diff --git a/configure.ac b/configure.ac index 977f4527c..4ea1bd842 100644 --- a/configure.ac +++ b/configure.ac @@ -4395,6 +4395,26 @@ then fi +# When building for wolfRand, strip out all options to disable everything. +AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$FIPS_VERSION" = "xrand"], +[NEW_AM_CFLAGS="-DNO_AES -DNO_DH -DNO_ASN -DNO_RSA -DNO_SHA -DNO_MD5 -DNO_BIG_INT" +for v in $AM_CFLAGS +do + case $v in +-DHAVE_FFDHE_2048 | -DTFM_TIMING_RESISTANT | -DECC_TIMING_RESISTANT | \ +-DWC_RSA_BLINDING | -DHAVE_AESGCM | -DWOLFSSL_SHA512 | -DWOLFSSL_SHA384 | \ +-DHAVE_ECC | -DTFM_ECC256 | -DECC_SHAMIR | -DHAVE_TLS_EXTENSIONS | \ +-DHAVE_SUPPORTED_CURVES | -DHAVE_EXTENDED_MASTER | -DUSE_FAST_MATH) + AS_ECHO(["ignoring $v"]) + ;; + *) + NEW_AM_CFLAGS="$NEW_AM_CFLAGS $v" + ;; + esac +done +AM_CFLAGS=$NEW_AM_CFLAGS]) + + ################################################################################ # Check for build-type conflicts # ################################################################################ diff --git a/fips-check.sh b/fips-check.sh index e03bda0fc..0046159ff 100755 --- a/fips-check.sh +++ b/fips-check.sh @@ -33,6 +33,7 @@ Platform is one of: linuxv2 (FIPSv2, use for Win10) fips-ready stm32l4-v2 (FIPSv2, use for STM32L4) + wolfrand Keep (default off) retains the XXX-fips-test temp dir for inspection. Example: @@ -215,6 +216,19 @@ stm32l4-v2) FIPS_INCS=( fips.h ) FIPS_OPTION=v2 ;; +wolfrand) + FIPS_REPO=git@github.com:wolfssl/fips.git + FIPS_VERSION=WRv4-stable + CRYPT_REPO=git@github.com:wolfssl/wolfssl.git + CRYPT_VERSION=WCv4-stable + CRYPT_INC_PATH=wolfssl/wolfcrypt + CRYPT_SRC_PATH=wolfcrypt/src + RNG_VERSION=WCv4-rng-stable + WC_MODS=( hmac sha256 random ) + FIPS_SRCS+=( wolfcrypt_first.c wolfcrypt_last.c ) + FIPS_INCS=( fips.h ) + FIPS_OPTION=rand + ;; *) Usage exit 1 @@ -254,7 +268,7 @@ then cp "old-tree/$CRYPT_SRC_PATH/random.c" $CRYPT_SRC_PATH cp "old-tree/$CRYPT_INC_PATH/random.h" $CRYPT_INC_PATH fi -elif [ "x$FIPS_OPTION" == "xv2" ] +elif [ "x$FIPS_OPTION" == "xv2" ] || [ "x$FIPS_OPTION" == "xrand" ] then $GIT branch --no-track "my$CRYPT_VERSION" $CRYPT_VERSION # Checkout the fips versions of the wolfCrypt files from the repo.