feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Remove 'HAVE_FIPS_VERSION < 2' blocks

Browse Source
This commit is contained in:
Andras Fekete
2023-08-02 17:08:03 -04:00
parent f5164d325b
commit b31e485dc9
24 changed files with 10 additions and 1273 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/internal.c
View File

@@ -17907,14 +17907,6 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
* IV length minus the authentication tag size. */
c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
ssl->encrypt.additional + AEAD_LEN_OFFSET);
#if !defined(NO_PUBLIC_GCM_SET_IV) && \
((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)))
XMEMCPY(ssl->encrypt.nonce,
ssl->keys.aead_enc_imp_IV, AESGCM_IMP_IV_SZ);
XMEMCPY(ssl->encrypt.nonce + AESGCM_IMP_IV_SZ,
ssl->keys.aead_exp_IV, AESGCM_EXP_IV_SZ);
#endif
#ifdef HAVE_PK_CALLBACKS
ret = NOT_COMPILED_IN;
if (ssl->ctx && ssl->ctx->PerformTlsRecordProcessingCb) {
@@ -18259,11 +18251,6 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input,
ssl->specs.bulk_cipher_algorithm == wolfssl_aria_gcm)
{
/* finalize authentication cipher */
#if !defined(NO_PUBLIC_GCM_SET_IV) && \
((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)))
AeadIncrementExpIV(ssl);
#endif
if (ssl->encrypt.nonce)
ForceZero(ssl->encrypt.nonce, AESGCM_NONCE_SZ);
}
@@ -21726,15 +21713,6 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
if (ret != 0)
goto exit_buildmsg;
}
#if !defined(NO_PUBLIC_GCM_SET_IV) && \
((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) && \
defined(HAVE_AEAD))
if (ssl->specs.cipher_type == aead) {
if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
XMEMCPY(args->iv, ssl->keys.aead_exp_IV, AESGCM_EXP_IV_SZ);
}
#endif
args->size = (word16)(args->sz - args->headerSz); /* include mac and digest */
AddRecordHeader(output, args->size, (byte)type, ssl, epochOrder);

76
src/ssl.c
View File

@@ -213,6 +213,8 @@
#include "src/ssl_certman.c"
#endif
#define _HMAC_Init _InitHmac
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(WOLFCRYPT_ONLY)
/* Convert shortname to NID.
@@ -25461,80 +25463,6 @@ int wolfSSL_HMAC_CTX_copy(WOLFSSL_HMAC_CTX* des, WOLFSSL_HMAC_CTX* src)
return wolfSSL_HmacCopy(&des->hmac, &src->hmac);
}
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
static int _HMAC_Init(Hmac* hmac, int type, void* heap)
{
int ret = 0;
switch (type) {
#ifndef NO_MD5
case WC_MD5:
ret = wc_InitMd5(&hmac->hash.md5);
break;
#endif /* !NO_MD5 */
#ifndef NO_SHA
case WC_SHA:
ret = wc_InitSha(&hmac->hash.sha);
break;
#endif /* !NO_SHA */
#ifdef WOLFSSL_SHA224
case WC_SHA224:
ret = wc_InitSha224(&hmac->hash.sha224);
break;
#endif /* WOLFSSL_SHA224 */
#ifndef NO_SHA256
case WC_SHA256:
ret = wc_InitSha256(&hmac->hash.sha256);
break;
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA384
case WC_SHA384:
ret = wc_InitSha384(&hmac->hash.sha384);
break;
#endif /* WOLFSSL_SHA384 */
#ifdef WOLFSSL_SHA512
case WC_SHA512:
ret = wc_InitSha512(&hmac->hash.sha512);
break;
#endif /* WOLFSSL_SHA512 */
#ifdef WOLFSSL_SHA3
case WC_SHA3_224:
ret = wc_InitSha3_224(&hmac->hash.sha3, heap, INVALID_DEVID);
break;
case WC_SHA3_256:
ret = wc_InitSha3_256(&hmac->hash.sha3, heap, INVALID_DEVID);
break;
case WC_SHA3_384:
ret = wc_InitSha3_384(&hmac->hash.sha3, heap, INVALID_DEVID);
break;
case WC_SHA3_512:
ret = wc_InitSha3_512(&hmac->hash.sha3, heap, INVALID_DEVID);
break;
#endif
default:
ret = BAD_FUNC_ARG;
break;
}
(void)heap;
return ret;
}
#else
#define _HMAC_Init _InitHmac
#endif
int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen,
const EVP_MD* type)
{

14
src/tls13.c
View File

@@ -2572,12 +2572,6 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
#endif
{
#if ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)))
ret = wc_AesGcmEncrypt(ssl->encrypt.aes, output, input,
dataSz, ssl->encrypt.nonce, nonceSz,
output + dataSz, macSz, aad, aadSz);
#else
ret = wc_AesGcmSetExtIV(ssl->encrypt.aes,
ssl->encrypt.nonce, nonceSz);
if (ret == 0) {
@@ -2585,7 +2579,6 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
input, dataSz, ssl->encrypt.nonce, nonceSz,
output + dataSz, macSz, aad, aadSz);
}
#endif
}
break;
#endif
@@ -2613,12 +2606,6 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
if (ret == NOT_COMPILED_IN)
#endif
{
#if ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)))
ret = wc_AesCcmEncrypt(ssl->encrypt.aes, output, input,
dataSz, ssl->encrypt.nonce, nonceSz,
output + dataSz, macSz, aad, aadSz);
#else
ret = wc_AesCcmSetNonce(ssl->encrypt.aes,
ssl->encrypt.nonce, nonceSz);
if (ret == 0) {
@@ -2626,7 +2613,6 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
input, dataSz, ssl->encrypt.nonce, nonceSz,
output + dataSz, macSz, aad, aadSz);
}
#endif
}
break;
#endif

210
wolfcrypt/src/aes.c
View File

@@ -84,215 +84,6 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
#include <wolfssl/wolfcrypt/port/psa/psa.h>
#endif
/* fips wrapper calls, user can call direct */
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
int wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv,
int dir)
{
if (aes == NULL || !( (len == 16) || (len == 24) || (len == 32)) ) {
return BAD_FUNC_ARG;
}
return AesSetKey_fips(aes, key, len, iv, dir);
}
int wc_AesSetIV(Aes* aes, const byte* iv)
{
if (aes == NULL) {
return BAD_FUNC_ARG;
}
return AesSetIV_fips(aes, iv);
}
#ifdef HAVE_AES_CBC
int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
if (aes == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
}
return AesCbcEncrypt_fips(aes, out, in, sz);
}
#ifdef HAVE_AES_DECRYPT
int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
if (aes == NULL || out == NULL || in == NULL
|| sz % AES_BLOCK_SIZE != 0) {
return BAD_FUNC_ARG;
}
return AesCbcDecrypt_fips(aes, out, in, sz);
}
#endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AES_CBC */
/* AES-CTR */
#ifdef WOLFSSL_AES_COUNTER
int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
if (aes == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
}
return AesCtrEncrypt(aes, out, in, sz);
}
#endif
/* AES-DIRECT */
#if defined(WOLFSSL_AES_DIRECT)
void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
{
AesEncryptDirect(aes, out, in);
}
#ifdef HAVE_AES_DECRYPT
void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
{
AesDecryptDirect(aes, out, in);
}
#endif /* HAVE_AES_DECRYPT */
int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
const byte* iv, int dir)
{
return AesSetKeyDirect(aes, key, len, iv, dir);
}
#endif /* WOLFSSL_AES_DIRECT */
/* AES-GCM */
#ifdef HAVE_AESGCM
int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
{
if (aes == NULL || !( (len == 16) || (len == 24) || (len == 32)) ) {
return BAD_FUNC_ARG;
}
return AesGcmSetKey_fips(aes, key, len);
}
int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
const byte* iv, word32 ivSz,
byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz)
{
if (aes == NULL || authTagSz > AES_BLOCK_SIZE ||
authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ ||
ivSz == 0 || ivSz > AES_BLOCK_SIZE) {
return BAD_FUNC_ARG;
}
return AesGcmEncrypt_fips(aes, out, in, sz, iv, ivSz, authTag,
authTagSz, authIn, authInSz);
}
#ifdef HAVE_AES_DECRYPT
int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
const byte* iv, word32 ivSz,
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz)
{
if (aes == NULL || out == NULL || in == NULL || iv == NULL
|| authTag == NULL || authTagSz > AES_BLOCK_SIZE ||
ivSz == 0 || ivSz > AES_BLOCK_SIZE) {
return BAD_FUNC_ARG;
}
return AesGcmDecrypt_fips(aes, out, in, sz, iv, ivSz, authTag,
authTagSz, authIn, authInSz);
}
#endif /* HAVE_AES_DECRYPT */
int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len)
{
if (gmac == NULL || key == NULL || !((len == 16) ||
(len == 24) || (len == 32)) ) {
return BAD_FUNC_ARG;
}
return GmacSetKey(gmac, key, len);
}
int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
const byte* authIn, word32 authInSz,
byte* authTag, word32 authTagSz)
{
if (gmac == NULL || authTagSz > AES_BLOCK_SIZE ||
authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) {
return BAD_FUNC_ARG;
}
return GmacUpdate(gmac, iv, ivSz, authIn, authInSz,
authTag, authTagSz);
}
#endif /* HAVE_AESGCM */
/* AES-CCM */
#if defined(HAVE_AESCCM) && \
defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
int wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
{
return AesCcmSetKey(aes, key, keySz);
}
int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
const byte* nonce, word32 nonceSz,
byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz)
{
/* sanity check on arguments */
if (aes == NULL || out == NULL || in == NULL || nonce == NULL
|| authTag == NULL || nonceSz < 7 || nonceSz > 13)
return BAD_FUNC_ARG;
AesCcmEncrypt(aes, out, in, inSz, nonce, nonceSz, authTag,
authTagSz, authIn, authInSz);
return 0;
}
#ifdef HAVE_AES_DECRYPT
int wc_AesCcmDecrypt(Aes* aes, byte* out,
const byte* in, word32 inSz,
const byte* nonce, word32 nonceSz,
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz)
{
if (aes == NULL || out == NULL || in == NULL || nonce == NULL
|| authTag == NULL || nonceSz < 7 || nonceSz > 13) {
return BAD_FUNC_ARG;
}
return AesCcmDecrypt(aes, out, in, inSz, nonce, nonceSz,
authTag, authTagSz, authIn, authInSz);
}
#endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AESCCM && HAVE_FIPS_VERSION 2 */
int wc_AesInit(Aes* aes, void* h, int i)
{
if (aes == NULL)
return BAD_FUNC_ARG;
(void)h;
(void)i;
/* FIPS doesn't support */
#ifdef WOLFSSL_KCAPI_AES
return AesInit(aes, h, i);
#else
return 0;
#endif
}
void wc_AesFree(Aes* aes)
{
(void)aes;
/* FIPS doesn't support */
#ifdef WOLFSSL_KCAPI_AES
AesFree(aes);
#endif
}
#else /* else build without fips, or for FIPS v2+ */
#if defined(WOLFSSL_TI_CRYPT)
#include <wolfcrypt/src/port/ti/ti-aes.c>
#else
@@ -11590,5 +11381,4 @@ int wc_AesSivDecrypt(const byte* key, word32 keySz, const byte* assoc,
#endif /* WOLFSSL_AES_SIV */
#endif /* HAVE_FIPS */
#endif /* !NO_AES */

80
wolfcrypt/src/des3.c
View File

@@ -49,85 +49,6 @@
#include <wolfssl/wolfcrypt/cryptocb.h>
#endif
/* fips wrapper calls, user can call direct */
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
int wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
{
return Des_SetKey(des, key, iv, dir);
}
int wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
{
if (des == NULL || key == NULL || dir < 0) {
return BAD_FUNC_ARG;
}
return Des3_SetKey_fips(des, key, iv, dir);
}
int wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
{
return Des_CbcEncrypt(des, out, in, sz);
}
int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
{
return Des_CbcDecrypt(des, out, in, sz);
}
int wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
{
if (des == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
}
return Des3_CbcEncrypt_fips(des, out, in, sz);
}
int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
{
if (des == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
}
return Des3_CbcDecrypt_fips(des, out, in, sz);
}
#ifdef WOLFSSL_DES_ECB
/* One block, compatibility only */
int wc_Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
{
return Des_EcbEncrypt(des, out, in, sz);
}
int wc_Des3_EcbEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
{
return Des3_EcbEncrypt(des, out, in, sz);
}
#endif /* WOLFSSL_DES_ECB */
void wc_Des_SetIV(Des* des, const byte* iv)
{
Des_SetIV(des, iv);
}
int wc_Des3_SetIV(Des3* des, const byte* iv)
{
return Des3_SetIV_fips(des, iv);
}
int wc_Des3Init(Des3* des3, void* heap, int devId)
{
(void)des3;
(void)heap;
(void)devId;
/* FIPS doesn't support:
return Des3Init(des3, heap, devId); */
return 0;
}
void wc_Des3Free(Des3* des3)
{
(void)des3;
/* FIPS doesn't support:
Des3Free(des3); */
}
#else /* else build without fips, or for FIPS v2 */
#if defined(WOLFSSL_TI_CRYPT)
#include <wolfcrypt/src/port/ti/ti-des3.c>
#else
@@ -1889,5 +1810,4 @@ void wc_Des3Free(Des3* des3)
}
#endif /* WOLFSSL_TI_CRYPT */
#endif /* HAVE_FIPS */
#endif /* NO_DES3 */

72
wolfcrypt/src/hmac.c
View File

@@ -65,77 +65,6 @@
#endif
/* fips wrapper calls, user can call direct */
/* If building for old FIPS. */
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
/* does init */
int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 keySz)
{
if (hmac == NULL || (key == NULL && keySz != 0) ||
!(type == WC_MD5 || type == WC_SHA || type == WC_SHA256 ||
type == WC_SHA384 || type == WC_SHA512)) {
return BAD_FUNC_ARG;
}
return HmacSetKey_fips(hmac, type, key, keySz);
}
int wc_HmacUpdate(Hmac* hmac, const byte* in, word32 sz)
{
if (hmac == NULL || (in == NULL && sz > 0)) {
return BAD_FUNC_ARG;
}
return HmacUpdate_fips(hmac, in, sz);
}
int wc_HmacFinal(Hmac* hmac, byte* out)
{
if (hmac == NULL) {
return BAD_FUNC_ARG;
}
return HmacFinal_fips(hmac, out);
}
int wolfSSL_GetHmacMaxSize(void)
{
return WC_MAX_DIGEST_SIZE;
}
int wc_HmacInit(Hmac* hmac, void* heap, int devId)
{
#ifndef WOLFSSL_KCAPI_HMAC
(void)hmac;
(void)heap;
(void)devId;
return 0;
#else
return HmacInit(hmac, heap, devId);
#endif
}
void wc_HmacFree(Hmac* hmac)
{
#ifndef WOLFSSL_KCAPI_HMAC
(void)hmac;
#else
HmacFree(hmac);
#endif
}
#ifdef HAVE_HKDF
int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
const byte* salt, word32 saltSz,
const byte* info, word32 infoSz,
byte* out, word32 outSz)
{
return HKDF(type, inKey, inKeySz, salt, saltSz,
info, infoSz, out, outSz);
}
#endif /* HAVE_HKDF */
#else /* else build without fips, or for new fips */
int wc_HmacSizeByType(int type)
{
int ret;
@@ -1440,5 +1369,4 @@ int wolfSSL_GetHmacMaxSize(void)
#endif /* HAVE_HKDF */
#endif /* HAVE_FIPS */
#endif /* NO_HMAC */

63
wolfcrypt/src/port/kcapi/kcapi_dh.c
View File

@@ -47,68 +47,6 @@ void KcapiDh_Free(DhKey* key)
static int KcapiDh_SetParams(DhKey* key)
{
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
int ret = 0;
unsigned char* pkcs3 = NULL;
word32 len = 0, idx = 0, len2;
len = MAX_SEQ_SZ; /* Sequence */
len += ASN_TAG_SZ + MAX_LENGTH_SZ; /* Integer */
len += mp_leading_bit(&key->p) ? 1 : 0;
len += mp_unsigned_bin_size(&key->p);
len += ASN_TAG_SZ + MAX_LENGTH_SZ; /* Integer */
len += mp_leading_bit(&key->g) ? 1 : 0;
len += mp_unsigned_bin_size(&key->g);
pkcs3 = (unsigned char*)XMALLOC(len, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (pkcs3 == NULL) {
ret = MEMORY_E;
}
if (ret == 0) {
idx = len;
len2 = mp_unsigned_bin_size(&key->g);
idx -= len2;
ret = mp_to_unsigned_bin(&key->g, pkcs3 + idx);
}
if (ret >= 0) {
if (mp_leading_bit(&key->g)) {
pkcs3[--idx] = 0x00;
len2++;
}
idx -= SetLength(len2, NULL);
SetLength(len2, pkcs3 + idx);
pkcs3[--idx] = ASN_INTEGER;
len2 = mp_unsigned_bin_size(&key->p);
idx -= len2;
ret = mp_to_unsigned_bin(&key->p, pkcs3 + idx);
}
if (ret >= 0) {
if (mp_leading_bit(&key->p)) {
pkcs3[--idx] = 0x00;
len2++;
}
idx -= SetLength(len2, NULL);
SetLength(len2, pkcs3 + idx);
pkcs3[--idx] = ASN_INTEGER;
len2 = len - idx;
idx -= SetSequence(len2, NULL);
SetSequence(len2, pkcs3 + idx);
ret = kcapi_kpp_dh_setparam_pkcs3(key->handle, pkcs3 + idx, len - idx);
if (ret != 0) {
WOLFSSL_MSG("KcapiDh_SetParams: Failed to set");
}
}
if (pkcs3 != NULL) {
XFREE(pkcs3, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
return ret;
#else
int ret;
unsigned char* pkcs3 = NULL;
word32 len;
@@ -136,7 +74,6 @@ static int KcapiDh_SetParams(DhKey* key)
XFREE(pkcs3, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
return ret;
#endif
}
int KcapiDh_MakeKey(DhKey* key, byte* pub, word32* pubSz)

95
wolfcrypt/src/port/kcapi/kcapi_hash.c
View File

@@ -318,36 +318,6 @@ int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst)
static const char WC_NAME_SHA256[] = "sha256";
/* create KCAPI handle for SHA256 operation */
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
int InitSha256(wc_Sha256* sha)
{
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return KcapiHashInit(&sha->kcapi, NULL, INVALID_DEVID, WC_NAME_SHA256);
}
int Sha256Update(wc_Sha256* sha, const byte* in, word32 sz)
{
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return KcapiHashUpdate(&sha->kcapi, in, sz);
}
int Sha256Final(wc_Sha256* sha, byte* hash)
{
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return KcapiHashFinal(&sha->kcapi, hash, WC_SHA256_DIGEST_SIZE,
WC_NAME_SHA256);
}
#else
int wc_InitSha256_ex(wc_Sha256* sha, void* heap, int devid)
{
if (sha == NULL) {
@@ -374,8 +344,6 @@ int wc_Sha256Final(wc_Sha256* sha, byte* hash)
return KcapiHashFinal(&sha->kcapi, hash, WC_SHA256_DIGEST_SIZE,
WC_NAME_SHA256);
}
#endif
int wc_Sha256GetHash(wc_Sha256* sha, byte* hash)
{
@@ -400,37 +368,6 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
static const char WC_NAME_SHA384[] = "sha384";
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
/* create KCAPI handle for SHA384 operation */
int InitSha384(wc_Sha384* sha)
{
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return KcapiHashInit(&sha->kcapi, NULL, INVALID_DEVID, WC_NAME_SHA384);
}
int Sha384Update(wc_Sha384* sha, const byte* in, word32 sz)
{
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return KcapiHashUpdate(&sha->kcapi, in, sz);
}
int Sha384Final(wc_Sha384* sha, byte* hash)
{
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return KcapiHashFinal(&sha->kcapi, hash, WC_SHA384_DIGEST_SIZE,
WC_NAME_SHA384);
}
#else
/* create KCAPI handle for SHA384 operation */
int wc_InitSha384_ex(wc_Sha384* sha, void* heap, int devid)
{
@@ -458,7 +395,6 @@ int wc_Sha384Final(wc_Sha384* sha, byte* hash)
return KcapiHashFinal(&sha->kcapi, hash, WC_SHA384_DIGEST_SIZE,
WC_NAME_SHA384);
}
#endif
int wc_Sha384GetHash(wc_Sha384* sha, byte* hash)
{
@@ -483,36 +419,6 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
static const char WC_NAME_SHA512[] = "sha512";
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
/* create KCAPI handle for SHA512 operation */
int InitSha512(wc_Sha512* sha)
{
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return KcapiHashInit(&sha->kcapi, NULL, INVALID_DEVID, WC_NAME_SHA512);
}
int Sha512Update(wc_Sha512* sha, const byte* in, word32 sz)
{
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return KcapiHashUpdate(&sha->kcapi, in, sz);
}
int Sha512Final(wc_Sha512* sha, byte* hash)
{
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return KcapiHashFinal(&sha->kcapi, hash, WC_SHA512_DIGEST_SIZE,
WC_NAME_SHA512);
}
#else
/* create KCAPI handle for SHA512 operation */
int wc_InitSha512_ex(wc_Sha512* sha, void* heap, int devid)
{
@@ -540,7 +446,6 @@ int wc_Sha512Final(wc_Sha512* sha, byte* hash)
return KcapiHashFinal(&sha->kcapi, hash, WC_SHA512_DIGEST_SIZE,
WC_NAME_SHA512);
}
#endif
int wc_Sha512GetHash(wc_Sha512* sha, byte* hash)
{

25
wolfcrypt/src/port/kcapi/kcapi_hmac.c
View File

@@ -52,12 +52,7 @@ static const char WC_NAME_HMAC_SHA384[] = "hmac(sha384)";
static const char WC_NAME_HMAC_SHA512[] = "hmac(sha512)";
#endif
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
int HmacInit(Hmac* hmac, void* heap, int devId)
#else
int wc_HmacInit(Hmac* hmac, void* heap, int devId)
#endif
{
int ret = 0;
@@ -76,12 +71,7 @@ int wc_HmacInit(Hmac* hmac, void* heap, int devId)
return ret;
}
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
void HmacFree(Hmac* hmac)
#else
void wc_HmacFree(Hmac* hmac)
#endif
{
if (hmac != NULL) {
if (hmac->handle != NULL) {
@@ -91,12 +81,7 @@ void wc_HmacFree(Hmac* hmac)
}
}
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
#else
int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
#endif
{
int ret = 0;
const char* ciphername = NULL;
@@ -197,12 +182,7 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
return ret;
}
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
int HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
#else
int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
#endif
{
int ret = 0;
@@ -244,12 +224,7 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
return ret;
}
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
int HmacFinal(Hmac* hmac, byte* hash)
#else
int wc_HmacFinal(Hmac* hmac, byte* hash)
#endif
{
int ret = 0;
int len = 0;

158
wolfcrypt/src/port/kcapi/kcapi_rsa.c
View File

@@ -45,164 +45,6 @@ void KcapiRsa_Free(RsaKey* key)
}
}
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
/* Set the DER/BER encoding of the ASN.1 INTEGER header.
*
* len Length of data to encode.
* firstByte First byte of data, most significant byte of integer, to encode.
* output Buffer to write into.
* returns the number of bytes added to the buffer.
*/
static int SetASNInt(int len, byte firstByte, byte* output)
{
word32 idx = 0;
if (output)
output[idx] = ASN_INTEGER;
idx++;
if (firstByte & 0x80)
len++;
idx += SetLength(len, output ? output + idx : NULL);
if (firstByte & 0x80) {
if (output)
output[idx] = 0x00;
idx++;
}
return idx;
}
static int SetASNIntMP(mp_int* n, int maxSz, byte* output)
{
int idx = 0;
int leadingBit;
int length;
int err;
leadingBit = mp_leading_bit(n);
length = mp_unsigned_bin_size(n);
idx = SetASNInt(length, leadingBit ? 0x80 : 0x00, output);
if (maxSz >= 0 && (idx + length) > maxSz)
return BUFFER_E;
if (output) {
err = mp_to_unsigned_bin(n, output + idx);
if (err != MP_OKAY)
return MP_TO_E;
}
idx += length;
return idx;
}
static mp_int* GetRsaInt(RsaKey* key, int idx)
{
if (idx == 0)
return &key->n;
if (idx == 1)
return &key->e;
if (idx == 2)
return &key->d;
if (idx == 3)
return &key->p;
if (idx == 4)
return &key->q;
if (idx == 5)
return &key->dP;
if (idx == 6)
return &key->dQ;
if (idx == 7)
return &key->u;
return NULL;
}
/* Release Tmp RSA resources */
static WC_INLINE void FreeTmpRsas(byte** tmps, void* heap)
{
int i;
(void)heap;
for (i = 0; i < RSA_INTS; i++)
XFREE(tmps[i], heap, DYNAMIC_TYPE_RSA);
}
/* Convert RsaKey key to DER format, write to output (inLen), return bytes
written */
static int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
{
word32 seqSz, verSz, rawLen, intTotalLen = 0;
word32 sizes[RSA_INTS];
int i, j, outLen, ret = 0;
byte seq[MAX_SEQ_SZ];
byte ver[MAX_VERSION_SZ];
byte* tmps[RSA_INTS];
if (!key || !output)
return BAD_FUNC_ARG;
if (key->type != RSA_PRIVATE)
return BAD_FUNC_ARG;
for (i = 0; i < RSA_INTS; i++)
tmps[i] = NULL;
/* write all big ints from key to DER tmps */
for (i = 0; i < RSA_INTS; i++) {
int mpSz;
mp_int* keyInt = GetRsaInt(key, i);
rawLen = mp_unsigned_bin_size(keyInt) + 1;
tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap,
DYNAMIC_TYPE_RSA);
if (tmps[i] == NULL) {
ret = MEMORY_E;
break;
}
mpSz = SetASNIntMP(keyInt, MAX_RSA_INT_SZ, tmps[i]);
if (mpSz < 0) {
ret = mpSz;
break;
}
intTotalLen += (sizes[i] = mpSz);
}
if (ret != 0) {
FreeTmpRsas(tmps, key->heap);
return ret;
}
/* make headers */
verSz = SetMyVersion(0, ver, FALSE);
seqSz = SetSequence(verSz + intTotalLen, seq);
outLen = seqSz + verSz + intTotalLen;
if (outLen > (int)inLen) {
FreeTmpRsas(tmps, key->heap);
return BAD_FUNC_ARG;
}
/* write to output */
XMEMCPY(output, seq, seqSz);
j = seqSz;
XMEMCPY(output + j, ver, verSz);
j += verSz;
for (i = 0; i < RSA_INTS; i++) {
XMEMCPY(output + j, tmps[i], sizes[i]);
j += sizes[i];
}
FreeTmpRsas(tmps, key->heap);
return outLen;
}
#endif
#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
static int KcapiRsa_SetPrivKey(RsaKey* key)
{

53
wolfcrypt/src/random.c
View File

@@ -63,58 +63,6 @@ This library contains implementation for the random number generator.
#endif
/* If building for old FIPS. */
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz)
{
return GenerateSeed(os, seed, sz);
}
int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId)
{
(void)heap;
(void)devId;
return InitRng_fips(rng);
}
WOLFSSL_ABI
int wc_InitRng(WC_RNG* rng)
{
return InitRng_fips(rng);
}
int wc_RNG_GenerateBlock(WC_RNG* rng, byte* b, word32 sz)
{
return RNG_GenerateBlock_fips(rng, b, sz);
}
int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
{
return RNG_GenerateByte(rng, b);
}
#ifdef HAVE_HASHDRBG
int wc_FreeRng(WC_RNG* rng)
{
return FreeRng_fips(rng);
}
int wc_RNG_HealthTest(int reseed, const byte* seedA, word32 seedASz,
const byte* seedB, word32 seedBSz,
byte* output, word32 outputSz)
{
return RNG_HealthTest_fips(reseed, seedA, seedASz,
seedB, seedBSz, output, outputSz);
}
#endif /* HAVE_HASHDRBG */
#else /* else build without fips, or for new fips */
#ifndef WC_NO_RNG /* if not FIPS and RNG is disabled then do not compile */
#include <wolfssl/wolfcrypt/sha256.h>
@@ -3878,4 +3826,3 @@ int wc_hwrng_generate_block(byte *output, word32 sz)
#endif
#endif /* WC_NO_RNG */
#endif /* HAVE_FIPS */

131
wolfcrypt/src/rsa.c
View File

@@ -88,134 +88,6 @@ RSA Key Size Configuration:
*/
/* If building for old FIPS. */
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
int wc_InitRsaKey(RsaKey* key, void* ptr)
{
if (key == NULL) {
return BAD_FUNC_ARG;
}
return InitRsaKey_fips(key, ptr);
}
int wc_InitRsaKey_ex(RsaKey* key, void* ptr, int devId)
{
(void)devId;
if (key == NULL) {
return BAD_FUNC_ARG;
}
return InitRsaKey_fips(key, ptr);
}
int wc_FreeRsaKey(RsaKey* key)
{
return FreeRsaKey_fips(key);
}
#ifndef WOLFSSL_RSA_VERIFY_ONLY
int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key, WC_RNG* rng)
{
if (in == NULL || out == NULL || key == NULL || rng == NULL) {
return BAD_FUNC_ARG;
}
return RsaPublicEncrypt_fips(in, inLen, out, outLen, key, rng);
}
#endif
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
RsaKey* key)
{
if (in == NULL || out == NULL || key == NULL) {
return BAD_FUNC_ARG;
}
return RsaPrivateDecryptInline_fips(in, inLen, out, key);
}
int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key)
{
if (in == NULL || out == NULL || key == NULL) {
return BAD_FUNC_ARG;
}
return RsaPrivateDecrypt_fips(in, inLen, out, outLen, key);
}
int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key, WC_RNG* rng)
{
if (in == NULL || out == NULL || key == NULL || inLen == 0) {
return BAD_FUNC_ARG;
}
return RsaSSL_Sign_fips(in, inLen, out, outLen, key, rng);
}
#endif
int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
{
if (in == NULL || out == NULL || key == NULL) {
return BAD_FUNC_ARG;
}
return RsaSSL_VerifyInline_fips(in, inLen, out, key);
}
int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key)
{
if (in == NULL || out == NULL || key == NULL || inLen == 0) {
return BAD_FUNC_ARG;
}
return RsaSSL_Verify_fips(in, inLen, out, outLen, key);
}
int wc_RsaEncryptSize(const RsaKey* key)
{
if (key == NULL) {
return BAD_FUNC_ARG;
}
return RsaEncryptSize_fips((RsaKey*)key);
}
#ifndef WOLFSSL_RSA_VERIFY_ONLY
int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
word32* bSz)
{
/* not specified as fips so not needing _fips */
return RsaFlattenPublicKey(key, a, aSz, b, bSz);
}
#endif
#ifdef WOLFSSL_KEY_GEN
int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
{
return MakeRsaKey(key, size, e, rng);
}
#endif
/* these are functions in asn and are routed to wolfssl/wolfcrypt/asn.c
* wc_RsaPrivateKeyDecode
* wc_RsaPublicKeyDecode
*/
#else /* else build without fips, or for new fips */
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/wolfcrypt/logging.h>
#ifdef WOLF_CRYPTO_CB
@@ -4355,9 +4227,6 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n,
}
#endif
#endif /* HAVE_FIPS */
#ifndef WOLFSSL_RSA_VERIFY_ONLY
static int RsaGetValue(mp_int* in, byte* out, word32* outSz)
{

46
wolfcrypt/src/sha.c
View File

@@ -81,51 +81,6 @@
#undef WOLFSSL_USE_ESP32_CRYPT_HASH_HW
#endif
/* fips wrapper calls, user can call direct */
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
int wc_InitSha(wc_Sha* sha)
{
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return InitSha_fips(sha);
}
int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId)
{
(void)heap;
(void)devId;
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return InitSha_fips(sha);
}
int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len)
{
if (sha == NULL || (data == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
return ShaUpdate_fips(sha, data, len);
}
int wc_ShaFinal(wc_Sha* sha, byte* out)
{
if (sha == NULL || out == NULL) {
return BAD_FUNC_ARG;
}
return ShaFinal_fips(sha,out);
}
void wc_ShaFree(wc_Sha* sha)
{
(void)sha;
/* Not supported in FIPS */
}
#else /* else build without fips, or for FIPS v2 */
#if defined(WOLFSSL_TI_HASH)
/* #include <wolfcrypt/src/port/ti/ti-hash.c> included by wc_port.c */
@@ -942,7 +897,6 @@ void wc_ShaFree(wc_Sha* sha)
#endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */
#endif /* !WOLFSSL_TI_HASH */
#endif /* !HAVE_FIPS ... */
#if !defined(WOLFSSL_TI_HASH) && !defined(WOLFSSL_IMXRT_DCP)

50
wolfcrypt/src/sha256.c
View File

@@ -111,55 +111,6 @@ on the specific device platform.
static const char* TAG = "wc_sha256";
#endif
/* fips wrapper calls, user can call direct */
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
int wc_InitSha256(wc_Sha256* sha)
{
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return InitSha256_fips(sha);
}
int wc_InitSha256_ex(wc_Sha256* sha, void* heap, int devId)
{
(void)heap;
(void)devId;
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return InitSha256_fips(sha);
}
int wc_Sha256Update(wc_Sha256* sha, const byte* data, word32 len)
{
if (sha == NULL || (data == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
if (data == NULL && len == 0) {
/* valid, but do nothing */
return 0;
}
return Sha256Update_fips(sha, data, len);
}
int wc_Sha256Final(wc_Sha256* sha, byte* out)
{
if (sha == NULL || out == NULL) {
return BAD_FUNC_ARG;
}
return Sha256Final_fips(sha, out);
}
void wc_Sha256Free(wc_Sha256* sha)
{
(void)sha;
/* Not supported in FIPS */
}
#else /* else build without fips, or for FIPS v2 */
#if defined(WOLFSSL_TI_HASH)
/* #include <wolfcrypt/src/port/ti/ti-hash.c> included by wc_port.c */
#elif defined(WOLFSSL_CRYPTOCELL)
@@ -1883,7 +1834,6 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
#endif /* WOLFSSL_HASH_KEEP */
#endif /* !WOLFSSL_TI_HASH */
#endif /* HAVE_FIPS */
#ifndef WOLFSSL_TI_HASH

88
wolfcrypt/src/sha512.c
View File

@@ -71,92 +71,6 @@
#define USE_SLOW_SHA512
#endif
/* fips wrapper calls, user can call direct */
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
#ifdef WOLFSSL_SHA512
int wc_InitSha512(wc_Sha512* sha)
{
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return InitSha512_fips(sha);
}
int wc_InitSha512_ex(wc_Sha512* sha, void* heap, int devId)
{
(void)heap;
(void)devId;
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return InitSha512_fips(sha);
}
int wc_Sha512Update(wc_Sha512* sha, const byte* data, word32 len)
{
if (sha == NULL || (data == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
return Sha512Update_fips(sha, data, len);
}
int wc_Sha512Final(wc_Sha512* sha, byte* out)
{
if (sha == NULL || out == NULL) {
return BAD_FUNC_ARG;
}
return Sha512Final_fips(sha, out);
}
void wc_Sha512Free(wc_Sha512* sha)
{
(void)sha;
/* Not supported in FIPS */
}
#endif
#if defined(WOLFSSL_SHA384) || defined(HAVE_AESGCM)
int wc_InitSha384(wc_Sha384* sha)
{
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return InitSha384_fips(sha);
}
int wc_InitSha384_ex(wc_Sha384* sha, void* heap, int devId)
{
(void)heap;
(void)devId;
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return InitSha384_fips(sha);
}
int wc_Sha384Update(wc_Sha384* sha, const byte* data, word32 len)
{
if (sha == NULL || (data == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
return Sha384Update_fips(sha, data, len);
}
int wc_Sha384Final(wc_Sha384* sha, byte* out)
{
if (sha == NULL || out == NULL) {
return BAD_FUNC_ARG;
}
return Sha384Final_fips(sha, out);
}
void wc_Sha384Free(wc_Sha384* sha)
{
(void)sha;
/* Not supported in FIPS */
}
#endif /* WOLFSSL_SHA384 || HAVE_AESGCM */
#else /* else build without fips, or for FIPS v2 */
#include <wolfssl/wolfcrypt/logging.h>
#ifdef NO_INLINE
@@ -1564,8 +1478,6 @@ void wc_Sha384Free(wc_Sha384* sha384)
#endif /* WOLFSSL_SHA384 */
#endif /* HAVE_FIPS */
#ifdef WOLFSSL_SHA512
#if defined(WOLFSSL_KCAPI_HASH)

3
wolfcrypt/test/test.c
View File

@@ -15465,9 +15465,6 @@ static wc_test_ret_t rsa_flatten_test(RsaKey* key)
* -101 = USER_CRYPTO_ERROR
*/
if (ret == 0)
#elif defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
if (ret != 0)
#else
if (ret != RSA_BUFFER_E)
#endif

19
wolfssl/internal.h
View File

@@ -1687,21 +1687,16 @@ enum Misc {
SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
TLS_MAX_PAD_SZ = 255, /* Max padding in TLS */
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
MAX_SYM_KEY_SIZE = AES_256_KEY_SIZE,
#else
#if defined(HAVE_NULL_CIPHER) && defined(WOLFSSL_TLS13)
#if defined(WOLFSSL_SHA384) && WC_MAX_SYM_KEY_SIZE < 48
MAX_SYM_KEY_SIZE = WC_SHA384_DIGEST_SIZE,
#elif !defined(NO_SHA256) && WC_MAX_SYM_KEY_SIZE < 32
MAX_SYM_KEY_SIZE = WC_SHA256_DIGEST_SIZE,
#else
MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE,
#endif
#if defined(HAVE_NULL_CIPHER) && defined(WOLFSSL_TLS13)
#if defined(WOLFSSL_SHA384) && WC_MAX_SYM_KEY_SIZE < 48
MAX_SYM_KEY_SIZE = WC_SHA384_DIGEST_SIZE,
#elif !defined(NO_SHA256) && WC_MAX_SYM_KEY_SIZE < 32
MAX_SYM_KEY_SIZE = WC_SHA256_DIGEST_SIZE,
#else
MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE,
#endif
#else
MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE,
#endif
#if defined(HAVE_SELFTEST) && \

8
wolfssl/wolfcrypt/aes.h
View File

@@ -417,13 +417,7 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out,
#endif
/* AES-DIRECT */
#if defined(WOLFSSL_AES_DIRECT)
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
WOLFSSL_API void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in);
WOLFSSL_API void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in);
WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
const byte* iv, int dir);
#elif defined(BUILDING_WOLFSSL)
#if defined(BUILDING_WOLFSSL)
WOLFSSL_API WARN_UNUSED_RESULT int wc_AesEncryptDirect(Aes* aes, byte* out,
const byte* in);
WOLFSSL_API WARN_UNUSED_RESULT int wc_AesDecryptDirect(Aes* aes, byte* out,

6
wolfssl/wolfcrypt/hmac.h
View File

@@ -30,12 +30,6 @@
#ifndef NO_HMAC
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
#define WC_HMAC_BLOCK_SIZE HMAC_BLOCK_SIZE
#endif
#if defined(HAVE_FIPS) && \
defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
#include <wolfssl/wolfcrypt/fips.h>

6
wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h
View File

@@ -27,11 +27,5 @@
#include <wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h>
#include <wolfssl/wolfcrypt/hmac.h>
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
int HmacInit(Hmac* hmac, void* heap, int devId);
void HmacFree(Hmac* hmac);
#endif
#endif /* WOLF_CRYPT_KCAPI_HMAC_H */

10
wolfssl/wolfcrypt/sha.h
View File

@@ -36,16 +36,6 @@
#include <wolfssl/wolfcrypt/fips.h>
#endif /* HAVE_FIPS_VERSION >= 2 */
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
#define wc_Sha Sha
#define WC_SHA SHA
#define WC_SHA_BLOCK_SIZE SHA_BLOCK_SIZE
#define WC_SHA_DIGEST_SIZE SHA_DIGEST_SIZE
#define WC_SHA_PAD_SIZE SHA_PAD_SIZE
#endif
#ifdef FREESCALE_LTC_SHA
#include "fsl_ltc.h"
#endif

17
wolfssl/wolfcrypt/sha256.h
View File

@@ -37,23 +37,6 @@
#include <wolfssl/wolfcrypt/fips.h>
#endif /* HAVE_FIPS_VERSION >= 2 */
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
#define wc_Sha256 Sha256
#define WC_SHA256 SHA256
#define WC_SHA256_BLOCK_SIZE SHA256_BLOCK_SIZE
#define WC_SHA256_DIGEST_SIZE SHA256_DIGEST_SIZE
#define WC_SHA256_PAD_SIZE SHA256_PAD_SIZE
#ifdef WOLFSSL_SHA224
#define wc_Sha224 Sha224
#define WC_SHA224 SHA224
#define WC_SHA224_BLOCK_SIZE SHA224_BLOCK_SIZE
#define WC_SHA224_DIGEST_SIZE SHA224_DIGEST_SIZE
#define WC_SHA224_PAD_SIZE SHA224_PAD_SIZE
#endif
#endif
#ifdef FREESCALE_LTC_SHA
#include "fsl_ltc.h"
#endif

21
wolfssl/wolfcrypt/sha512.h
View File

@@ -37,27 +37,6 @@
#include <wolfssl/wolfcrypt/fips.h>
#endif /* HAVE_FIPS_VERSION >= 2 */
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
#ifdef WOLFSSL_SHA512
#define wc_Sha512 Sha512
#define WC_SHA512 SHA512
#define WC_SHA512_BLOCK_SIZE SHA512_BLOCK_SIZE
#define WC_SHA512_DIGEST_SIZE SHA512_DIGEST_SIZE
#define WC_SHA512_PAD_SIZE SHA512_PAD_SIZE
#define wc_Sha512_224 Sha512_224
#define wc_Sha512_256 Sha512_256
#endif /* WOLFSSL_SHA512 */
#ifdef WOLFSSL_SHA384
#define wc_Sha384 Sha384
#define WC_SHA384 SHA384
#define WC_SHA384_BLOCK_SIZE SHA384_BLOCK_SIZE
#define WC_SHA384_DIGEST_SIZE SHA384_DIGEST_SIZE
#define WC_SHA384_PAD_SIZE SHA384_PAD_SIZE
#endif /* WOLFSSL_SHA384 */
#endif
#ifdef __cplusplus
extern "C" {
#endif

10
wolfssl/wolfcrypt/visibility.h
View File

@@ -25,14 +25,6 @@
#ifndef WOLF_CRYPT_VISIBILITY_H
#define WOLF_CRYPT_VISIBILITY_H
/* for compatibility and so that fips is using same name of macro @wc_fips */
/* The following visibility wrappers are for old FIPS. New FIPS should use
* the same as a non-FIPS build. */
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
#else
/* WOLFSSL_API is used for the public API symbols.
It either imports or exports (or does nothing for static builds)
@@ -73,8 +65,6 @@
#endif
#endif /* BUILDING_WOLFSSL */
#endif /* HAVE_FIPS */
/* WOLFSSL_ABI is used for public API symbols that must not change
* their signature. This tag is used for all APIs that are a
* part of the fixed ABI.