feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix to not allow Shake128/256 with Xilinx AFALG. Cleanup the Shake disable logic to allow forcing off with WOLFSSL_NO_SHAKE128 and WOLFSSL_NO_SHAKE256.

Browse Source
This commit is contained in:
David Garske
2024-07-03 09:31:06 -07:00
parent ba1eedb46b
commit d3316b72d3
1 changed files with 17 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
wolfssl/wolfcrypt/settings.h
View File

@ -2032,6 +2032,8 @@ extern void uITRON4_free(void *p) ;
#define WOLFSSL_NOSHA3_224
#define WOLFSSL_NOSHA3_256
#define WOLFSSL_NOSHA3_512
#define WOLFSSL_NO_SHAKE128
#define WOLFSSL_NO_SHAKE256
#endif
#ifdef WOLFSSL_AFALG_XILINX_AES
#undef WOLFSSL_AES_DIRECT
@ -3475,22 +3477,27 @@ extern void uITRON4_free(void *p) ;
#define WOLFSSL_RSA_KEY_CHECK
#endif
/* ED448 Requires Shake256 */
#if defined(HAVE_ED448) && defined(WOLFSSL_SHA3)
#undef WOLFSSL_SHAKE256
#define WOLFSSL_SHAKE256
#endif
/* SHAKE - Not allowed in FIPS */
#if defined(WOLFSSL_SHA3) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
#ifndef WOLFSSL_NO_SHAKE128
#undef WOLFSSL_SHAKE128
#define WOLFSSL_SHAKE128
#endif
#ifndef WOLFSSL_NO_SHAKE256
#undef WOLFSSL_SHAKE256
#define WOLFSSL_SHAKE256
#endif
#else
#if defined(WOLFSSL_SHA3) && (defined(HAVE_SELFTEST) || defined(HAVE_FIPS))
#undef WOLFSSL_NO_SHAKE128
#define WOLFSSL_NO_SHAKE128
#undef WOLFSSL_NO_SHAKE256
#define WOLFSSL_NO_SHAKE256
#endif
/* SHAKE Disable */
#ifdef WOLFSSL_NO_SHAKE128
#undef WOLFSSL_SHAKE128
#endif
#ifdef WOLFSSL_NO_SHAKE256
#undef WOLFSSL_SHAKE256
#endif
/* Encrypted Client Hello - requires HPKE */
#if defined(HAVE_ECH) && !defined(HAVE_HPKE)