SHA512 fips mode

configure.ac

@@ -1067,10 +1067,18 @@ AC_ARG_ENABLE([fips],
 
 if test "x$ENABLED_FIPS" = "xyes"
 then
+    # requires thread local storage
     if test "$thread_ls_on" = "no"
     then
         AC_MSG_ERROR([FIPS requires Thread Local Storage])
     fi
+    # requires SHA512
+    if test "x$ENABLED_SHA512" = "xno"
+    then
+        ENABLED_SHA512="yes"
+        AM_CFLAGS="$AM_CFLAGS -DCYASSL_SHA512 -DCYASSL_SHA384"
+        AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
+    fi
     AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
 fi
 

ctaocrypt/benchmark/benchmark.c

@@ -652,9 +652,13 @@ void bench_sha512(void)
     Sha512 hash;
     byte   digest[SHA512_DIGEST_SIZE];
     double start, total, persec;
-    int    i;
+    int    i, ret;
         
-    InitSha512(&hash);
+    ret = InitSha512(&hash);
+    if (ret != 0) {
+        printf("InitSha512 failed, ret = %d\n", ret);
+        return;
+    }
     start = current_time(1);
     
     for(i = 0; i < numBlocks; i++)

ctaocrypt/src/asn.c

@@ -2704,7 +2704,11 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
         case CTC_SHA512wECDSA:
         {
             Sha512 sha512;
-            InitSha512(&sha512);
+            ret = InitSha512(&sha512);
+            if (ret != 0) {
+                CYASSL_MSG("InitSha512 failed");
+                return 0;  /*  not confirmed */
+            }
             Sha512Update(&sha512, buf, bufSz);
             Sha512Final(&sha512, digest);
             typeH    = SHA512h;

ctaocrypt/src/hmac.c

@@ -92,7 +92,7 @@ static int InitHmac(Hmac* hmac, int type)
         
         #ifdef CYASSL_SHA512
         case SHA512:
-            InitSha512(&hmac->hash.sha512);
+            ret = InitSha512(&hmac->hash.sha512);
         break;
         #endif
         

ctaocrypt/src/pwdbased.c

@@ -302,7 +302,9 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
         else if (hashType == SHA512) {
             Sha512 sha512;
 
-            InitSha512(&sha512);
+            ret = InitSha512(&sha512);
+            if (ret != 0)
+                break;
             Sha512Update(&sha512, buffer, totalLen);
             Sha512Final(&sha512, Ai);
 

ctaocrypt/src/sha512.c

@@ -27,6 +27,11 @@
 
 #ifdef CYASSL_SHA512
 
+#ifdef HAVE_FIPS
+    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
+    #define FIPS_NO_WRAPPERS
+#endif
+
 #include <cyassl/ctaocrypt/sha512.h>
 #ifdef NO_INLINE
     #include <cyassl/ctaocrypt/misc.h>
@@ -45,7 +50,7 @@
 #endif /* min */
 
 
-void InitSha512(Sha512* sha512)
+int InitSha512(Sha512* sha512)
 {
     sha512->digest[0] = W64LIT(0x6a09e667f3bcc908);
     sha512->digest[1] = W64LIT(0xbb67ae8584caa73b);
@@ -59,6 +64,8 @@ void InitSha512(Sha512* sha512)
     sha512->buffLen = 0;
     sha512->loLen   = 0;
     sha512->hiLen   = 0;
+
+    return 0;
 }
 
 
@@ -190,7 +197,7 @@ static INLINE void AddLength(Sha512* sha512, word32 len)
 }
 
 
-void Sha512Update(Sha512* sha512, const byte* data, word32 len)
+int Sha512Update(Sha512* sha512, const byte* data, word32 len)
 {
     /* do block size increments */
     byte* local = (byte*)sha512->buffer;
@@ -213,10 +220,11 @@ void Sha512Update(Sha512* sha512, const byte* data, word32 len)
             sha512->buffLen = 0;
         }
     }
+    return 0;
 }
 
 
-void Sha512Final(Sha512* sha512, byte* hash)
+int Sha512Final(Sha512* sha512, byte* hash)
 {
     byte* local = (byte*)sha512->buffer;
 
@@ -256,7 +264,7 @@ void Sha512Final(Sha512* sha512, byte* hash)
     #endif
     XMEMCPY(hash, sha512->digest, SHA512_DIGEST_SIZE);
 
-    InitSha512(sha512);  /* reset state */
+    return InitSha512(sha512);  /* reset state */
 }
 
 

ctaocrypt/test/test.c

@@ -991,6 +991,7 @@ int sha512_test(void)
 {
     Sha512 sha;
     byte   hash[SHA512_DIGEST_SIZE];
+    int    ret;
 
     testVector a, b;
     testVector test_sha[2];
@@ -1018,7 +1019,9 @@ int sha512_test(void)
     test_sha[0] = a;
     test_sha[1] = b;
 
-    InitSha512(&sha);
+    ret = InitSha512(&sha);
+    if (ret != 0)
+        return -4009;
 
     for (i = 0; i < times; ++i) {
         Sha512Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);

cyassl/ctaocrypt/sha512.h

@@ -51,9 +51,9 @@ typedef struct Sha512 {
 } Sha512;
 
 
-CYASSL_API void InitSha512(Sha512*);
+CYASSL_API int InitSha512(Sha512*);
-CYASSL_API void Sha512Update(Sha512*, const byte*, word32);
+CYASSL_API int Sha512Update(Sha512*, const byte*, word32);
-CYASSL_API void Sha512Final(Sha512*, byte*);
+CYASSL_API int Sha512Final(Sha512*, byte*);
 
 
 #if defined(CYASSL_SHA384) || defined(HAVE_AESGCM)
@@ -81,6 +81,22 @@ CYASSL_API void InitSha384(Sha384*);
 CYASSL_API void Sha384Update(Sha384*, const byte*, word32);
 CYASSL_API void Sha384Final(Sha384*, byte*);
 
+
+#ifdef HAVE_FIPS
+    /* fips wrapper calls, user can call direct */
+    CYASSL_API int InitSha512_fips(Sha512*);
+    CYASSL_API int Sha512Update_fips(Sha512*, const byte*, word32);
+    CYASSL_API int Sha512Final_fips(Sha512*, byte*);
+    #ifndef FIPS_NO_WRAPPERS
+        /* if not impl or fips.c impl wrapper force fips calls if fips build */
+        #define InitSha512   InitSha512_fips
+        #define Sha512Update Sha512Update_fips
+        #define Sha512Final  Sha512Final_fips
+    #endif /* FIPS_NO_WRAPPERS */
+
+#endif /* HAVE_FIPS */
+
+
 #endif /* CYASSL_SHA384 */
 
 #ifdef __cplusplus

mcapi/crypto.c

@@ -207,9 +207,7 @@ int CRYPT_SHA512_Initialize(CRYPT_SHA512_CTX* sha512)
     if (sha512 == NULL)
         return BAD_FUNC_ARG;
 
-    InitSha512((Sha512*)sha512);
+    return InitSha512((Sha512*)sha512);
-
-    return 0;
 }
 
 

mcapi/mcapi_test.c

@@ -279,7 +279,7 @@ static int check_sha256(void)
     CRYPT_SHA256_Initialize(&mcSha256);
     ret = InitSha256(&defSha256);
     if (ret != 0) {
-        printf("sha init default failed\n");
+        printf("sha256 init default failed\n");
         return -1;
     }
 
@@ -335,7 +335,11 @@ static int check_sha512(void)
     byte             defDigest[SHA512_DIGEST_SIZE];
 
     CRYPT_SHA512_Initialize(&mcSha512);
-    InitSha512(&defSha512);
+    ret = InitSha512(&defSha512);
+    if (ret != 0) {
+        printf("sha512 init default failed\n");
+        return -1;
+    }
 
     CRYPT_SHA512_DataAdd(&mcSha512, ourData, OUR_DATA_SIZE);
     Sha512Update(&defSha512, ourData, OUR_DATA_SIZE);

src/internal.c

@@ -4486,7 +4486,7 @@ static INLINE void Sha512Rounds(int rounds, const byte* data, int sz)
     Sha512 sha512;
     int i;
 
-    InitSha512(&sha512);
+    InitSha512(&sha512);  /* no error check on purpose, dummy round */
 
     for (i = 0; i < rounds; i++)
         Sha512Update(&sha512, data, sz);

src/ssl.c

@@ -6592,7 +6592,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
         (void)sizeof(sha_test);
 
         CYASSL_ENTER("SHA512_Init");
-        InitSha512((Sha512*)sha);
+        InitSha512((Sha512*)sha);  /* OpenSSL compat, no error */
     }
 
 

tests/hash.c

@@ -402,6 +402,7 @@ int sha512_test(void)
 {
     Sha512 sha;
     byte   hash[SHA512_DIGEST_SIZE];
+    int    ret;
 
     testVector a, b;
     testVector test_sha[2];
@@ -429,7 +430,9 @@ int sha512_test(void)
     test_sha[0] = a;
     test_sha[1] = b;
 
-    InitSha512(&sha);
+    ret = InitSha512(&sha);
+    if (ret != 0)
+        return -4009;
 
     for (i = 0; i < times; ++i) {
         Sha512Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);