diff --git a/configure.ac b/configure.ac index f232941c1..b9e784792 100644 --- a/configure.ac +++ b/configure.ac @@ -1067,10 +1067,18 @@ AC_ARG_ENABLE([fips], if test "x$ENABLED_FIPS" = "xyes" then + # requires thread local storage if test "$thread_ls_on" = "no" then AC_MSG_ERROR([FIPS requires Thread Local Storage]) fi + # requires SHA512 + if test "x$ENABLED_SHA512" = "xno" + then + ENABLED_SHA512="yes" + AM_CFLAGS="$AM_CFLAGS -DCYASSL_SHA512 -DCYASSL_SHA384" + AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"]) + fi AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS" fi diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index aa101fe2b..3f3e41fe8 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -652,9 +652,13 @@ void bench_sha512(void) Sha512 hash; byte digest[SHA512_DIGEST_SIZE]; double start, total, persec; - int i; + int i, ret; - InitSha512(&hash); + ret = InitSha512(&hash); + if (ret != 0) { + printf("InitSha512 failed, ret = %d\n", ret); + return; + } start = current_time(1); for(i = 0; i < numBlocks; i++) diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 664911db5..2291c1405 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -2704,7 +2704,11 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, case CTC_SHA512wECDSA: { Sha512 sha512; - InitSha512(&sha512); + ret = InitSha512(&sha512); + if (ret != 0) { + CYASSL_MSG("InitSha512 failed"); + return 0; /* not confirmed */ + } Sha512Update(&sha512, buf, bufSz); Sha512Final(&sha512, digest); typeH = SHA512h; diff --git a/ctaocrypt/src/hmac.c b/ctaocrypt/src/hmac.c index bb6dce882..113061c58 100644 --- a/ctaocrypt/src/hmac.c +++ b/ctaocrypt/src/hmac.c @@ -92,7 +92,7 @@ static int InitHmac(Hmac* hmac, int type) #ifdef CYASSL_SHA512 case SHA512: - InitSha512(&hmac->hash.sha512); + ret = InitSha512(&hmac->hash.sha512); break; #endif diff --git a/ctaocrypt/src/pwdbased.c b/ctaocrypt/src/pwdbased.c index 72f5f1761..b32fcd02c 100644 --- a/ctaocrypt/src/pwdbased.c +++ b/ctaocrypt/src/pwdbased.c @@ -302,7 +302,9 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt, else if (hashType == SHA512) { Sha512 sha512; - InitSha512(&sha512); + ret = InitSha512(&sha512); + if (ret != 0) + break; Sha512Update(&sha512, buffer, totalLen); Sha512Final(&sha512, Ai); diff --git a/ctaocrypt/src/sha512.c b/ctaocrypt/src/sha512.c index 2766f0a0a..a1759f53b 100644 --- a/ctaocrypt/src/sha512.c +++ b/ctaocrypt/src/sha512.c @@ -27,6 +27,11 @@ #ifdef CYASSL_SHA512 +#ifdef HAVE_FIPS + /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ + #define FIPS_NO_WRAPPERS +#endif + #include #ifdef NO_INLINE #include @@ -45,7 +50,7 @@ #endif /* min */ -void InitSha512(Sha512* sha512) +int InitSha512(Sha512* sha512) { sha512->digest[0] = W64LIT(0x6a09e667f3bcc908); sha512->digest[1] = W64LIT(0xbb67ae8584caa73b); @@ -59,6 +64,8 @@ void InitSha512(Sha512* sha512) sha512->buffLen = 0; sha512->loLen = 0; sha512->hiLen = 0; + + return 0; } @@ -190,7 +197,7 @@ static INLINE void AddLength(Sha512* sha512, word32 len) } -void Sha512Update(Sha512* sha512, const byte* data, word32 len) +int Sha512Update(Sha512* sha512, const byte* data, word32 len) { /* do block size increments */ byte* local = (byte*)sha512->buffer; @@ -213,10 +220,11 @@ void Sha512Update(Sha512* sha512, const byte* data, word32 len) sha512->buffLen = 0; } } + return 0; } -void Sha512Final(Sha512* sha512, byte* hash) +int Sha512Final(Sha512* sha512, byte* hash) { byte* local = (byte*)sha512->buffer; @@ -256,7 +264,7 @@ void Sha512Final(Sha512* sha512, byte* hash) #endif XMEMCPY(hash, sha512->digest, SHA512_DIGEST_SIZE); - InitSha512(sha512); /* reset state */ + return InitSha512(sha512); /* reset state */ } diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index 4b7f556f0..d4bc3411d 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -991,6 +991,7 @@ int sha512_test(void) { Sha512 sha; byte hash[SHA512_DIGEST_SIZE]; + int ret; testVector a, b; testVector test_sha[2]; @@ -1018,7 +1019,9 @@ int sha512_test(void) test_sha[0] = a; test_sha[1] = b; - InitSha512(&sha); + ret = InitSha512(&sha); + if (ret != 0) + return -4009; for (i = 0; i < times; ++i) { Sha512Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen); diff --git a/cyassl/ctaocrypt/sha512.h b/cyassl/ctaocrypt/sha512.h index d9e749750..bf88e4ceb 100644 --- a/cyassl/ctaocrypt/sha512.h +++ b/cyassl/ctaocrypt/sha512.h @@ -51,9 +51,9 @@ typedef struct Sha512 { } Sha512; -CYASSL_API void InitSha512(Sha512*); -CYASSL_API void Sha512Update(Sha512*, const byte*, word32); -CYASSL_API void Sha512Final(Sha512*, byte*); +CYASSL_API int InitSha512(Sha512*); +CYASSL_API int Sha512Update(Sha512*, const byte*, word32); +CYASSL_API int Sha512Final(Sha512*, byte*); #if defined(CYASSL_SHA384) || defined(HAVE_AESGCM) @@ -81,6 +81,22 @@ CYASSL_API void InitSha384(Sha384*); CYASSL_API void Sha384Update(Sha384*, const byte*, word32); CYASSL_API void Sha384Final(Sha384*, byte*); + +#ifdef HAVE_FIPS + /* fips wrapper calls, user can call direct */ + CYASSL_API int InitSha512_fips(Sha512*); + CYASSL_API int Sha512Update_fips(Sha512*, const byte*, word32); + CYASSL_API int Sha512Final_fips(Sha512*, byte*); + #ifndef FIPS_NO_WRAPPERS + /* if not impl or fips.c impl wrapper force fips calls if fips build */ + #define InitSha512 InitSha512_fips + #define Sha512Update Sha512Update_fips + #define Sha512Final Sha512Final_fips + #endif /* FIPS_NO_WRAPPERS */ + +#endif /* HAVE_FIPS */ + + #endif /* CYASSL_SHA384 */ #ifdef __cplusplus diff --git a/mcapi/crypto.c b/mcapi/crypto.c index 294a6401c..64a719a57 100644 --- a/mcapi/crypto.c +++ b/mcapi/crypto.c @@ -207,9 +207,7 @@ int CRYPT_SHA512_Initialize(CRYPT_SHA512_CTX* sha512) if (sha512 == NULL) return BAD_FUNC_ARG; - InitSha512((Sha512*)sha512); - - return 0; + return InitSha512((Sha512*)sha512); } diff --git a/mcapi/mcapi_test.c b/mcapi/mcapi_test.c index 445b6ae58..597083b9c 100644 --- a/mcapi/mcapi_test.c +++ b/mcapi/mcapi_test.c @@ -279,7 +279,7 @@ static int check_sha256(void) CRYPT_SHA256_Initialize(&mcSha256); ret = InitSha256(&defSha256); if (ret != 0) { - printf("sha init default failed\n"); + printf("sha256 init default failed\n"); return -1; } @@ -335,7 +335,11 @@ static int check_sha512(void) byte defDigest[SHA512_DIGEST_SIZE]; CRYPT_SHA512_Initialize(&mcSha512); - InitSha512(&defSha512); + ret = InitSha512(&defSha512); + if (ret != 0) { + printf("sha512 init default failed\n"); + return -1; + } CRYPT_SHA512_DataAdd(&mcSha512, ourData, OUR_DATA_SIZE); Sha512Update(&defSha512, ourData, OUR_DATA_SIZE); diff --git a/src/internal.c b/src/internal.c index 044342304..92d8a30dd 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4486,7 +4486,7 @@ static INLINE void Sha512Rounds(int rounds, const byte* data, int sz) Sha512 sha512; int i; - InitSha512(&sha512); + InitSha512(&sha512); /* no error check on purpose, dummy round */ for (i = 0; i < rounds; i++) Sha512Update(&sha512, data, sz); diff --git a/src/ssl.c b/src/ssl.c index cc87e9415..1fb458e8c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -6592,7 +6592,7 @@ int CyaSSL_set_compression(CYASSL* ssl) (void)sizeof(sha_test); CYASSL_ENTER("SHA512_Init"); - InitSha512((Sha512*)sha); + InitSha512((Sha512*)sha); /* OpenSSL compat, no error */ } diff --git a/tests/hash.c b/tests/hash.c index a2354ebbd..a17d2695f 100644 --- a/tests/hash.c +++ b/tests/hash.c @@ -402,6 +402,7 @@ int sha512_test(void) { Sha512 sha; byte hash[SHA512_DIGEST_SIZE]; + int ret; testVector a, b; testVector test_sha[2]; @@ -429,7 +430,9 @@ int sha512_test(void) test_sha[0] = a; test_sha[1] = b; - InitSha512(&sha); + ret = InitSha512(&sha); + if (ret != 0) + return -4009; for (i = 0; i < times; ++i) { Sha512Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);