diff --git a/configure.ac b/configure.ac index 76e5af6c7..edab23f01 100644 --- a/configure.ac +++ b/configure.ac @@ -3382,6 +3382,8 @@ AS_CASE([$FIPS_VERSION], # Shake256 is a SHA-3 algorithm not in our FIPS algorithm list AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256" ENABLED_SHAKE256=no + # SHA512-224 and SHA512-256 are a SHA-2 algorithms not in our FIPS algorithm list + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256" AS_IF([test "x$ENABLED_AESCCM" != "xyes"], [ENABLED_AESCCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"]) AS_IF([test "x$ENABLED_RSAPSS" != "xyes"], diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index c69c52239..6b979f8a0 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -4042,24 +4042,28 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) ret = NOT_COMPILED_IN; #endif /* WOLFSSL_SHA512 */ break; + #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) + defined(WOLFSSL_SHA512) ret = wc_Sha512_224Copy((wc_Sha512*)&src->hash.digest, (wc_Sha512*)&des->hash.digest); #else ret = NOT_COMPILED_IN; #endif break; + #endif /* !WOLFSSL_NOSHA512_224 */ + #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) + defined(WOLFSSL_SHA512) ret = wc_Sha512_256Copy((wc_Sha512*)&src->hash.digest, (wc_Sha512*)&des->hash.digest); #else ret = NOT_COMPILED_IN; #endif break; + #endif /* !WOLFSSL_NOSHA512_256 */ case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) ret = wc_Sha3_224_Copy((wc_Sha3*)&src->hash.digest, @@ -4098,8 +4102,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) case WC_HASH_TYPE_MD5_SHA: case WC_HASH_TYPE_BLAKE2B: case WC_HASH_TYPE_BLAKE2S: + #ifndef WOLFSSL_NO_SHAKE256 case WC_HASH_TYPE_SHAKE128: case WC_HASH_TYPE_SHAKE256: + #endif default: ret = BAD_FUNC_ARG; break; @@ -4574,18 +4580,22 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) wc_Sha512Free((wc_Sha512*)&ctx->hash.digest); #endif /* WOLFSSL_SHA512 */ break; + #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) + defined(WOLFSSL_SHA512) wc_Sha512_224Free((wc_Sha512*)&ctx->hash.digest); #endif break; + #endif /* !WOLFSSL_NOSHA512_224 */ + #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) + defined(WOLFSSL_SHA512) wc_Sha512_256Free((wc_Sha512*)&ctx->hash.digest); #endif break; + #endif /* !WOLFSSL_NOSHA512_256 */ case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) wc_Sha3_224_Free((wc_Sha3*)&ctx->hash.digest); @@ -4615,8 +4625,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) case WC_HASH_TYPE_MD5_SHA: case WC_HASH_TYPE_BLAKE2B: case WC_HASH_TYPE_BLAKE2S: + #ifndef WOLFSSL_NO_SHAKE256 case WC_HASH_TYPE_SHAKE128: case WC_HASH_TYPE_SHAKE256: + #endif default: ret = WOLFSSL_FAILURE; break; @@ -6341,21 +6353,25 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* WOLFSSL_SHA512 */ break; + #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) + defined(WOLFSSL_SHA512) ret = wolfSSL_SHA512_224_Update((SHA512_CTX*)&ctx->hash, data, (unsigned long)sz); #endif break; + #endif /* !WOLFSSL_NOSHA512_224 */ + #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) + defined(WOLFSSL_SHA512) ret = wolfSSL_SHA512_256_Update((SHA512_CTX*)&ctx->hash, data, (unsigned long)sz); - #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256*/ + #endif /* WOLFSSL_SHA512 */ break; + #endif /* !WOLFSSL_NOSHA512_256 */ case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) @@ -6386,8 +6402,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) case WC_HASH_TYPE_MD5_SHA: case WC_HASH_TYPE_BLAKE2B: case WC_HASH_TYPE_BLAKE2S: + #ifndef WOLFSSL_NO_SHAKE256 case WC_HASH_TYPE_SHAKE128: case WC_HASH_TYPE_SHAKE256: + #endif default: return WOLFSSL_FAILURE; } @@ -6448,20 +6466,24 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) if (s) *s = WC_SHA512_DIGEST_SIZE; #endif /* WOLFSSL_SHA512 */ break; + #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) + defined(WOLFSSL_SHA512) ret = wolfSSL_SHA512_224_Final(md, (SHA512_CTX*)&ctx->hash); if (s) *s = WC_SHA512_224_DIGEST_SIZE; #endif break; + #endif /* !WOLFSSL_NOSHA512_224 */ + #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) + defined(WOLFSSL_SHA512) ret = wolfSSL_SHA512_256_Final(md, (SHA512_CTX*)&ctx->hash); if (s) *s = WC_SHA512_256_DIGEST_SIZE; #endif break; + #endif /* !WOLFSSL_NOSHA512_256 */ case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) ret = wolfSSL_SHA3_224_Final(md, (SHA3_224_CTX*)&ctx->hash); @@ -6491,8 +6513,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) case WC_HASH_TYPE_MD5_SHA: case WC_HASH_TYPE_BLAKE2B: case WC_HASH_TYPE_BLAKE2S: + #ifndef WOLFSSL_NO_SHAKE256 case WC_HASH_TYPE_SHAKE128: case WC_HASH_TYPE_SHAKE256: + #endif default: return WOLFSSL_FAILURE; } diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index 5d711e848..30b382e60 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -178,17 +178,20 @@ int wc_HashGetOID(enum wc_HashType hash_type) oid = SHA512h; #endif break; + #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) oid = SHA512_224h; #endif break; + #endif + #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) oid = SHA512_256h; #endif break; - + #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) oid = SHA3_224h; @@ -209,6 +212,7 @@ int wc_HashGetOID(enum wc_HashType hash_type) oid = SHA3_512h; #endif break; + #ifndef WOLFSSL_NO_SHAKE256 case WC_HASH_TYPE_SHAKE128: #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) oid = SHAKE128h; @@ -219,6 +223,7 @@ int wc_HashGetOID(enum wc_HashType hash_type) oid = SHAKE256h; #endif break; + #endif /* Not Supported */ case WC_HASH_TYPE_MD4: @@ -341,20 +346,24 @@ int wc_HashGetDigestSize(enum wc_HashType hash_type) dig_size = WC_SHA512_DIGEST_SIZE; #endif break; + #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) dig_size = WC_SHA512_224_DIGEST_SIZE; #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; + #endif + #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) dig_size = WC_SHA512_256_DIGEST_SIZE; #endif -#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ +#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; + #endif case WC_HASH_TYPE_MD5_SHA: /* Old TLS Specific */ #if !defined(NO_MD5) && !defined(NO_SHA) dig_size = (int)WC_MD5_DIGEST_SIZE + (int)WC_SHA_DIGEST_SIZE; @@ -389,8 +398,10 @@ int wc_HashGetDigestSize(enum wc_HashType hash_type) break; /* Not Supported */ + #ifndef WOLFSSL_NO_SHAKE256 case WC_HASH_TYPE_SHAKE128: case WC_HASH_TYPE_SHAKE256: + #endif case WC_HASH_TYPE_NONE: default: dig_size = BAD_FUNC_ARG; @@ -446,20 +457,24 @@ int wc_HashGetBlockSize(enum wc_HashType hash_type) block_size = WC_SHA512_BLOCK_SIZE; #endif break; + #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) block_size = WC_SHA512_224_BLOCK_SIZE; #endif -#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ +#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; + #endif + #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) block_size = WC_SHA512_256_BLOCK_SIZE; #endif -#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ +#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; + #endif case WC_HASH_TYPE_MD5_SHA: /* Old TLS Specific */ #if !defined(NO_MD5) && !defined(NO_SHA) block_size = (int)WC_MD5_BLOCK_SIZE + (int)WC_SHA_BLOCK_SIZE; @@ -494,8 +509,10 @@ int wc_HashGetBlockSize(enum wc_HashType hash_type) break; /* Not Supported */ + #ifndef WOLFSSL_NO_SHAKE256 case WC_HASH_TYPE_SHAKE128: case WC_HASH_TYPE_SHAKE256: + #endif case WC_HASH_TYPE_NONE: default: block_size = BAD_FUNC_ARG; @@ -555,20 +572,24 @@ int wc_Hash(enum wc_HashType hash_type, const byte* data, ret = wc_Sha512Hash(data, data_len, hash); #endif break; + #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) ret = wc_Sha512_224Hash(data, data_len, hash); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; + #endif + #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) ret = wc_Sha512_256Hash(data, data_len, hash); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; + #endif case WC_HASH_TYPE_MD5_SHA: #if !defined(NO_MD5) && !defined(NO_SHA) ret = wc_Md5Hash(data, data_len, hash); @@ -604,8 +625,10 @@ int wc_Hash(enum wc_HashType hash_type, const byte* data, case WC_HASH_TYPE_MD4: case WC_HASH_TYPE_BLAKE2B: case WC_HASH_TYPE_BLAKE2S: + #ifndef WOLFSSL_NO_SHAKE256 case WC_HASH_TYPE_SHAKE128: case WC_HASH_TYPE_SHAKE256: + #endif case WC_HASH_TYPE_NONE: default: ret = BAD_FUNC_ARG; @@ -653,21 +676,24 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, ret = wc_InitSha512_ex(&hash->sha512, heap, devId); #endif break; + #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) ret = wc_InitSha512_224_ex(&hash->sha512, heap, devId); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; + #endif + #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) ret = wc_InitSha512_256_ex(&hash->sha512, heap, devId); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; - + #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) ret = wc_InitSha3_224(&hash->sha3, heap, devId); @@ -695,8 +721,10 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, case WC_HASH_TYPE_MD4: case WC_HASH_TYPE_BLAKE2B: case WC_HASH_TYPE_BLAKE2S: + #ifndef WOLFSSL_NO_SHAKE256 case WC_HASH_TYPE_SHAKE128: case WC_HASH_TYPE_SHAKE256: + #endif case WC_HASH_TYPE_NONE: default: ret = BAD_FUNC_ARG; @@ -752,21 +780,24 @@ int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data, ret = wc_Sha512Update(&hash->sha512, data, dataSz); #endif break; + #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) ret = wc_Sha512_224Update(&hash->sha512, data, dataSz); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; + #endif + #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) ret = wc_Sha512_256Update(&hash->sha512, data, dataSz); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; - + #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) ret = wc_Sha3_224_Update(&hash->sha3, data, dataSz); @@ -794,8 +825,10 @@ int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data, case WC_HASH_TYPE_MD4: case WC_HASH_TYPE_BLAKE2B: case WC_HASH_TYPE_BLAKE2S: + #ifndef WOLFSSL_NO_SHAKE256 case WC_HASH_TYPE_SHAKE128: case WC_HASH_TYPE_SHAKE256: + #endif case WC_HASH_TYPE_NONE: default: ret = BAD_FUNC_ARG; @@ -842,21 +875,24 @@ int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out) ret = wc_Sha512Final(&hash->sha512, out); #endif break; + #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) ret = wc_Sha512_224Final(&hash->sha512, out); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; + #endif + #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) ret = wc_Sha512_256Final(&hash->sha512, out); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; - + #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) ret = wc_Sha3_224_Final(&hash->sha3, out); @@ -884,8 +920,10 @@ int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out) case WC_HASH_TYPE_MD4: case WC_HASH_TYPE_BLAKE2B: case WC_HASH_TYPE_BLAKE2S: + #ifndef WOLFSSL_NO_SHAKE256 case WC_HASH_TYPE_SHAKE128: case WC_HASH_TYPE_SHAKE256: + #endif case WC_HASH_TYPE_NONE: default: ret = BAD_FUNC_ARG; @@ -938,14 +976,17 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) ret = 0; #endif break; + #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) wc_Sha512_224Free(&hash->sha512); ret = 0; #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; + #endif + #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) @@ -954,7 +995,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; - + #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) wc_Sha3_224_Free(&hash->sha3); @@ -986,8 +1027,10 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) case WC_HASH_TYPE_MD4: case WC_HASH_TYPE_BLAKE2B: case WC_HASH_TYPE_BLAKE2S: + #ifndef WOLFSSL_NO_SHAKE256 case WC_HASH_TYPE_SHAKE128: case WC_HASH_TYPE_SHAKE256: + #endif case WC_HASH_TYPE_NONE: default: ret = BAD_FUNC_ARG; @@ -1031,8 +1074,12 @@ int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags) #endif break; case WC_HASH_TYPE_SHA512: + #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: + #endif + #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: + #endif #ifdef WOLFSSL_SHA512 ret = wc_Sha512SetFlags(&hash->sha512, flags); #endif @@ -1054,8 +1101,10 @@ int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags) case WC_HASH_TYPE_BLAKE2B: case WC_HASH_TYPE_BLAKE2S: case WC_HASH_TYPE_NONE: + #ifndef WOLFSSL_NO_SHAKE256 case WC_HASH_TYPE_SHAKE128: case WC_HASH_TYPE_SHAKE256: + #endif default: ret = BAD_FUNC_ARG; }; @@ -1096,8 +1145,12 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags) #endif break; case WC_HASH_TYPE_SHA512: + #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: + #endif + #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: + #endif #ifdef WOLFSSL_SHA512 ret = wc_Sha512GetFlags(&hash->sha512, flags); #endif @@ -1118,8 +1171,10 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags) case WC_HASH_TYPE_MD4: case WC_HASH_TYPE_BLAKE2B: case WC_HASH_TYPE_BLAKE2S: + #ifndef WOLFSSL_NO_SHAKE256 case WC_HASH_TYPE_SHAKE128: case WC_HASH_TYPE_SHAKE256: + #endif case WC_HASH_TYPE_NONE: default: ret = BAD_FUNC_ARG; diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 0b61aab9e..263bc2cdf 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -1838,16 +1838,22 @@ int wc_hash2mgf(enum wc_HashType hType) case WC_HASH_TYPE_MD4: case WC_HASH_TYPE_MD5: case WC_HASH_TYPE_MD5_SHA: - case WC_HASH_TYPE_SHA512_224: - case WC_HASH_TYPE_SHA512_256: + #ifndef WOLFSSL_NOSHA512_224 + case WC_HASH_TYPE_SHA512_224: + #endif + #ifndef WOLFSSL_NOSHA512_256 + case WC_HASH_TYPE_SHA512_256: + #endif case WC_HASH_TYPE_SHA3_224: case WC_HASH_TYPE_SHA3_256: case WC_HASH_TYPE_SHA3_384: case WC_HASH_TYPE_SHA3_512: case WC_HASH_TYPE_BLAKE2B: case WC_HASH_TYPE_BLAKE2S: - case WC_HASH_TYPE_SHAKE128: - case WC_HASH_TYPE_SHAKE256: + #ifndef WOLFSSL_NO_SHAKE256 + case WC_HASH_TYPE_SHAKE128: + case WC_HASH_TYPE_SHAKE256: + #endif default: break; } diff --git a/wolfssl/wolfcrypt/hmac.h b/wolfssl/wolfcrypt/hmac.h index a248c1fe0..b9d05158b 100644 --- a/wolfssl/wolfcrypt/hmac.h +++ b/wolfssl/wolfcrypt/hmac.h @@ -80,8 +80,12 @@ enum { #endif #ifndef WOLFSSL_SHA512 WC_SHA512 = WC_HASH_TYPE_SHA512, + #ifndef WOLFSSL_NOSHA512_224 WC_SHA512_224 = WC_HASH_TYPE_SHA512_224, + #endif + #ifndef WOLFSSL_NOSHA512_256 WC_SHA512_256 = WC_HASH_TYPE_SHA512_256, + #endif #endif #ifndef WOLFSSL_SHA384 WC_SHA384 = WC_HASH_TYPE_SHA384, diff --git a/wolfssl/wolfcrypt/sha3.h b/wolfssl/wolfcrypt/sha3.h index 2ae5edbef..ea1b767a7 100644 --- a/wolfssl/wolfcrypt/sha3.h +++ b/wolfssl/wolfcrypt/sha3.h @@ -58,8 +58,11 @@ enum { WC_SHA3_512_DIGEST_SIZE = 64, WC_SHA3_512_COUNT = 9, - WC_SHAKE128 = WC_HASH_TYPE_SHAKE128, - WC_SHAKE256 = WC_HASH_TYPE_SHAKE256, + #ifndef WOLFSSL_NO_SHAKE256 + WC_SHAKE128 = WC_HASH_TYPE_SHAKE128, + WC_SHAKE256 = WC_HASH_TYPE_SHAKE256, + #endif + #if !defined(HAVE_SELFTEST) || \ defined(HAVE_SELFTEST_VERSION) && (HAVE_SELFTEST_VERSION >= 2) /* These values are used for HMAC, not SHA-3 directly. @@ -81,8 +84,10 @@ enum { #define SHA3_512 WC_SHA3_512 #define SHA3_512_DIGEST_SIZE WC_SHA3_512_DIGEST_SIZE #define Sha3 wc_Sha3 - #define SHAKE128 WC_SHAKE128 - #define SHAKE256 WC_SHAKE256 + #ifndef WOLFSSL_NO_SHAKE256 + #define SHAKE128 WC_SHAKE128 + #define SHAKE256 WC_SHAKE256 + #endif #endif @@ -119,7 +124,9 @@ struct wc_Sha3 { #endif +#ifndef WOLFSSL_NO_SHAKE256 typedef wc_Sha3 wc_Shake; +#endif WOLFSSL_API int wc_InitSha3_224(wc_Sha3*, void*, int); @@ -150,11 +157,13 @@ WOLFSSL_API void wc_Sha3_512_Free(wc_Sha3*); WOLFSSL_API int wc_Sha3_512_GetHash(wc_Sha3*, byte*); WOLFSSL_API int wc_Sha3_512_Copy(wc_Sha3* src, wc_Sha3* dst); +#ifndef WOLFSSL_NO_SHAKE256 WOLFSSL_API int wc_InitShake256(wc_Shake*, void*, int); WOLFSSL_API int wc_Shake256_Update(wc_Shake*, const byte*, word32); WOLFSSL_API int wc_Shake256_Final(wc_Shake*, byte*, word32); WOLFSSL_API void wc_Shake256_Free(wc_Shake*); WOLFSSL_API int wc_Shake256_Copy(wc_Shake* src, wc_Sha3* dst); +#endif #ifdef WOLFSSL_HASH_FLAGS WOLFSSL_API int wc_Sha3_SetFlags(wc_Sha3* sha3, word32 flags); diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index 9021a0fe3..c5f55e179 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -118,8 +118,12 @@ enum { #ifdef WOLFSSL_SHA512 WC_SHA512 = WC_HASH_TYPE_SHA512, + #ifndef WOLFSSL_NOSHA512_224 WC_SHA512_224 = WC_HASH_TYPE_SHA512_224, + #endif + #ifndef WOLFSSL_NOSHA512_256 WC_SHA512_256 = WC_HASH_TYPE_SHA512_256, + #endif #endif WC_SHA512_BLOCK_SIZE = 128, WC_SHA512_DIGEST_SIZE = 64, diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index b1eba35c5..0e64391de 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -917,12 +917,25 @@ decouple library dependencies with standard string, memory and so on. WC_HASH_TYPE_SHA3_512 = 13, WC_HASH_TYPE_BLAKE2B = 14, WC_HASH_TYPE_BLAKE2S = 15, - WC_HASH_TYPE_SHA512_224 = 16, - WC_HASH_TYPE_SHA512_256 = 17, - WC_HASH_TYPE_SHAKE128 = 18, - WC_HASH_TYPE_SHAKE256 = 19, - - WC_HASH_TYPE_MAX = WC_HASH_TYPE_SHAKE256 +#define _WC_HASH_TYPE_MAX WC_HASH_TYPE_BLAKE2S + #ifndef WOLFSSL_NOSHA512_224 + WC_HASH_TYPE_SHA512_224 = 16, +#undef _WC_HASH_TYPE_MAX +#define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHA512_224 + #endif + #ifndef WOLFSSL_NOSHA512_256 + WC_HASH_TYPE_SHA512_256 = 17, +#undef _WC_HASH_TYPE_MAX +#define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHA512_256 + #endif + #ifndef WOLFSSL_NO_SHAKE256 + WC_HASH_TYPE_SHAKE128 = 18, + WC_HASH_TYPE_SHAKE256 = 19, +#undef _WC_HASH_TYPE_MAX +#define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHAKE256 + #endif + WC_HASH_TYPE_MAX = _WC_HASH_TYPE_MAX +#undef _WC_HASH_TYPE_MAX #endif /* HAVE_SELFTEST */ };