From 675a571818021f141d4a082b6608a9fb7f485f55 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Mon, 1 Mar 2021 08:44:01 -0800
Subject: [PATCH] Add CASTs for TLSv1.2, TLSv1.3, and SSH KDFs.

---
 wolfcrypt/src/error.c           | 9 +++++++++
 wolfssl/wolfcrypt/error-crypt.h | 5 ++++-
 wolfssl/wolfcrypt/fips_test.h   | 3 +++
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c
index 89d13ceba..b1bbfe376 100644
--- a/wolfcrypt/src/error.c
+++ b/wolfcrypt/src/error.c
@@ -524,6 +524,15 @@ const char* wc_GetErrorString(int error)
     case RSA_PAT_FIPS_E:
         return "wolfcrypt FIPS RSA Pairwise Agreement Test Failure";
 
+    case KDF_TLS12_KAT_FIPS_E:
+        return "wolfcrypt FIPS TLSv1.2 KDF Known Answer Test Failure";
+
+    case KDF_TLS13_KAT_FIPS_E:
+        return "wolfcrypt FIPS TLSv1.3 KDF Known Answer Test Failure";
+
+    case KDF_SSH_KAT_FIPS_E:
+        return "wolfcrypt FIPS SSH KDF Known Answer Test Failure";
+
     default:
         return "unknown error number";
 
diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h
index ed497eea3..11df5975b 100644
--- a/wolfssl/wolfcrypt/error-crypt.h
+++ b/wolfssl/wolfcrypt/error-crypt.h
@@ -236,8 +236,11 @@ enum {
     ASN_SELF_SIGNED_E   = -275,  /* ASN self-signed certificate error */
     ECDSA_KAT_FIPS_E    = -276,  /* ECDSA KAT failure */
     RSA_PAT_FIPS_E      = -277,  /* RSA Pairwise failure */
+    KDF_TLS12_KAT_FIPS_E = -278,  /* TLS12 KDF KAT failure */
+    KDF_TLS13_KAT_FIPS_E = -279,  /* TLS13 KDF KAT failure */
+    KDF_SSH_KAT_FIPS_E  = -280,  /* SSH KDF KAT failure */
 
-    WC_LAST_E           = -277,  /* Update this to indicate last error */
+    WC_LAST_E           = -280,  /* Update this to indicate last error */
     MIN_CODE_E          = -300   /* errors -101 - -299 */
 
     /* add new companion error id strings for any new error codes
diff --git a/wolfssl/wolfcrypt/fips_test.h b/wolfssl/wolfcrypt/fips_test.h
index eff1732c9..1aa6004f9 100644
--- a/wolfssl/wolfcrypt/fips_test.h
+++ b/wolfssl/wolfcrypt/fips_test.h
@@ -47,6 +47,9 @@ enum FipsCastId {
     FIPS_CAST_ECDSA,
     FIPS_CAST_ECDSA_PAIRWISE,
     FIPS_CAST_ECDSA_SHA3_PAIRWISE,
+    FIPS_CAST_KDF_TLS12,
+    FIPS_CAST_KDF_TLS13,
+    FIPS_CAST_KDF_SSH,
     FIPS_CAST_COUNT
 };