FIPS 140-3 misc fixes including fixes for rebase errors.

2021-08-20 17:51:11 -05:00
parent b615309a7b
commit b673622322
5 changed files with 10 additions and 13 deletions
--- a/configure.ac
+++ b/configure.ac
@ -253,7 +253,7 @@ AS_CASE([$ENABLED_FIPS],
        FIPS_VERSION="v1"
    ],
    [
-        AC_MSG_ERROR([Invalid value for --enable-fips \"$ENABLED_FIPS\" (allowed: ready, rand, v1, v2, v5)])
+        AC_MSG_ERROR([Invalid value for --enable-fips "$ENABLED_FIPS" (allowed: ready, rand, v1, v2, v5)])
    ])

 AS_CASE([$FIPS_VERSION],
--- a/src/ssl.c
+++ b/src/ssl.c
@ -46857,7 +46857,7 @@ int wolfSSL_CRYPTO_set_mem_functions(
        return WOLFSSL_FAILURE;
 }

-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST)
+#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && !defined(NO_DH)
 WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator,
                           void (*callback) (int, int, void *), void *cb_arg)
 {
@ -46924,7 +46924,7 @@ int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH* dh, int prime_len, int generat

    return WOLFSSL_SUCCESS;
 }
-#endif /* WOLFSSL_KEY_GEN && !HAVE_SELFTEST */
+#endif /* WOLFSSL_KEY_GEN && !HAVE_SELFTEST && !NO_DH */

 int wolfSSL_ERR_load_ERR_strings(void)
 {
--- a/src/tls.c
+++ b/src/tls.c
@ -4255,7 +4255,7 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl)
                    break;
            }
            if (params == NULL)
-                 return BAD_FUNC_ARG;
+                return BAD_FUNC_ARG;
            if (params->p_len >= ssl->options.minDhKeySz &&
                                     params->p_len <= ssl->options.maxDhKeySz) {
                 break;
@ -6816,11 +6816,7 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)

    while ((current = list) != NULL) {
        list = current->next;
-        if (current->group >= MIN_FFHDE_GROUP &&
-            current->group <= MAX_FFHDE_GROUP) {
-#ifndef NO_DH
-            wc_FreeDhKey((DhKey*)current->key);
-#endif
+        if ((current->group & NAMED_DH_MASK) == NAMED_DH_MASK) {
        }
        else if (current->group == WOLFSSL_ECC_X25519) {
 #ifdef HAVE_CURVE25519
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@ -9475,6 +9475,7 @@ int wc_AesGcmSetExtIV(Aes* aes, const byte* iv, word32 ivSz)

    if (aes == NULL || iv == NULL || !CheckAesGcmIvSize(ivSz)) {
        ret = BAD_FUNC_ARG;
+    }

    if (ret == 0) {
        XMEMCPY((byte*)aes->reg, iv, ivSz);
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@ -16368,11 +16368,11 @@ static int dh_ffdhe_test(WC_RNG *rng, int name)
        ERROR_OUT(-8050, done);
 #endif

-    pubSz = FFDHE_KEY_SIZE;
-    pubSz2 = FFDHE_KEY_SIZE;
+    pubSz = MAX_DH_KEY_SZ;
+    pubSz2 = MAX_DH_KEY_SZ;
    #ifdef HAVE_PUBLIC_FFDHE
-    privSz = FFDHE_KEY_SIZE;
-    privSz2 = FFDHE_KEY_SIZE;
+    privSz = MAX_DH_PRIV_SZ;
+    privSz2 = MAX_DH_PRIV_SZ;
    #else
    privSz = wc_DhGetNamedKeyMinSize(name);
    privSz2 = privSz;