSL_SHA384 */
|
||||
case WC_SHA512:
|
||||
ret = wc_InitSha512(&hmac->hash.sha512);
|
||||
break;
|
||||
#endif /* WOLFSSL_SHA512 */
|
||||
|
||||
#ifdef HAVE_BLAKE2
|
||||
case BLAKE2B_ID:
|
||||
ret = wc_InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256);
|
||||
break;
|
||||
#endif /* HAVE_BLAKE2 */
|
||||
|
||||
default:
|
||||
ret = BAD_FUNC_ARG;
|
||||
break;
|
||||
}
|
||||
|
||||
(void)heap;
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif /* HAVE_FIPS */
|
||||
|
||||
|
||||
int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen,
|
||||
const EVP_MD* type)
|
||||
|
||||
@@ -1247,7 +1247,7 @@ int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
|
||||
int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
|
||||
{
|
||||
mp_int tmp, tmp2;
|
||||
int groupSz, bufSz = 0,
|
||||
int groupSz = 0, bufSz = 0,
|
||||
primeCheckCount = 0,
|
||||
primeCheck = MP_NO,
|
||||
ret = 0;
|
||||
@@ -1407,7 +1407,7 @@ int wc_DhExportParamsRaw(DhKey* dh, byte* p, word32* pSz,
|
||||
byte* q, word32* qSz, byte* g, word32* gSz)
|
||||
{
|
||||
int ret = 0;
|
||||
word32 pLen, qLen, gLen;
|
||||
word32 pLen = 0, qLen = 0, gLen = 0;
|
||||
|
||||
if (dh == NULL || pSz == NULL || qSz == NULL || gSz == NULL)
|
||||
ret = BAD_FUNC_ARG;
|
||||
|
||||
@@ -2684,7 +2684,7 @@ int wc_CheckProbablePrime(const byte* pRaw, word32 pRawSz,
|
||||
int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
|
||||
{
|
||||
mp_int p, q, tmp1, tmp2, tmp3;
|
||||
int err, i, failCount, primeSz, isPrime;
|
||||
int err, i, failCount, primeSz, isPrime = 0;
|
||||
byte* buf = NULL;
|
||||
|
||||
if (key == NULL || rng == NULL)
|
||||
|
||||
@@ -14002,8 +14002,8 @@ done:
|
||||
static int ecc_test_make_pub(WC_RNG* rng)
|
||||
{
|
||||
ecc_key key;
|
||||
unsigned char* exportBuf;
|
||||
unsigned char* tmp;
|
||||
unsigned char* exportBuf = NULL;
|
||||
unsigned char* tmp = NULL;
|
||||
unsigned char msg[] = "test wolfSSL ECC public gen";
|
||||
word32 x, tmpSz;
|
||||
int ret = 0;
|
||||
@@ -14018,14 +14018,15 @@ static int ecc_test_make_pub(WC_RNG* rng)
|
||||
FILE* file;
|
||||
#endif
|
||||
|
||||
wc_ecc_init(&key);
|
||||
|
||||
tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (tmp == NULL) {
|
||||
return -6810;
|
||||
ERROR_OUT(-6810, done);
|
||||
}
|
||||
exportBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (exportBuf == NULL) {
|
||||
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return -6811;
|
||||
ERROR_OUT(-6811, done);
|
||||
}
|
||||
|
||||
#ifdef USE_CERT_BUFFERS_256
|
||||
@@ -14041,8 +14042,6 @@ static int ecc_test_make_pub(WC_RNG* rng)
|
||||
fclose(file);
|
||||
#endif /* USE_CERT_BUFFERS_256 */
|
||||
|
||||
wc_ecc_init(&key);
|
||||
|
||||
/* import private only then test with */
|
||||
ret = wc_ecc_import_private_key(tmp, tmpSz, NULL, 0, NULL);
|
||||
if (ret == 0) {
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
#ifndef WOLF_CRYPT_FIPS_TEST_H
|
||||
#define WOLF_CRYPT_FIPS_TEST_H
|
||||
|
||||
#include <cyassl/ctaocrypt/types.h>
|
||||
#include <wolfssl/wolfcrypt/types.h>
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
@@ -32,22 +32,22 @@
|
||||
#endif
|
||||
|
||||
/* Known Answer Test string inputs are hex, internal */
|
||||
CYASSL_LOCAL int DoKnownAnswerTests(char*, int);
|
||||
WOLFSSL_LOCAL int DoKnownAnswerTests(char*, int);
|
||||
|
||||
|
||||
/* FIPS failure callback */
|
||||
typedef void(*wolfCrypt_fips_cb)(int ok, int err, const char* hash);
|
||||
|
||||
/* Public set function */
|
||||
CYASSL_API int wolfCrypt_SetCb_fips(wolfCrypt_fips_cb cbf);
|
||||
WOLFSSL_API int wolfCrypt_SetCb_fips(wolfCrypt_fips_cb cbf);
|
||||
|
||||
/* Public get status functions */
|
||||
CYASSL_API int wolfCrypt_GetStatus_fips(void);
|
||||
CYASSL_API const char* wolfCrypt_GetCoreHash_fips(void);
|
||||
WOLFSSL_API int wolfCrypt_GetStatus_fips(void);
|
||||
WOLFSSL_API const char* wolfCrypt_GetCoreHash_fips(void);
|
||||
|
||||
#ifdef HAVE_FORCE_FIPS_FAILURE
|
||||
/* Public function to force failure mode for operational testing */
|
||||
CYASSL_API int wolfCrypt_SetStatus_fips(int);
|
||||
WOLFSSL_API int wolfCrypt_SetStatus_fips(int);
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
@@ -27,7 +27,10 @@
|
||||
|
||||
|
||||
/* for compatibility and so that fips is using same name of macro @wc_fips */
|
||||
#ifdef HAVE_FIPS
|
||||
/* The following visibility wrappers are for old FIPS. New FIPS should use
|
||||
* the same as a non-FIPS build. */
|
||||
#if defined(HAVE_FIPS) && \
|
||||
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
|
||||
#include <cyassl/ctaocrypt/visibility.h>
|
||||
#define WOLFSSL_API CYASSL_API
|
||||
#define WOLFSSL_LOCAL CYASSL_LOCAL
|
||||
|
||||
Reference in New Issue
Block a user