diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 519a56ae8..c3eb12ede 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -157,6 +157,7 @@ static const struct s_ent { (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */ #ifdef WOLFSSL_AES_CFB + #ifndef WOLFSSL_NO_AES_CFB_1_8 #ifdef WOLFSSL_AES_128 static const char EVP_AES_128_CFB1[] = "AES-128-CFB1"; #endif @@ -176,6 +177,7 @@ static const struct s_ent { #ifdef WOLFSSL_AES_256 static const char EVP_AES_256_CFB8[] = "AES-256-CFB8"; #endif + #endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #ifdef WOLFSSL_AES_128 static const char EVP_AES_128_CFB128[] = "AES-128-CFB128"; @@ -639,7 +641,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, break; #endif #if defined(WOLFSSL_AES_CFB) - #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + #if !defined(WOLFSSL_NO_AES_CFB_1_8) case WC_AES_128_CFB1_TYPE: case WC_AES_192_CFB1_TYPE: case WC_AES_256_CFB1_TYPE: @@ -659,7 +661,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, else ret = wc_AesCfb8Decrypt(&ctx->cipher.aes, out, in, inl); break; - #endif /* !HAVE_SELFTEST && !HAVE_FIPS */ + #endif /* !WOLFSSL_NO_AES_CFB_1_8 */ case WC_AES_128_CFB128_TYPE: case WC_AES_192_CFB128_TYPE: @@ -1942,6 +1944,7 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher) #endif #endif /* WOLFSSL_AES_XTS */ #if defined(WOLFSSL_AES_CFB) +#ifndef WOLFSSL_NO_AES_CFB_1_8 #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB1)) return WC_AES_128_CFB1_TYPE; @@ -1966,6 +1969,7 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher) else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB8)) return WC_AES_256_CFB8_TYPE; #endif +#endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB128)) return WC_AES_128_CFB128_TYPE; @@ -4966,6 +4970,7 @@ static const struct cipher{ #endif #ifdef WOLFSSL_AES_CFB + #ifndef WOLFSSL_NO_AES_CFB_1_8 #ifdef WOLFSSL_AES_128 {WC_AES_128_CFB1_TYPE, EVP_AES_128_CFB1, WC_NID_aes_128_cfb1}, #endif @@ -4985,6 +4990,7 @@ static const struct cipher{ #ifdef WOLFSSL_AES_256 {WC_AES_256_CFB8_TYPE, EVP_AES_256_CFB8, WC_NID_aes_256_cfb8}, #endif + #endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #ifdef WOLFSSL_AES_128 {WC_AES_128_CFB128_TYPE, EVP_AES_128_CFB128, WC_NID_aes_128_cfb128}, @@ -4995,7 +5001,7 @@ static const struct cipher{ #ifdef WOLFSSL_AES_256 {WC_AES_256_CFB128_TYPE, EVP_AES_256_CFB128, WC_NID_aes_256_cfb128}, #endif - #endif + #endif /* WOLFSSL_AES_CFB */ #ifdef WOLFSSL_AES_OFB #ifdef WOLFSSL_AES_128 @@ -5622,7 +5628,7 @@ void wolfSSL_EVP_init(void) #endif /* HAVE_AES_CBC */ #ifdef WOLFSSL_AES_CFB -#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)) + #ifndef WOLFSSL_NO_AES_CFB_1_8 #ifdef WOLFSSL_AES_128 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb1(void) { @@ -5670,7 +5676,7 @@ void wolfSSL_EVP_init(void) return EVP_AES_256_CFB8; } #endif /* WOLFSSL_AES_256 */ -#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ + #endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #ifdef WOLFSSL_AES_128 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb128(void) @@ -7249,6 +7255,7 @@ void wolfSSL_EVP_init(void) #endif /* WOLFSSL_AES_256 */ #endif /* HAVE_AES_ECB */ #ifdef WOLFSSL_AES_CFB + #ifndef WOLFSSL_NO_AES_CFB_1_8 #ifdef WOLFSSL_AES_128 if (ctx->cipherType == WC_AES_128_CFB1_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB1))) { @@ -7431,6 +7438,7 @@ void wolfSSL_EVP_init(void) } } #endif /* WOLFSSL_AES_256 */ + #endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #ifdef WOLFSSL_AES_128 if (ctx->cipherType == WC_AES_128_CFB128_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB128))) { @@ -8317,7 +8325,7 @@ void wolfSSL_EVP_init(void) #endif /* HAVE_AES_CBC */ #ifdef WOLFSSL_AES_CFB -#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) +#if !defined(WOLFSSL_NO_AES_CFB_1_8) case WC_AES_128_CFB1_TYPE: case WC_AES_192_CFB1_TYPE: case WC_AES_256_CFB1_TYPE: @@ -8340,7 +8348,7 @@ void wolfSSL_EVP_init(void) if (ret == 0) ret = (int)len; break; -#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ +#endif /* !WOLFSSL_NO_AES_CFB_1_8 */ case WC_AES_128_CFB128_TYPE: case WC_AES_192_CFB128_TYPE: case WC_AES_256_CFB128_TYPE: diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index ccf8b76fc..664b175d5 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -9926,9 +9926,7 @@ EVP_TEST_END: return ret; } -#if !defined(HAVE_SELFTEST) && \ - (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)) && \ - !defined(WOLFSSL_NO_AES_CFB_1_8) +#if !defined(WOLFSSL_NO_AES_CFB_1_8) static wc_test_ret_t aescfb1_test(void) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -10095,7 +10093,7 @@ EVP_TEST_END: if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - #ifndef WOLFCRYPT_ONLY + #if !defined(WOLFCRYPT_ONLY) && !defined(HAVE_FIPS) ret = EVP_test(wolfSSL_EVP_aes_128_cfb1(), key1, iv, msg1, sizeof(msg1), cipher, sizeof(msg1)); if (ret != 0) { @@ -10128,7 +10126,7 @@ EVP_TEST_END: if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - #ifndef WOLFCRYPT_ONLY + #if !defined(WOLFCRYPT_ONLY) && !defined(HAVE_FIPS) ret = EVP_test(wolfSSL_EVP_aes_192_cfb1(), key2, iv2, msg2, sizeof(msg2), cipher, sizeof(msg2)); if (ret != 0) { @@ -10162,7 +10160,7 @@ EVP_TEST_END: if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - #ifndef WOLFCRYPT_ONLY + #if !defined(WOLFCRYPT_ONLY) && !defined(HAVE_FIPS) ret = EVP_test(wolfSSL_EVP_aes_256_cfb1(), key3, iv3, msg3, sizeof(msg3), cipher, sizeof(msg3)); if (ret != 0) { @@ -10306,7 +10304,8 @@ EVP_TEST_END: #ifdef WOLFSSL_AES_128 /* 128 key tests */ - #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) + #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \ + !defined(HAVE_FIPS) ret = EVP_test(wolfSSL_EVP_aes_128_cfb8(), key1, iv, msg1, sizeof(msg1), cipher1, sizeof(cipher1)); if (ret != 0) { @@ -10352,7 +10351,8 @@ EVP_TEST_END: ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(cipher, cipher2, sizeof(msg2)) != 0) ERROR_OUT(WC_TEST_RET_ENC_NC, out); -#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) +#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \ + !defined(HAVE_FIPS) ret = EVP_test(wolfSSL_EVP_aes_192_cfb8(), key2, iv2, msg2, sizeof(msg2), cipher2, sizeof(msg2)); if (ret != 0) { @@ -10375,7 +10375,8 @@ EVP_TEST_END: if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0) ERROR_OUT(WC_TEST_RET_ENC_NC, out); - #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) + #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \ + !defined(HAVE_FIPS) ret = EVP_test(wolfSSL_EVP_aes_256_cfb8(), key3, iv3, msg3, sizeof(msg3), cipher3, sizeof(msg3)); if (ret != 0) { @@ -10401,7 +10402,7 @@ EVP_TEST_END: return ret; } -#endif /* !HAVE_SELFTEST && !HAVE_FIPS && !WOLFSSL_NO_AES_CFB_1_8 */ +#endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #endif /* WOLFSSL_AES_CFB */ #ifndef HAVE_RENESAS_SYNC @@ -14271,9 +14272,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cfb_test(void) ret = aescfb_test_0(); if (ret != 0) return ret; -#if !defined(HAVE_SELFTEST) && \ - (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)) && \ - !defined(WOLFSSL_NO_AES_CFB_1_8) +#if !defined(WOLFSSL_NO_AES_CFB_1_8) ret = aescfb1_test(); if (ret != 0) return ret; diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index d5459ae3b..9d74d9dc5 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -3076,6 +3076,13 @@ extern void uITRON4_free(void *p) ; #endif #endif /* HAVE_ED448 */ +/* FIPS does not support CFB1 or CFB8 */ +#if !defined(WOLFSSL_NO_AES_CFB_1_8) && \ + (defined(HAVE_SELFTEST) || \ + (defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0))) + #define WOLFSSL_NO_AES_CFB_1_8 +#endif + /* AES Config */ #ifndef NO_AES /* By default enable all AES key sizes, decryption and CBC */