diff --git a/IDE/STM32Cube/default_conf.ftl b/IDE/STM32Cube/default_conf.ftl index f7f21e6be..f206ceb66 100644 --- a/IDE/STM32Cube/default_conf.ftl +++ b/IDE/STM32Cube/default_conf.ftl @@ -484,7 +484,13 @@ extern ${variable.value} ${variable.name}; /* RNG */ /* ------------------------------------------------------------------------- */ #define NO_OLD_RNGNAME /* conflicts with STM RNG macro */ -#define HAVE_HASHDRBG +#if !defined(WOLF_CONF_RNG) || WOLF_CONF_RNG == 1 + /* default is enabled */ + #define HAVE_HASHDRBG +#else /* WOLF_CONF_RNG == 0 */ + #define WC_NO_HASHDRBG + #define WC_NO_RNG +#endif /* ------------------------------------------------------------------------- */ diff --git a/IDE/STM32Cube/wolfSSL_conf.h b/IDE/STM32Cube/wolfSSL_conf.h index 0cc1c1261..9dc4311a2 100644 --- a/IDE/STM32Cube/wolfSSL_conf.h +++ b/IDE/STM32Cube/wolfSSL_conf.h @@ -525,11 +525,19 @@ /* Allows custom "custom_time()" function to be used for benchmark */ #define WOLFSSL_USER_CURRTIME + /* ------------------------------------------------------------------------- */ /* RNG */ /* ------------------------------------------------------------------------- */ #define NO_OLD_RNGNAME /* conflicts with STM RNG macro */ -#define HAVE_HASHDRBG +#if !defined(WOLF_CONF_RNG) || WOLF_CONF_RNG == 1 + /* default is enabled */ + #define HAVE_HASHDRBG +#else /* WOLF_CONF_RNG == 0 */ + #define WC_NO_HASHDRBG + #define WC_NO_RNG +#endif + /* ------------------------------------------------------------------------- */ /* Disable Features */ diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 08c13faa7..cf3aecbd5 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -6991,7 +6991,7 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz /* or harware that does not support partial block */ || sz == 0 || partial != 0 #endif - #ifndef STM32_AESGCM_PARTIAL + #if !defined(CRYP_HEADERWIDTHUNIT_BYTE) && !defined(STM32_AESGCM_PARTIAL) /* or authIn is not a multiple of 4 */ || authPadSz != authInSz #endif @@ -7014,7 +7014,7 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz hcryp.Init.Algorithm = CRYP_AES_GCM; #ifdef CRYP_HEADERWIDTHUNIT_BYTE /* V2 with CRYP_HEADERWIDTHUNIT_BYTE uses byte size for header */ - hcryp.Init.HeaderSize = authPadSz; + hcryp.Init.HeaderSize = authInSz; #else hcryp.Init.HeaderSize = authPadSz/sizeof(word32); #endif @@ -7481,7 +7481,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, /* or harware that does not support partial block */ || sz == 0 || partial != 0 #endif - #ifndef STM32_AESGCM_PARTIAL + #if !defined(CRYP_HEADERWIDTHUNIT_BYTE) && !defined(STM32_AESGCM_PARTIAL) /* or authIn is not a multiple of 4 */ || authPadSz != authInSz #endif @@ -7527,7 +7527,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, hcryp.Init.Algorithm = CRYP_AES_GCM; #ifdef CRYP_HEADERWIDTHUNIT_BYTE /* V2 with CRYP_HEADERWIDTHUNIT_BYTE uses byte size for header */ - hcryp.Init.HeaderSize = authPadSz; + hcryp.Init.HeaderSize = authInSz; #else hcryp.Init.HeaderSize = authPadSz/sizeof(word32); #endif diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 515c33a35..0d5b959f2 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -20136,51 +20136,56 @@ WOLFSSL_TEST_SUBROUTINE int pwdbased_test(void) #endif /* NO_PWDBASED */ -#if defined(HAVE_HKDF) && (!defined(NO_SHA) || !defined(NO_SHA256)) +#if defined(HAVE_HKDF) && !defined(NO_HMAC) /* WOLFSSL_TEST_SUBROUTINE */ static int hkdf_test(void) { - int ret; + int ret = 0; + +#if !defined(NO_SHA) || !defined(NO_SHA256) int L = 42; byte okm1[42]; byte ikm1[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; +#ifndef HAVE_FIPS byte salt1[13] ={ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c }; byte info1[10] ={ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9 }; +#endif +#ifndef NO_SHA byte res1[42] = { 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61, 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06, 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06, 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0, 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3, 0x49, 0x18 }; +#ifndef HAVE_FIPS byte res2[42] = { 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69, 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81, 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15, 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2, 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3, 0xf8, 0x96 }; +#endif +#endif /* !NO_SHA */ +#ifndef NO_SHA256 byte res3[42] = { 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f, 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31, 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e, 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d, 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a, 0x96, 0xc8 }; +#ifndef HAVE_FIPS byte res4[42] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, 0x58, 0x65 }; - - (void)res1; - (void)res2; - (void)res3; - (void)res4; - (void)salt1; - (void)info1; +#endif +#endif /* !NO_SHA256 */ #ifndef NO_SHA ret = wc_HKDF(WC_SHA, ikm1, 22, NULL, 0, NULL, 0, okm1, L); @@ -20199,7 +20204,7 @@ WOLFSSL_TEST_SUBROUTINE int pwdbased_test(void) if (XMEMCMP(okm1, res2, L) != 0) return -9703; #endif /* HAVE_FIPS */ -#endif /* NO_SHA */ +#endif /* !NO_SHA */ #ifndef NO_SHA256 ret = wc_HKDF(WC_SHA256, ikm1, 22, NULL, 0, NULL, 0, okm1, L); @@ -20218,9 +20223,10 @@ WOLFSSL_TEST_SUBROUTINE int pwdbased_test(void) if (XMEMCMP(okm1, res4, L) != 0) return -9707; #endif /* HAVE_FIPS */ -#endif /* NO_SHA256 */ +#endif /* !NO_SHA256 */ +#endif /* !NO_SHA || !NO_SHA256 */ - return 0; + return ret; } #endif /* HAVE_HKDF */