From d3665992852317e3595aad502b9cc4320aff1b5a Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 8 Jan 2015 10:42:01 -0700 Subject: [PATCH] adding comment to header and _fips to c files --- cyassl/ctaocrypt/camellia.h | 2 +- cyassl/ctaocrypt/hmac.h | 2 +- cyassl/ctaocrypt/types.h | 3 +- cyassl/ssl.h | 9 +-- examples/server/server.c | 1 - wolfcrypt/benchmark/benchmark.c | 2 +- wolfcrypt/src/aes.c | 14 ++-- wolfcrypt/src/des3.c | 10 +-- wolfcrypt/src/hmac.c | 40 ++--------- wolfcrypt/src/random.c | 47 ++----------- wolfcrypt/src/rsa.c | 114 +++++--------------------------- wolfcrypt/src/sha.c | 109 ++++++++++++------------------ wolfcrypt/src/sha256.c | 8 +-- wolfcrypt/src/sha512.c | 14 ++-- wolfssl/wolfcrypt/aes.h | 37 +---------- wolfssl/wolfcrypt/asn.h | 14 ++-- wolfssl/wolfcrypt/blake2.h | 2 +- wolfssl/wolfcrypt/des3.h | 25 +------ wolfssl/wolfcrypt/ecc.h | 12 ++-- wolfssl/wolfcrypt/error-crypt.h | 2 +- wolfssl/wolfcrypt/hmac.h | 12 +--- wolfssl/wolfcrypt/integer.h | 14 ++-- wolfssl/wolfcrypt/md5.h | 2 +- wolfssl/wolfcrypt/pkcs7.h | 2 +- wolfssl/wolfcrypt/random.h | 24 +------ wolfssl/wolfcrypt/rsa.h | 31 +-------- wolfssl/wolfcrypt/settings.h | 30 ++++----- wolfssl/wolfcrypt/sha.h | 20 +----- wolfssl/wolfcrypt/sha256.h | 7 +- wolfssl/wolfcrypt/sha512.h | 34 +--------- wolfssl/wolfcrypt/tfm.h | 14 ++-- wolfssl/wolfcrypt/visibility.h | 2 +- 32 files changed, 163 insertions(+), 496 deletions(-) diff --git a/cyassl/ctaocrypt/camellia.h b/cyassl/ctaocrypt/camellia.h index dc43cd481..bbe7dcf1b 100644 --- a/cyassl/ctaocrypt/camellia.h +++ b/cyassl/ctaocrypt/camellia.h @@ -23,7 +23,7 @@ #define CTAO_CRYPT_CAMELLIA_H -/* for blake2 reverse compatibility */ +/* for camellia reverse compatibility */ #ifdef HAVE_CAMELLIA #include #define CamelliaSetKey wc_CamelliaSetKey diff --git a/cyassl/ctaocrypt/hmac.h b/cyassl/ctaocrypt/hmac.h index 712b83945..4625f10ea 100644 --- a/cyassl/ctaocrypt/hmac.h +++ b/cyassl/ctaocrypt/hmac.h @@ -33,7 +33,7 @@ #define HmacInitCavium wc_HmacInitCavium #define HmacFreeCavium wc_HmacFreeCavium #endif -#define wolfSSL_GetHmacMaxSize wc_wolfSSL_GetHmacMaxSize +#define CyaSSL_GetHmacMaxSize wolfSSL_GetHmacMaxSize #ifdef HAVE_HKDF #define HKDF wc_HKDF #endif /* HAVE_HKDF */ diff --git a/cyassl/ctaocrypt/types.h b/cyassl/ctaocrypt/types.h index bdd8e0529..810f73b65 100644 --- a/cyassl/ctaocrypt/types.h +++ b/cyassl/ctaocrypt/types.h @@ -32,7 +32,8 @@ #define CYASSL_BIT_SIZE WOLFSSL_BIT_SIZE #define CYASSL_MAX_16BIT WOLFSSL_MAX_16BIT #define CYASSL_MAX_ERROR_SZ WOLFSSL_MAX_ERROR_SZ -#define cyassl_word wolfssl_word +#define cyassl_word wolfssl_word +#define CYASSL_MAX_ERROR_SZ WOLFSSL_MAX_ERROR_SZ /* if macros need to be reverted back to previous name for fips */ // #define WOLFSSL_MAX_ERROR_SZ CYASSL_MAX_ERROR_SZ diff --git a/cyassl/ssl.h b/cyassl/ssl.h index 8746bd025..0e3f70d11 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -30,6 +30,7 @@ * include the new ssl.h */ #include +#include #include #ifdef __cplusplus @@ -385,18 +386,10 @@ /* JRB macro redefinitions and api calls for cryptography for reverse compat. */ -/* new fips header files since old ones could not be changed for compatibility*/ -#ifndef NO_AES - #include -#endif - #ifdef WOLFSSL_SMALL_STACK #define CYASSL_SMALL_STACK #endif -#if !defined(CYASSL_MAX_ERROR_SZ) && !defined(HAVE_FIPS) - #define CYASSL_MAX_ERROR_SZ WOLFSSL_MAX_ERROR_SZ -#endif /* * wrapper around macros until they are changed in cyassl code diff --git a/examples/server/server.c b/examples/server/server.c index 432ecfd76..1c4ae5d50 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -1,4 +1,3 @@ -#include /* server.c * * Copyright (C) 2006-2015 wolfSSL Inc. diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 7fbc85631..a9e2c2573 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -167,7 +167,7 @@ int benchmark_test(void *args) #endif #if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND) - wolfSSL_Debugging_ON(); + WOLFSSL_API int wolfSSL_Debugging_ON(); #endif #ifdef HAVE_CAVIUM diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 818c91a8e..2c506b575 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -33,25 +33,25 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv, int dir) { - return AesSetKey(aes, key, len, iv, dir); + return AesSetKey_fips(aes, key, len, iv, dir); } int wc_AesSetIV(Aes* aes, const byte* iv) { - return AesSetIV(aes, iv); + return AesSetIV_fips(aes, iv); } int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { - return AesCbcEncrypt(aes, out, in, sz); + return AesCbcEncrypt_fips(aes, out, in, sz); } int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { - return AesCbcDecrypt(aes, out, in, sz); + return AesCbcDecrypt_fips(aes, out, in, sz); } @@ -95,7 +95,7 @@ int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len, #ifdef HAVE_AESGCM int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len) { - return AesGcmSetKey(aes, key, len); + return AesGcmSetKey_fips(aes, key, len); } @@ -104,7 +104,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz) { - return AesGcmEncrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz, + return AesGcmEncrypt_fips(aes, out, in, sz, iv, ivSz, authTag, authTagSz, authIn, authInSz); } @@ -114,7 +114,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, const byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz) { - return AesGcmDecrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz, + return AesGcmDecrypt_fips(aes, out, in, sz, iv, ivSz, authTag, authTagSz, authIn, authInSz); } diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c index 13ce35213..be8d790ea 100644 --- a/wolfcrypt/src/des3.c +++ b/wolfcrypt/src/des3.c @@ -46,7 +46,7 @@ int wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) int wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) { - return Des3_SetKey(des, key, iv, dir); + return Des3_SetKey_fips(des, key, iv, dir); } @@ -64,13 +64,13 @@ int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) int wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) { - return Des3_CbcEncrypt(des, out, in, sz); + return Des3_CbcEncrypt_fips(des, out, in, sz); } int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) { - return Des3_CbcDecrypt(des, out, in, sz); + return Des3_CbcDecrypt_fips(des, out, in, sz); } @@ -100,7 +100,7 @@ int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz, int wc_Des3_SetIV(Des3* des, const byte* iv) { - return Des3_SetIV(des, iv); + return Des3_SetIV_fips(des, iv); } @@ -128,7 +128,7 @@ void wc_Des3_FreeCavium(Des3* des3) #endif /* HAVE_CAVIUM */ -#else +#else /* build without fips */ #include #include diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index 295a9faf8..8c7e8de2b 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -33,19 +33,19 @@ /* does init */ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 keySz) { - return HmacSetKey(hmac, type, key, keySz); + return HmacSetKey_fips(hmac, type, key, keySz); } int wc_HmacUpdate(Hmac* hmac, const byte* in, word32 sz) { - return HmacUpdate(hmac, in, sz); + return HmacUpdate_fips(hmac, in, sz); } int wc_HmacFinal(Hmac* hmac, byte* out) { - return HmacFinal(hmac, out); + return HmacFinal_fips(hmac, out); } @@ -62,7 +62,7 @@ int wc_HmacFinal(Hmac* hmac, byte* out) } #endif -int wc_wolfSSL_GetHmacMaxSize(void) +int wolfSSL_GetHmacMaxSize(void) { return CyaSSL_GetHmacMaxSize(); } @@ -79,35 +79,7 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz, #endif /* HAVE_HKDF */ - - -#ifdef HAVE_FIPS - /* fips wrapper calls, user can call direct */ -int wc_HmacSetKey_fips(Hmac* hmac, int type, const byte* key, - word32 keySz) -{ - return HmacSetKey_fips(hmac, type, key, keySz); -} - -int wc_HmacUpdate_fips(Hmac* hmac, const byte* in , word32 sz) -{ - return HmacUpdate_fips(hmac, in, sz); -} - - -int wc_HmacFinal_fips(Hmac* hmac, byte* out) -{ - return HmacFinal_fips(hmac, out); -} -#ifndef FIPS_NO_WRAPPERS - /* if not impl or fips.c impl wrapper force fips calls if fips build */ - #define HmacSetKey HmacSetKey_fips - #define HmacUpdate HmacUpdate_fips - #define HmacFinal HmacFinal_fips - #endif /* FIPS_NO_WRAPPERS */ - -#endif /* HAVE_FIPS */ -#else +#else /* else build without fips */ #ifdef WOLFSSL_PIC32MZ_HASH #define wc_InitMd5 wc_InitMd5_sw @@ -743,7 +715,7 @@ static void HmacCaviumSetKey(Hmac* hmac, int type, const byte* key, #endif /* HAVE_CAVIUM */ -int wc_wolfSSL_GetHmacMaxSize(void) +int wolfSSL_GetHmacMaxSize(void) { return MAX_DIGEST_SIZE; } diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index c7cd5e3d9..4a14d2bb2 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -48,13 +48,13 @@ int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz) int wc_InitRng(RNG* rng) { - return InitRng(rng); + return InitRng_fips(rng); } int wc_RNG_GenerateBlock(RNG* rng, byte* b, word32 sz) { - return RNG_GenerateBlock(rng, b, sz); + return RNG_GenerateBlock_fips(rng, b, sz); } @@ -66,7 +66,7 @@ int wc_RNG_GenerateByte(RNG* rng, byte* b) #if defined(HAVE_HASHDRBG) || defined(NO_RC4) int wc_FreeRng(RNG* rng) { - return FreeRng(rng); + return FreeRng_fips(rng); } @@ -75,48 +75,11 @@ int wc_RNG_GenerateByte(RNG* rng, byte* b) const byte* entropyB, word32 entropyBSz, byte* output, word32 outputSz) { - return RNG_HealthTest(reseed, entropyA, entropyASz, + return RNG_HealthTest_fips(reseed, entropyA, entropyASz, entropyB, entropyBSz, output, outputSz); } #endif /* HAVE_HASHDRBG || NO_RC4 */ - - -#ifdef HAVE_FIPS - /* fips wrapper calls, user can call direct */ - int wc_InitRng_fips(RNG* rng) - { - return InitRng_fips(rng); - } - - - int wc_FreeRng_fips(RNG* rng) - { - return FreeRng_fips(rng); - } - - - int wc_RNG_GenerateBlock_fips(RNG* rng, byte* buf, word32 bufSz) - { - return RNG_GenerateBlock_fips(rng, buf, bufSz); - } - - int wc_RNG_HealthTest_fips(int reseed, - const byte* entropyA, word32 entropyASz, - const byte* entropyB, word32 entropyBSz, - byte* output, word32 outputSz) - { - return RNG_HealthTest_fips(reseed, entropyA, entropyASz, - entropyB, entropyBSz, output, outputSz); - } - #ifndef FIPS_NO_WRAPPERS - /* if not impl or fips.c impl wrapper force fips calls if fips build */ - #define InitRng InitRng_fips - #define FreeRng FreeRng_fips - #define RNG_GenerateBlock RNG_GenerateBlock_fips - #define RNG_HealthTest RNG_HealthTest_fips - #endif /* FIPS_NO_WRAPPERS */ -#endif /* HAVE_FIPS */ -#else +#else /* else build without fips */ #include #if defined(HAVE_HASHDRBG) || defined(NO_RC4) diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 796f3fa50..eb5562fe5 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -32,66 +32,67 @@ #ifdef HAVE_FIPS int wc_InitRsaKey(RsaKey* key, void* ptr) { - return InitRsaKey(key, ptr); + return InitRsaKey_fips(key, ptr); } int wc_FreeRsaKey(RsaKey* key) { - return FreeRsaKey(key); + return FreeRsaKey_fips(key); } int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, RNG* rng) { - return RsaPublicEncrypt(in, inLen, out, outLen, key, rng); + return RsaPublicEncrypt_fips(in, inLen, out, outLen, key, rng); } int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key) { - return RsaPrivateDecryptInline(in, inLen, out, key); + return RsaPrivateDecryptInline_fips(in, inLen, out, key); } int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key) { - return RsaPrivateDecrypt(in, inLen, out, outLen, key); + return RsaPrivateDecrypt_fips(in, inLen, out, outLen, key); } int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, RNG* rng) { - return RsaSSL_Sign(in, inLen, out, outLen, key, rng); + return RsaSSL_Sign_fips(in, inLen, out, outLen, key, rng); } int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) { - return RsaSSL_VerifyInline(in, inLen, out, key); + return RsaSSL_VerifyInline_fips(in, inLen, out, key); } int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key) { - return RsaSSL_Verify(in, inLen, out, outLen, key); + return RsaSSL_Verify_fips(in, inLen, out, outLen, key); } int wc_RsaEncryptSize(RsaKey* key) { - return RsaEncryptSize(key); + return RsaEncryptSize_fips(key); } int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b, word32* bSz) { + /* not specified as fips so not needing _fips */ return RsaFlattenPublicKey(key, a, aSz, b, bSz); } #ifdef WOLFSSL_KEY_GEN @@ -121,97 +122,12 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b, } #endif +/* these are functions in asn and are routed to wolfssl/wolfcrypt/asn.c +* wc_RsaPrivateKeyDecode +* wc_RsaPublicKeyDecode +*/ -#ifdef HAVE_FIPS - /* fips wrapper calls, user can call direct */ - int wc_InitRsaKey_fips(RsaKey* key, void* ptr) - { - return InitRsaKey_fips(key, ptr); - } - - - int wc_FreeRsaKey_fips(RsaKey* key) - { - return FreeRsaKey_fips(key); - } - - - int wc_RsaPublicEncrypt_fips(const byte* in,word32 inLen,byte* out, - word32 outLen, RsaKey* key, RNG* rng) - { - return RsaPublicEncrypt_fips(in, inLen, out, outLen, key, rng); - } - - - int wc_RsaPrivateDecryptInline_fips(byte* in, word32 inLen, - byte** out, RsaKey* key) - { - return RsaPrivateDecryptInline_fips(in, inLen, out, key); - } - - - int wc_RsaPrivateDecrypt_fips(const byte* in, word32 inLen, - byte* out,word32 outLen,RsaKey* key) - { - return RsaPrivateDecrypt_fips(in, inLen, out, outLen, key); - } - - - int wc_RsaSSL_Sign_fips(const byte* in, word32 inLen, byte* out, - word32 outLen, RsaKey* key, RNG* rng) - { - return RsaSSL_Sign_fips(in, inLen, out, outLen, key, rng); - } - - - int wc_RsaSSL_VerifyInline_fips(byte* in, word32 inLen, byte** out, - RsaKey* key) - { - return RsaSSL_VerifyInline_fips(in, inLen, out, key); - } - - - int wc_RsaSSL_Verify_fips(const byte* in, word32 inLen, byte* out, - word32 outLen, RsaKey* key) - { - return RsaSSL_Verify_fips(in, inLen, out, outLen, key); - } - - - int wc_RsaEncryptSize_fips(RsaKey* key) - { - return RsaEncryptSize_fips(key); - } - - - int wc_RsaPrivateKeyDecode_fips(const byte* input, word32* inOutIdx, - RsaKey* key, word32 sz) - { - return RsaPrivateKeyDecode_fips(input, inOutIdx, key, sz); - } - - - int wc_RsaPublicKeyDecode_fips(const byte* input, word32* inOutIdx, - RsaKey* key, word32 sz) - { - return RsaPublicKeyDecode_fips(input, inOutIdx, key, sz); - } - #ifndef FIPS_NO_WRAPPERS - /* if not impl or fips.c impl wrapper force fips calls if fips build */ - #define InitRsaKey InitRsaKey_fips - #define FreeRsaKey FreeRsaKey_fips - #define RsaPublicEncrypt RsaPublicEncrypt_fips - #define RsaPrivateDecryptInline RsaPrivateDecryptInline_fips - #define RsaPrivateDecrypt RsaPrivateDecrypt_fips - #define RsaSSL_Sign RsaSSL_Sign_fips - #define RsaSSL_VerifyInline RsaSSL_VerifyInline_fips - #define RsaSSL_Verify RsaSSL_Verify_fips - #define RsaEncryptSize RsaEncryptSize_fips - /* no implicit KeyDecodes since in asn.c (not rsa.c) */ - #endif /* FIPS_NO_WRAPPERS */ - -#endif /* HAVE_FIPS */ -#else +#else /* else build without fips */ #include #include #include diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 92b051b35..b606961ec 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -28,11 +28,6 @@ #if !defined(NO_SHA) -#ifdef HAVE_FIPS - /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ - #define FIPS_NO_WRAPPERS -#endif - #include #include #include @@ -67,23 +62,7 @@ return ShaHash(data, sz, out); } - - int wc_InitSha_fips(Sha* sha) - { - return InitSha_fips(sha); - } - - int wc_ShaUpdate_fips(Sha* sha, const byte* data, word32 sz) - { - return ShaUpdate_fips(sha, data, sz); - } - - int wc_ShaFinal_fips(Sha* sha, byte* out) - { - return ShaFinal_fips(sha, out); - } - -#else +#else /* else build without fips */ #ifdef FREESCALE_MMCAU #include "cau_api.h" @@ -111,18 +90,18 @@ int wc_InitSha(Sha* sha) XMEMSET(sha->buffer, 0, SHA_REG_SIZE); sha->buffLen = 0; sha->loLen = 0; - + /* initialize HASH peripheral */ HASH_DeInit(); - + /* configure algo used, algo mode, datatype */ HASH->CR &= ~ (HASH_CR_ALGO | HASH_CR_DATATYPE | HASH_CR_MODE); HASH->CR |= (HASH_AlgoSelection_SHA1 | HASH_AlgoMode_HASH | HASH_DataType_8b); - + /* reset HASH processor */ HASH->CR |= HASH_CR_INIT; - + return 0; } @@ -131,16 +110,16 @@ int wc_ShaUpdate(Sha* sha, const byte* data, word32 len) word32 i = 0; word32 fill = 0; word32 diff = 0; - + /* if saved partial block is available */ if (sha->buffLen) { fill = 4 - sha->buffLen; - + /* if enough data to fill, fill and push to FIFO */ if (fill <= len) { XMEMCPY((byte*)sha->buffer + sha->buffLen, data, fill); HASH_DataIn(*(uint32_t*)sha->buffer); - + data += fill; len -= fill; sha->loLen += 4; @@ -152,7 +131,7 @@ int wc_ShaUpdate(Sha* sha, const byte* data, word32 len) return; } } - + /* write input block in the IN FIFO */ for(i = 0; i < len; i += 4) { @@ -167,46 +146,46 @@ int wc_ShaUpdate(Sha* sha, const byte* data, word32 len) data+=4; } } - + /* keep track of total data length thus far */ sha->loLen += (len - sha->buffLen); - + return 0; } int wc_ShaFinal(Sha* sha, byte* hash) { __IO uint16_t nbvalidbitsdata = 0; - + /* finish reading any trailing bytes into FIFO */ if (sha->buffLen) { HASH_DataIn(*(uint32_t*)sha->buffer); sha->loLen += sha->buffLen; } - + /* calculate number of valid bits in last word of input data */ nbvalidbitsdata = 8 * (sha->loLen % SHA_REG_SIZE); - + /* configure number of valid bits in last word of the data */ HASH_SetLastWordValidBitsNbr(nbvalidbitsdata); - + /* start HASH processor */ HASH_StartDigest(); - + /* wait until Busy flag == RESET */ while (HASH_GetFlagStatus(HASH_FLAG_BUSY) != RESET) {} - + /* read message digest */ sha->digest[0] = HASH->HR[0]; sha->digest[1] = HASH->HR[1]; sha->digest[2] = HASH->HR[2]; sha->digest[3] = HASH->HR[3]; sha->digest[4] = HASH->HR[4]; - + ByteReverseWords(sha->digest, sha->digest, SHA_DIGEST_SIZE); - + XMEMCPY(hash, sha->digest, SHA_DIGEST_SIZE); - + return wc_InitSha(sha); /* reset state */ } @@ -233,11 +212,11 @@ int wc_InitSha(Sha* sha) sha->digest[3] = 0x10325476L; sha->digest[4] = 0xC3D2E1F0L; #endif - + sha->buffLen = 0; sha->loLen = 0; sha->hiLen = 0; - + return 0; } @@ -267,37 +246,37 @@ rotlFixed((v),5); (w) = rotlFixed((w),30); static void Transform(Sha* sha) { word32 W[SHA_BLOCK_SIZE / sizeof(word32)]; - + /* Copy context->state[] to working vars */ word32 a = sha->digest[0]; word32 b = sha->digest[1]; word32 c = sha->digest[2]; word32 d = sha->digest[3]; word32 e = sha->digest[4]; - + #ifdef USE_SLOW_SHA word32 t, i; - + for (i = 0; i < 16; i++) { R0(a, b, c, d, e, i); t = e; e = d; d = c; c = b; b = a; a = t; } - + for (; i < 20; i++) { R1(a, b, c, d, e, i); t = e; e = d; d = c; c = b; b = a; a = t; } - + for (; i < 40; i++) { R2(a, b, c, d, e, i); t = e; e = d; d = c; c = b; b = a; a = t; } - + for (; i < 60; i++) { R3(a, b, c, d, e, i); t = e; e = d; d = c; c = b; b = a; a = t; } - + for (; i < 80; i++) { R4(a, b, c, d, e, i); t = e; e = d; d = c; c = b; b = a; a = t; @@ -309,28 +288,28 @@ static void Transform(Sha* sha) R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); - + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); - + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); - + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); - + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); #endif - + /* Add the working vars back into digest state[] */ sha->digest[0] += a; sha->digest[1] += b; @@ -354,15 +333,15 @@ int wc_ShaUpdate(Sha* sha, const byte* data, word32 len) { /* do block size increments */ byte* local = (byte*)sha->buffer; - + while (len) { word32 add = min(len, SHA_BLOCK_SIZE - sha->buffLen); XMEMCPY(&local[sha->buffLen], data, add); - + sha->buffLen += add; data += add; len -= add; - + if (sha->buffLen == SHA_BLOCK_SIZE) { #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE); @@ -372,7 +351,7 @@ int wc_ShaUpdate(Sha* sha, const byte* data, word32 len) sha->buffLen = 0; } } - + return 0; } @@ -380,16 +359,16 @@ int wc_ShaUpdate(Sha* sha, const byte* data, word32 len) int wc_ShaFinal(Sha* sha, byte* hash) { byte* local = (byte*)sha->buffer; - + AddLength(sha, sha->buffLen); /* before adding pads */ - + local[sha->buffLen++] = 0x80; /* add 1 */ - + /* pad with zeros */ if (sha->buffLen > SHA_PAD_SIZE) { XMEMSET(&local[sha->buffLen], 0, SHA_BLOCK_SIZE - sha->buffLen); sha->buffLen += SHA_BLOCK_SIZE - sha->buffLen; - + #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE); #endif @@ -397,12 +376,12 @@ int wc_ShaFinal(Sha* sha, byte* hash) sha->buffLen = 0; } XMEMSET(&local[sha->buffLen], 0, SHA_PAD_SIZE - sha->buffLen); - + /* put lengths in bits */ sha->hiLen = (sha->loLen >> (8*sizeof(sha->loLen) - 3)) + (sha->hiLen << 3); sha->loLen = sha->loLen << 3; - + /* store lengths */ #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE); diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 9150a1f84..4a20e7982 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -34,19 +34,19 @@ int wc_InitSha256(Sha256* sha) { - return InitSha256(sha); + return InitSha256_fips(sha); } int wc_Sha256Update(Sha256* sha, const byte* data, word32 len) { - return Sha256Update(sha, data, len); + return Sha256Update_fips(sha, data, len); } int wc_Sha256Final(Sha256* sha, byte* out) { - return Sha256Final(sha, out); + return Sha256Final_fips(sha, out); } @@ -54,7 +54,7 @@ int wc_Sha256Hash(const byte* data, word32 len, byte* out) { return Sha256Hash(data, len, out); } -#else +#else /* else build without fips */ #ifdef WOLFSSL_PIC32MZ_HASH #define wc_InitSha256 InitSha256_sw #define wc_Sha256Update Sha256Update_sw diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index 547bfc1b6..aa078640e 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -31,19 +31,19 @@ #ifdef HAVE_FIPS int wc_InitSha512(Sha512* sha) { - return InitSha512(sha); + return InitSha512_fips(sha); } int wc_Sha512Update(Sha512* sha, const byte* data, word32 len) { - return Sha512Update(sha, data, len); + return Sha512Update_fips(sha, data, len); } int wc_Sha512Final(Sha512* sha, byte* out) { - return Sha512Final(sha, out); + return Sha512Final_fips(sha, out); } @@ -56,19 +56,19 @@ int wc_Sha512Hash(const byte* data, word32 len, byte* out) int wc_InitSha384(Sha384* sha) { - return InitSha384(sha); + return InitSha384_fips(sha); } int wc_Sha384Update(Sha384* sha, const byte* data, word32 len) { - return Sha384Update(sha, data, len); + return Sha384Update_fips(sha, data, len); } int wc_Sha384Final(Sha384* sha, byte* out) { - return Sha384Final(sha, out); + return Sha384Final_fips(sha, out); } @@ -77,7 +77,7 @@ int wc_Sha384Hash(const byte* data, word32 len, byte* out) return Sha384Hash(data, len, out); } #endif /* WOLFSSL_SHA384 */ -#else +#else /* else build without using fips */ #include #include diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index f525f6e0d..a4c620de2 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -39,7 +39,7 @@ #endif #endif -#ifndef HAVE_FIPS +#ifndef HAVE_FIPS /* to avoid redefinition of macros */ #ifdef HAVE_CAVIUM #include #include "cavium_common.h" @@ -72,7 +72,7 @@ extern "C" { #endif -#ifndef HAVE_FIPS +#ifndef HAVE_FIPS /* to avoid redefinition of structures */ #define WOLFSSL_AES_CAVIUM_MAGIC 0xBEEF0002 enum { @@ -177,39 +177,6 @@ typedef struct Gmac { WOLFSSL_API void wc_AesFreeCavium(Aes*); #endif - -#ifdef HAVE_FIPS - /* fips wrapper calls, user can call direct */ - WOLFSSL_API int wc_AesSetKey_fips(Aes* aes, const byte* key, word32 len, - const byte* iv, int dir); - WOLFSSL_API int wc_AesSetIV_fips(Aes* aes, const byte* iv); - WOLFSSL_API int wc_AesCbcEncrypt_fips(Aes* aes, byte* out, const byte* in, - word32 sz); - WOLFSSL_API int wc_AesCbcDecrypt_fips(Aes* aes, byte* out, const byte* in, - word32 sz); - WOLFSSL_API int wc_AesGcmSetKey_fips(Aes* aes, const byte* key, word32 len); - WOLFSSL_API int wc_AesGcmEncrypt_fips(Aes* aes, byte* out, const byte* in, - word32 sz, const byte* iv, word32 ivSz, - byte* authTag, word32 authTagSz, - const byte* authIn, word32 authInSz); - WOLFSSL_API int wc_AesGcmDecrypt_fips(Aes* aes, byte* out, const byte* in, - word32 sz, const byte* iv, word32 ivSz, - const byte* authTag, word32 authTagSz, - const byte* authIn, word32 authInSz); -// #ifndef FIPS_NO_WRAPPERS -// /* if not impl or fips.c impl wrapper force fips calls if fips build */ -// #define AesSetKey AesSetKey_fips -// #define AesSetIV AesSetIV_fips -// #define AesCbcEncrypt AesCbcEncrypt_fips -// #define AesCbcDecrypt AesCbcDecrypt_fips -// #define AesGcmSetKey AesGcmSetKey_fips -// #define AesGcmEncrypt AesGcmEncrypt_fips -// #define AesGcmDecrypt AesGcmDecrypt_fips -// #endif /* FIPS_NO_WRAPPERS */ - -#endif /* HAVE_FIPS */ - - #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 8a16ac80d..4fe649680 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -57,7 +57,7 @@ enum { }; /* ASN Tags */ -enum ASN_Tags { +enum ASN_Tags { ASN_BOOLEAN = 0x01, ASN_INTEGER = 0x02, ASN_BIT_STRING = 0x03, @@ -114,7 +114,7 @@ enum ECC_TYPES { ECC_PREFIX_1 = 161 }; -enum Misc_ASN { +enum Misc_ASN { ASN_NAME_MAX = 256, MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */ MAX_IV_SIZE = 64, /* MAX PKCS Iv length */ @@ -134,8 +134,8 @@ enum Misc_ASN { MAX_ENCODED_SIG_SZ = 512, MAX_SIG_SZ = 256, MAX_ALGO_SZ = 20, - MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */ - MAX_SET_SZ = 5, /* enum(set | con) + length(4) */ + MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */ + MAX_SET_SZ = 5, /* enum(set | con) + length(4) */ MAX_OCTET_STR_SZ = 5, /* enum(set | con) + length(4) */ MAX_EXP_SZ = 5, /* enum(contextspec|con|exp) + length(4) */ MAX_PRSTR_SZ = 5, /* enum(prstr) + length(4) */ @@ -461,7 +461,7 @@ struct DecodedCert { #ifdef SHA_DIGEST_SIZE #define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE #else - #define SIGNER_DIGEST_SIZE 20 + #define SIGNER_DIGEST_SIZE 20 #endif /* CA Signers */ @@ -697,8 +697,8 @@ struct DecodedCRL { word32 sigLength; /* length of signature */ word32 signatureOID; /* sum of algorithm object id */ byte* signature; /* pointer into raw source, not owned */ - byte issuerHash[SHA_DIGEST_SIZE]; /* issuer hash */ - byte crlHash[SHA_DIGEST_SIZE]; /* raw crl data hash */ + byte issuerHash[SHA_DIGEST_SIZE]; /* issuer hash */ + byte crlHash[SHA_DIGEST_SIZE]; /* raw crl data hash */ byte lastDate[MAX_DATE_SIZE]; /* last date updated */ byte nextDate[MAX_DATE_SIZE]; /* next update date */ byte lastDateFormat; /* format of last date */ diff --git a/wolfssl/wolfcrypt/blake2.h b/wolfssl/wolfcrypt/blake2.h index 9415072ef..9056cc07d 100644 --- a/wolfssl/wolfcrypt/blake2.h +++ b/wolfssl/wolfcrypt/blake2.h @@ -60,7 +60,7 @@ WOLFSSL_API int wc_Blake2bFinal(Blake2b*, byte*, word32); #ifdef __cplusplus - } + } #endif #endif /* WOLF_CRYPT_BLAKE2_H */ diff --git a/wolfssl/wolfcrypt/des3.h b/wolfssl/wolfcrypt/des3.h index 8b99aeb26..e7732dcc8 100644 --- a/wolfssl/wolfcrypt/des3.h +++ b/wolfssl/wolfcrypt/des3.h @@ -29,7 +29,7 @@ #include #ifdef HAVE_FIPS -/* included for fips */ +/* included for fips @wc_fips */ #include #endif @@ -37,7 +37,7 @@ extern "C" { #endif -#ifndef HAVE_FIPS +#ifndef HAVE_FIPS /* to avoid redifinition of macros */ #define WOLFSSL_3DES_CAVIUM_MAGIC 0xBEEF0003 enum { @@ -106,27 +106,6 @@ WOLFSSL_API int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz, WOLFSSL_API void wc_Des3_FreeCavium(Des3*); #endif - -#ifdef HAVE_FIPS - /* fips wrapper calls, user can call direct */ - WOLFSSL_API int wc_Des3_SetKey_fips(Des3* des, const byte* key, const byte* iv, - int dir); - WOLFSSL_API int wc_Des3_SetIV_fips(Des3* des, const byte* iv); - WOLFSSL_API int wc_Des3_CbcEncrypt_fips(Des3* des, byte* out, const byte* in, - word32 sz); - WOLFSSL_API int wc_Des3_CbcDecrypt_fips(Des3* des, byte* out, const byte* in, - word32 sz); - #ifndef FIPS_NO_WRAPPERS - /* if not impl or fips.c impl wrapper force fips calls if fips build */ - #define Des3_SetKey Des3_SetKey_fips - #define Des3_SetIV Des3_SetIV_fips - #define Des3_CbcEncrypt Des3_CbcEncrypt_fips - #define Des3_CbcDecrypt Des3_CbcDecrypt_fips - #endif /* FIPS_NO_WRAPPERS */ - -#endif /* HAVE_FIPS */ - - #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index 44843a67c..a557cb50c 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -74,7 +74,7 @@ typedef struct { curve in dp */ const ecc_set_type* dp; /* domain parameters, either points to NIST curves (idx >= 0) or user supplied */ - ecc_point pubkey; /* public key */ + ecc_point pubkey; /* public key */ mp_int k; /* private key */ } ecc_key; @@ -148,11 +148,11 @@ enum ecMacAlgo { }; enum { - KEY_SIZE_128 = 16, - KEY_SIZE_256 = 32, + KEY_SIZE_128 = 16, + KEY_SIZE_256 = 32, IV_SIZE_64 = 8, - EXCHANGE_SALT_SZ = 16, - EXCHANGE_INFO_SZ = 23 + EXCHANGE_SALT_SZ = 16, + EXCHANGE_INFO_SZ = 23 }; enum ecFlags { @@ -187,7 +187,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, #endif /* HAVE_ECC_ENCRYPT */ #ifdef __cplusplus - } /* extern "C" */ + } /* extern "C" */ #endif #endif /* WOLF_CRYPT_ECC_H */ diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 108a972e9..75f4fbe67 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -62,7 +62,7 @@ enum { MEMORY_E = -125, /* out of memory error */ RSA_WRONG_TYPE_E = -130, /* RSA wrong block type for RSA function */ - RSA_BUFFER_E = -131, /* RSA buffer error, output too small or + RSA_BUFFER_E = -131, /* RSA buffer error, output too small or input too large */ BUFFER_E = -132, /* output buffer too small or input too large */ ALGO_ID_E = -133, /* setting algo id error */ diff --git a/wolfssl/wolfcrypt/hmac.h b/wolfssl/wolfcrypt/hmac.h index 14954eced..2be5afcee 100644 --- a/wolfssl/wolfcrypt/hmac.h +++ b/wolfssl/wolfcrypt/hmac.h @@ -168,7 +168,7 @@ WOLFSSL_API int wc_HmacFinal(Hmac*, byte*); WOLFSSL_API void wc_HmacFreeCavium(Hmac*); #endif -WOLFSSL_API int wc_wolfSSL_GetHmacMaxSize(void); +WOLFSSL_API int wolfSSL_GetHmacMaxSize(void); #ifdef HAVE_HKDF @@ -180,16 +180,6 @@ WOLFSSL_API int wc_HKDF(int type, const byte* inKey, word32 inKeySz, #endif /* HAVE_HKDF */ - -#ifdef HAVE_FIPS - /* fips wrapper calls, user can call direct */ - WOLFSSL_API int wc_HmacSetKey_fips(Hmac*, int type, const byte* key, - word32 keySz); - WOLFSSL_API int wc_HmacUpdate_fips(Hmac*, const byte*, word32); - WOLFSSL_API int wc_HmacFinal_fips(Hmac*, byte*); -#endif /* HAVE_FIPS */ - - #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/integer.h b/wolfssl/wolfcrypt/integer.h index 72028889c..b623298ed 100644 --- a/wolfssl/wolfcrypt/integer.h +++ b/wolfssl/wolfcrypt/integer.h @@ -65,7 +65,7 @@ extern "C" { /* detect 64-bit mode if possible */ -#if defined(__x86_64__) +#if defined(__x86_64__) #if !(defined(MP_64BIT) && defined(MP_16BIT) && defined(MP_8BIT)) #define MP_64BIT #endif @@ -97,8 +97,8 @@ extern "C" { #define DIGIT_BIT 60 #else /* this is the default case, 28-bit digits */ - - #if defined(_MSC_VER) || defined(__BORLANDC__) + + #if defined(_MSC_VER) || defined(__BORLANDC__) typedef unsigned __int64 ulong64; #else typedef unsigned long long ulong64; @@ -107,14 +107,14 @@ extern "C" { typedef unsigned int mp_digit; /* long could be 64 now, changed TAO */ typedef ulong64 mp_word; -#ifdef MP_31BIT +#ifdef MP_31BIT /* this is an extension that uses 31-bit digits */ #define DIGIT_BIT 31 #else /* default case is 28-bit digits, defines MP_28BIT as a handy test macro */ #define DIGIT_BIT 28 #define MP_28BIT -#endif +#endif #endif @@ -161,10 +161,10 @@ typedef int mp_err; #define MP_PREC 32 /* default digits of precision */ #else #define MP_PREC 1 /* default digits of precision */ - #endif + #endif #endif -/* size of comba arrays, should be at least 2 * 2**(BITS_PER_WORD - +/* size of comba arrays, should be at least 2 * 2**(BITS_PER_WORD - BITS_PER_DIGIT*2) */ #define MP_WARRAY (1 << (sizeof(mp_word) * CHAR_BIT - 2 * DIGIT_BIT + 1)) diff --git a/wolfssl/wolfcrypt/md5.h b/wolfssl/wolfcrypt/md5.h index 7ab3bb60f..cc58f61d1 100644 --- a/wolfssl/wolfcrypt/md5.h +++ b/wolfssl/wolfcrypt/md5.h @@ -52,7 +52,7 @@ enum { #if defined(CYASSL_PIC32MZ_HASH) || defined(WOLFSSL_PIC32MZ_HASH) #include "port/pic32/pic32mz-crypt.h" #endif - + /* MD5 digest */ typedef struct Md5 { word32 buffLen; /* in bytes */ diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index 86da46c7c..1dc60712b 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -85,7 +85,7 @@ typedef struct PKCS7 { word32 publicKeySz; byte* privateKey; /* private key, DER, not owner */ word32 privateKeySz; /* size of private key buffer, bytes */ - + PKCS7Attrib* signedAttribs; word32 signedAttribsSz; } PKCS7; diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index d89abdc83..46103192c 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -26,7 +26,7 @@ #include #ifdef HAVE_FIPS -/* for fips */ +/* for fips @wc_fips */ #include #endif @@ -34,7 +34,7 @@ extern "C" { #endif -#ifndef HAVE_FIPS +#ifndef HAVE_FIPS /* avoid redefining structs and macros */ #if defined(HAVE_HASHDRBG) || defined(NO_RC4) #ifdef NO_SHA256 #error "Hash DRBG requires SHA-256." @@ -135,26 +135,6 @@ WOLFSSL_API int wc_RNG_GenerateByte(RNG*, byte*); byte* output, word32 outputSz); #endif /* HAVE_HASHDRBG || NO_RC4 */ - -#ifdef HAVE_FIPS - /* fips wrapper calls, user can call direct */ - WOLFSSL_API int wc_InitRng_fips(RNG* rng); - WOLFSSL_API int wc_FreeRng_fips(RNG* rng); - WOLFSSL_API int wc_RNG_GenerateBlock_fips(RNG* rng, byte* buf, word32 bufSz); - WOLFSSL_API int wc_RNG_HealthTest_fips(int reseed, - const byte* entropyA, word32 entropyASz, - const byte* entropyB, word32 entropyBSz, - byte* output, word32 outputSz); - #ifndef FIPS_NO_WRAPPERS - /* if not impl or fips.c impl wrapper force fips calls if fips build */ - #define InitRng InitRng_fips - #define FreeRng FreeRng_fips - #define RNG_GenerateBlock RNG_GenerateBlock_fips - #define RNG_HealthTest RNG_HealthTest_fips - #endif /* FIPS_NO_WRAPPERS */ -#endif /* HAVE_FIPS */ - - #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index 42e234a05..2f101d9e6 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -35,13 +35,13 @@ #else #include #include -#endif +#endif /* HAVE_FIPS */ #ifdef __cplusplus extern "C" { #endif -#ifndef HAVE_FIPS +#ifndef HAVE_FIPS /* avoid redefinition of structs */ #define WOLFSSL_RSA_CAVIUM_MAGIC 0xBEEF0006 enum { @@ -110,33 +110,6 @@ WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*, WOLFSSL_API void wc_RsaFreeCavium(RsaKey*); #endif - -#ifdef HAVE_FIPS - /* fips wrapper calls, user can call direct */ - WOLFSSL_API int wc_InitRsaKey_fips(RsaKey* key, void*); - WOLFSSL_API int wc_FreeRsaKey_fips(RsaKey* key); - - WOLFSSL_API int wc_RsaPublicEncrypt_fips(const byte* in,word32 inLen,byte* out, - word32 outLen, RsaKey* key, RNG* rng); - WOLFSSL_API int wc_RsaPrivateDecryptInline_fips(byte* in, word32 inLen, - byte** out, RsaKey* key); - WOLFSSL_API int wc_RsaPrivateDecrypt_fips(const byte* in, word32 inLen, - byte* out,word32 outLen,RsaKey* key); - WOLFSSL_API int wc_RsaSSL_Sign_fips(const byte* in, word32 inLen, byte* out, - word32 outLen, RsaKey* key, RNG* rng); - WOLFSSL_API int wc_RsaSSL_VerifyInline_fips(byte* in, word32 inLen, byte** out, - RsaKey* key); - WOLFSSL_API int wc_RsaSSL_Verify_fips(const byte* in, word32 inLen, byte* out, - word32 outLen, RsaKey* key); - WOLFSSL_API int wc_RsaEncryptSize_fips(RsaKey* key); - - WOLFSSL_API int wc_RsaPrivateKeyDecode_fips(const byte* input, word32* inOutIdx, - RsaKey*, word32); - WOLFSSL_API int wc_RsaPublicKeyDecode_fips(const byte* input, word32* inOutIdx, - RsaKey*, word32); -#endif /* HAVE_FIPS */ - - #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 553d8a069..03bd56e87 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -53,7 +53,7 @@ /* Uncomment next line if using PIC32MZ Crypto Engine */ /* #define WOLFSSL_MICROCHIP_PIC32MZ */ - + /* Uncomment next line if using FreeRTOS */ /* #define FREERTOS */ @@ -86,7 +86,7 @@ /* Uncomment next line if building for EROAD */ /* #define WOLFSSL_EROAD */ - + /* Uncomment next line if building for IAR EWARM */ /* #define WOLFSSL_IAR_ARM */ @@ -124,11 +124,11 @@ #define NO_HC128 #define NO_RSA #define NO_SESSION_CACHE - #define HAVE_ECC + #define HAVE_ECC #endif -#ifdef THREADX +#ifdef THREADX #define SIZEOF_LONG_LONG 8 #endif @@ -142,8 +142,8 @@ #define SINGLE_THREADED #define WOLFSSL_USER_IO #define NO_FILESYSTEM -#endif - +#endif + #if defined(WOLFSSL_IAR_ARM) #define NO_MAIN_DRIVER #define SINGLE_THREADED @@ -154,7 +154,7 @@ #define WOLFSSL_USER_IO #define BENCH_EMBEDDED #endif - + #ifdef MICROCHIP_PIC32 /* #define WOLFSSL_MICROCHIP_PIC32MZ */ #define SIZEOF_LONG_LONG 8 @@ -271,7 +271,7 @@ #if defined(WOLFSSL_LEANPSK) && !defined(XMALLOC_USER) #include #define XMALLOC(s, h, type) malloc((s)) - #define XFREE(p, h, type) free((p)) + #define XFREE(p, h, type) free((p)) #define XREALLOC(p, n, h, t) realloc((p), (n)) #endif @@ -403,7 +403,7 @@ #include "SafeRTOS/heap.h" #define XMALLOC(s, h, type) pvPortMalloc((s)) - #define XFREE(p, h, type) vPortFree((p)) + #define XFREE(p, h, type) vPortFree((p)) #define XREALLOC(p, n, h, t) pvPortRealloc((p), (n)) #endif @@ -479,7 +479,7 @@ (CPU_CHAR *)(pstr_src), (CPU_SIZE_T)(len_max))) #define XSTRNCMP(pstr_1, pstr_2, len_max) \ ((CPU_INT16S)Str_Cmp_N((CPU_CHAR *)(pstr_1), \ - (CPU_CHAR *)(pstr_2), (CPU_SIZE_T)(len_max))) + (CPU_CHAR *)(pstr_2), (CPU_SIZE_T)(len_max))) #define XSTRSTR(pstr, pstr_srch) \ ((CPU_CHAR *)Str_Str((CPU_CHAR *)(pstr), \ (CPU_CHAR *)(pstr_srch))) @@ -494,7 +494,7 @@ #define XMEMMOVE XMEMCPY #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED) - #define MICRIUM_MALLOC + #define MICRIUM_MALLOC #define XMALLOC(s, h, type) ((void *)NetSecure_BlkGet((CPU_INT08U)(type), \ (CPU_SIZE_T)(s), (void *)0)) #define XFREE(p, h, type) (NetSecure_BlkFree((CPU_INT08U)(type), \ @@ -594,13 +594,13 @@ #endif #if (SSL_CFG_USER_RNG_SEED_EN == DEF_ENABLED) - #define NO_DEV_RANDOM + #define NO_DEV_RANDOM #else #undef NO_DEV_RANDOM #endif #if (SSL_CFG_USER_IO_EN == DEF_ENABLED) - #define WOLFSSL_USER_IO + #define WOLFSSL_USER_IO #else #undef WOLFSSL_USER_IO #endif @@ -714,8 +714,8 @@ #define WOLFSSL_GENERAL_ALIGNMENT 4 #elif defined(FREESCALE_MMCAU) #define WOLFSSL_GENERAL_ALIGNMENT WOLFSSL_MMCAU_ALIGNMENT - #else - #define WOLFSSL_GENERAL_ALIGNMENT 0 + #else + #define WOLFSSL_GENERAL_ALIGNMENT 0 #endif #endif diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index f7c60aacb..002029e28 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -29,15 +29,15 @@ #include #ifdef HAVE_FIPS -/* for fips */ +/* for fips @wc_fips */ #include #endif #ifdef __cplusplus extern "C" { #endif -#ifndef HAVE_FIPS +#ifndef HAVE_FIPS /* avoid redefining structs */ /* in bytes */ enum { #ifdef STM32F2_HASH @@ -73,22 +73,6 @@ WOLFSSL_API int wc_ShaUpdate(Sha*, const byte*, word32); WOLFSSL_API int wc_ShaFinal(Sha*, byte*); WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*); - -#ifdef HAVE_FIPS - /* fips wrapper calls, user can call direct */ - WOLFSSL_API int wc_InitSha_fips(Sha*); - WOLFSSL_API int wc_ShaUpdate_fips(Sha*, const byte*, word32); - WOLFSSL_API int wc_ShaFinal_fips(Sha*, byte*); - #ifndef FIPS_NO_WRAPPERS - /* if not impl or fips.c impl wrapper force fips calls if fips build */ - #define wc_InitSha wc_InitSha_fips - #define wc_ShaUpdate wc_ShaUpdate_fips - #define wc_ShaFinal wc_ShaFinal_fips - #endif /* FIPS_NO_WRAPPERS */ - -#endif /* HAVE_FIPS */ - - #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index 4b6907c6f..a9280a885 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -27,7 +27,7 @@ #define WOLF_CRYPT_SHA256_H #ifdef HAVE_FIPS -/* for fips */ +/* for fips @wc_fips */ #include #endif @@ -37,12 +37,11 @@ extern "C" { #endif -#ifndef HAVE_FIPS +#ifndef HAVE_FIPS /* avoid redefinition of structs */ #ifdef WOLFSSL_PIC32MZ_HASH #include "port/pic32/pic32mz-crypt.h" #endif - /* in bytes */ enum { SHA256 = 2, /* hash type unique */ @@ -70,7 +69,7 @@ WOLFSSL_API int wc_InitSha256(Sha256*); WOLFSSL_API int wc_Sha256Update(Sha256*, const byte*, word32); WOLFSSL_API int wc_Sha256Final(Sha256*, byte*); WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*); - + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index 03c3f8934..2650ca7e0 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -26,8 +26,7 @@ #include -/* since using old code turn on old macros @wc_fips */ -/* for fips */ +/* for fips @wc_fips */ #ifdef HAVE_FIPS #define CYASSL_SHA512 #if defined(WOLFSSL_SHA384) @@ -40,7 +39,7 @@ extern "C" { #endif -#ifndef HAVE_FIPS +#ifndef HAVE_FIPS /* avoid redefinition of structs */ /* in bytes */ enum { @@ -69,7 +68,7 @@ WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*); #if defined(WOLFSSL_SHA384) || defined(HAVE_AESGCM) -#ifndef HAVE_FIPS +#ifndef HAVE_FIPS /* avoid redefinition of structs */ /* in bytes */ enum { SHA384 = 5, /* hash type unique */ @@ -94,33 +93,6 @@ WOLFSSL_API int wc_Sha384Update(Sha384*, const byte*, word32); WOLFSSL_API int wc_Sha384Final(Sha384*, byte*); WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*); - -#ifdef HAVE_FIPS - /* fips wrapper calls, user can call direct */ - WOLFSSL_API int wc_InitSha512_fips(Sha512*); - WOLFSSL_API int wc_Sha512Update_fips(Sha512*, const byte*, word32); - WOLFSSL_API int wc_Sha512Final_fips(Sha512*, byte*); - #ifndef FIPS_NO_WRAPPERS - /* if not impl or fips.c impl wrapper force fips calls if fips build */ - #define wc_InitSha512 wc_InitSha512_fips - #define wc_Sha512Update wc_Sha512Update_fips - #define wc_Sha512Final wc_Sha512Final_fips - #endif /* FIPS_NO_WRAPPERS */ - - /* fips wrapper calls, user can call direct */ - WOLFSSL_API int wc_InitSha384_fips(Sha384*); - WOLFSSL_API int wc_Sha384Update_fips(Sha384*, const byte*, word32); - WOLFSSL_API int wc_Sha384Final_fips(Sha384*, byte*); - #ifndef FIPS_NO_WRAPPERS - /* if not impl or fips.c impl wrapper force fips calls if fips build */ - #define wc_InitSha384 wc_InitSha384_fips - #define wc_Sha384Update wc_Sha384Update_fips - #define wc_Sha384Final wc_Sha384Final_fips - #endif /* FIPS_NO_WRAPPERS */ - -#endif /* HAVE_FIPS */ - - #endif /* WOLFSSL_SHA384 */ #ifdef __cplusplus diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h index e128c6ec8..92889d19e 100644 --- a/wolfssl/wolfcrypt/tfm.h +++ b/wolfssl/wolfcrypt/tfm.h @@ -57,7 +57,7 @@ #ifndef NO_64BIT /* autodetect x86-64 and make sure we are using 64-bit digits with x86-64 asm */ #if defined(__x86_64__) - #if defined(TFM_X86) || defined(TFM_SSE2) || defined(TFM_ARM) + #if defined(TFM_X86) || defined(TFM_SSE2) || defined(TFM_ARM) #error x86-64 detected, x86-32/SSE2/ARM optimizations are not valid! #endif #if !defined(TFM_X86_64) && !defined(TFM_NO_ASM) @@ -82,7 +82,7 @@ /* try to detect x86-32 */ #if defined(__i386__) && !defined(TFM_SSE2) - #if defined(TFM_X86_64) || defined(TFM_ARM) + #if defined(TFM_X86_64) || defined(TFM_ARM) #error x86-32 detected, x86-64/ARM optimizations are not valid! #endif #if !defined(TFM_X86) && !defined(TFM_NO_ASM) @@ -146,7 +146,7 @@ #undef TFM_PPC32 #undef TFM_PPC64 #undef TFM_AVR32 - #undef TFM_ASM + #undef TFM_ASM #endif /* ECC helpers */ @@ -208,7 +208,7 @@ typedef unsigned long long fp_digit; /* 64bit, 128 uses mode(TI) below */ typedef unsigned long fp_word __attribute__ ((mode(TI))); #else - #if defined(_MSC_VER) || defined(__BORLANDC__) + #if defined(_MSC_VER) || defined(__BORLANDC__) typedef unsigned __int64 ulong64; #else typedef unsigned long long ulong64; @@ -278,14 +278,14 @@ typedef struct { /* externally define this symbol to ignore the default settings, useful for changing the build from the make process */ #ifndef TFM_ALREADY_SET -/* do we want the large set of small multiplications ? +/* do we want the large set of small multiplications ? Enable these if you are going to be doing a lot of small (<= 16 digit) multiplications say in ECC Or if you're on a 64-bit machine doing RSA as a 1024-bit integer == 16 digits ;-) */ /* need to refactor the function */ /*#define TFM_SMALL_SET */ -/* do we want huge code +/* do we want huge code Enable these if you are doing 20, 24, 28, 32, 48, 64 digit multiplications (useful for RSA) Less important on 64-bit machines as 32 digits == 2048 bits */ @@ -676,7 +676,7 @@ void mp_rshb(mp_int *a, int x); int mp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp); int mp_montgomery_setup(fp_int *a, fp_digit *rho); int mp_div_2(fp_int * a, fp_int * b); - int mp_init_copy(fp_int * a, fp_int * b); + int mp_init_copy(fp_int * a, fp_int * b); #endif #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) diff --git a/wolfssl/wolfcrypt/visibility.h b/wolfssl/wolfcrypt/visibility.h index 6cc4b9649..05fd4754b 100644 --- a/wolfssl/wolfcrypt/visibility.h +++ b/wolfssl/wolfcrypt/visibility.h @@ -43,7 +43,7 @@ #define WOLFSSL_API __attribute__ ((visibility("default"))) #define WOLFSSL_LOCAL __attribute__ ((visibility("hidden"))) #elif defined(__SUNPRO_C) && (__SUNPRO_C >= 0x550) - #define WOLFSSL_API __global + #define WOLFSSL_API __global #define WOLFSSL_LOCAL __hidden #elif defined(_MSC_VER) #ifdef WOLFSSL_DLL