feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #3328 from ejohnstown/fips-ready-fix

Browse Source 
FIPS Ready Windows Fix
This commit is contained in:
David Garske
2020-09-23 12:18:23 -07:00
committed by GitHub
parent ecd5a015eb f1effea638
commit c46301f111
4 changed files with 13 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
IDE/WIN/README.txt
View File

@ -3,6 +3,8 @@
First, if you did not get the FIPS files with your archive, you must contact First, if you did not get the FIPS files with your archive, you must contact
wolfSSL to obtain them. wolfSSL to obtain them.
The IDE/WIN/wolfssl-fips.sln solution is for the original FIPS #2425 certificate.
See IDE/WIN10/wolfssl-fips.sln for the FIPS v2 #3389 or later Visual Studio solution.
# Building the wolfssl-fips project # Building the wolfssl-fips project

4
IDE/WIN10/README.txt
View File

@ -3,6 +3,7 @@
First, if you did not get the FIPS files with your archive, you must contact First, if you did not get the FIPS files with your archive, you must contact
wolfSSL to obtain them. wolfSSL to obtain them.
The IDE/WIN10/wolfssl-fips.sln solution is for the FIPS v2 #3389 certificate or later.
# Building the wolfssl-fips project # Building the wolfssl-fips project
@ -47,6 +48,7 @@ check value when changing your application.
The default build options should be the proper default set of options: The default build options should be the proper default set of options:
* HAVE_FIPS * HAVE_FIPS
* HAVE_FIPS_VERSION=2 (or 3 with WOLFSSL_FIPS_READY)
* HAVE_THREAD_LS * HAVE_THREAD_LS
* HAVE_AESGCM * HAVE_AESGCM
* HAVE_HASHDRBG * HAVE_HASHDRBG
@ -67,4 +69,4 @@ Additionally one may enable:
* OPENSSL_EXTRA * OPENSSL_EXTRA
* WOLFSSL_KEY_GEN * WOLFSSL_KEY_GEN
These settings are defined in IDE/WIN/user_settings.h. These settings are defined in IDE/WIN10/user_settings.h.

8
IDE/WIN10/user_settings.h
View File

@ -1,6 +1,14 @@
#ifndef _WIN_USER_SETTINGS_H_ #ifndef _WIN_USER_SETTINGS_H_
#define _WIN_USER_SETTINGS_H_ #define _WIN_USER_SETTINGS_H_
/* For FIPS Ready, uncomment the following: */
/* #define WOLFSSL_FIPS_READY */
#ifdef WOLFSSL_FIPS_READY
#undef HAVE_FIPS_VERSION
#define HAVE_FIPS_VERSION 3
#endif
/* Verify this is Windows */ /* Verify this is Windows */
#ifndef _WIN32 #ifndef _WIN32
#error This user_settings.h header is only designed for Windows #error This user_settings.h header is only designed for Windows

10
wolfcrypt/src/evp.c
View File

@ -36,16 +36,6 @@
#if defined(OPENSSL_EXTRA) #if defined(OPENSSL_EXTRA)
#if !defined(HAVE_PKCS7) && \ #if !defined(HAVE_PKCS7) && \
((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION > 2)) || defined(HAVE_SELFTEST))
enum {
/* In the event of fips cert 3389 or CAVP selftest build, these enums are
* not in aes.h for use with evp so enumerate it here outside the fips
* boundary */
GCM_NONCE_MID_SZ = 12, /* The usual default nonce size for AES-GCM. */
CCM_NONCE_MIN_SZ = 7,
};
#elif !defined(HAVE_PKCS7) && \
((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)) (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST))
#include <wolfssl/wolfcrypt/aes.h> #include <wolfssl/wolfcrypt/aes.h>