feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

FIPS on Solaris

Browse Source
This commit is contained in:
Tesfa Mael
2020-05-08 14:28:14 -07:00
parent 88b8ea04f6
commit f894d4c0d2
3 changed files with 52 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
fips-check.sh
View File

@@ -34,6 +34,7 @@ Platform is one of:
fips-ready fips-ready
stm32l4-v2 (FIPSv2, use for STM32L4) stm32l4-v2 (FIPSv2, use for STM32L4)
wolfrand wolfrand
solaris
Keep (default off) retains the XXX-fips-test temp dir for inspection. Keep (default off) retains the XXX-fips-test temp dir for inspection.
Example: Example:
@@ -41,6 +42,8 @@ Example:
usageText usageText
} }
MAKE=make
LINUX_FIPS_VERSION=v3.2.6 LINUX_FIPS_VERSION=v3.2.6
LINUX_FIPS_REPO=git@github.com:wolfSSL/fips.git LINUX_FIPS_REPO=git@github.com:wolfSSL/fips.git
LINUX_CRYPT_VERSION=v3.2.6 LINUX_CRYPT_VERSION=v3.2.6
@@ -229,6 +232,19 @@ wolfrand)
FIPS_INCS=( fips.h ) FIPS_INCS=( fips.h )
FIPS_OPTION=rand FIPS_OPTION=rand
;; ;;
solaris)
FIPS_VERSION=WCv4-stable
FIPS_REPO=git@github.com:wolfssl/fips.git
CRYPT_VERSION=WCv4-stable
CRYPT_INC_PATH=wolfssl/wolfcrypt
CRYPT_SRC_PATH=wolfcrypt/src
WC_MODS+=( cmac dh ecc sha3 )
RNG_VERSION=WCv4-rng-stable
FIPS_SRCS+=( wolfcrypt_first.c wolfcrypt_last.c )
FIPS_INCS=( fips.h )
FIPS_OPTION=v2
MAKE=gmake
;;
*) *)
Usage Usage
exit 1 exit 1
@@ -321,7 +337,7 @@ then
else else
./configure --enable-fips=$FIPS_OPTION ./configure --enable-fips=$FIPS_OPTION
fi fi
if ! make; then if ! $MAKE; then
echo "fips-check: Make failed. Debris left for analysis." echo "fips-check: Make failed. Debris left for analysis."
exit 3 exit 3
fi fi
@@ -331,11 +347,11 @@ then
NEWHASH=$(./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p') NEWHASH=$(./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p')
if [ -n "$NEWHASH" ]; then if [ -n "$NEWHASH" ]; then
sed -i.bak "s/^\".*\";/\"${NEWHASH}\";/" $CRYPT_SRC_PATH/fips_test.c sed -i.bak "s/^\".*\";/\"${NEWHASH}\";/" $CRYPT_SRC_PATH/fips_test.c
make clean $MAKE clean
fi fi
fi fi
if ! make test; then if ! $MAKE test; then
echo "fips-check: Test failed. Debris left for analysis." echo "fips-check: Test failed. Debris left for analysis."
exit 3 exit 3
fi fi

22
wolfcrypt/test/test.c
View File

@@ -12360,7 +12360,7 @@ static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
FreeDecodedCert(&decode); FreeDecodedCert(&decode);
#endif #endif
ret = SaveDerAndPem(der, certSz, certDerFile, certPemFile, ret = SaveDerAndPem(der, certSz, certDerFile, certPemFile,
CERT_TYPE, -5578); CERT_TYPE, -5578);
if (ret != 0) { if (ret != 0) {
goto exit_rsa; goto exit_rsa;
@@ -12523,7 +12523,7 @@ static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
FreeDecodedCert(&decode); FreeDecodedCert(&decode);
#endif #endif
ret = SaveDerAndPem(der, certSz, otherCertDerFile, otherCertPemFile, ret = SaveDerAndPem(der, certSz, otherCertDerFile, otherCertPemFile,
CERT_TYPE, -5598); CERT_TYPE, -5598);
if (ret != 0) { if (ret != 0) {
goto exit_rsa; goto exit_rsa;
@@ -12714,7 +12714,7 @@ static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp)
FreeDecodedCert(&decode); FreeDecodedCert(&decode);
#endif #endif
ret = SaveDerAndPem(der, certSz, certEccRsaDerFile, certEccRsaPemFile, ret = SaveDerAndPem(der, certSz, certEccRsaDerFile, certEccRsaPemFile,
CERT_TYPE, -5616); CERT_TYPE, -5616);
if (ret != 0) { if (ret != 0) {
goto exit_rsa; goto exit_rsa;
@@ -12786,7 +12786,7 @@ static int rsa_keygen_test(WC_RNG* rng)
ERROR_OUT(-7667, exit_rsa); ERROR_OUT(-7667, exit_rsa);
} }
ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile, ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile,
PRIVATEKEY_TYPE, -5555); PRIVATEKEY_TYPE, -5555);
if (ret != 0) { if (ret != 0) {
goto exit_rsa; goto exit_rsa;
@@ -13736,7 +13736,7 @@ int rsa_test(void)
FreeDecodedCert(&decode); FreeDecodedCert(&decode);
#endif #endif
ret = SaveDerAndPem(der, certSz, "./ntru-cert.der", "./ntru-cert.pem", ret = SaveDerAndPem(der, certSz, "./ntru-cert.der", "./ntru-cert.pem",
CERT_TYPE, -5637); CERT_TYPE, -5637);
if (ret != 0) { if (ret != 0) {
goto exit_rsa; goto exit_rsa;
@@ -13841,7 +13841,7 @@ int rsa_test(void)
} }
derSz = ret; derSz = ret;
ret = SaveDerAndPem(der, derSz, certReqDerFile, certReqPemFile, ret = SaveDerAndPem(der, derSz, certReqDerFile, certReqPemFile,
CERTREQ_TYPE, -5650); CERTREQ_TYPE, -5650);
if (ret != 0) { if (ret != 0) {
goto exit_rsa; goto exit_rsa;
@@ -14629,7 +14629,7 @@ int dsa_test(void)
return -8013; return -8013;
} }
ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile, ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile,
DSA_PRIVATEKEY_TYPE, -5814); DSA_PRIVATEKEY_TYPE, -5814);
if (ret != 0) { if (ret != 0) {
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -18487,7 +18487,7 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize)
ERROR_OUT(derSz, done); ERROR_OUT(derSz, done);
} }
ret = SaveDerAndPem(der, derSz, eccCaKeyTempFile, eccCaKeyPemFile, ret = SaveDerAndPem(der, derSz, eccCaKeyTempFile, eccCaKeyPemFile,
ECC_PRIVATEKEY_TYPE, -8347); ECC_PRIVATEKEY_TYPE, -8347);
if (ret != 0) { if (ret != 0) {
goto done; goto done;
@@ -19924,7 +19924,7 @@ static int ecc_test_cert_gen(WC_RNG* rng)
FreeDecodedCert(&decode); FreeDecodedCert(&decode);
#endif #endif
ret = SaveDerAndPem(der, certSz, certEccDerFile, certEccPemFile, ret = SaveDerAndPem(der, certSz, certEccDerFile, certEccPemFile,
CERT_TYPE, -6735); CERT_TYPE, -6735);
if (ret != 0) { if (ret != 0) {
goto exit; goto exit;
@@ -27921,13 +27921,15 @@ int mutex_test(void)
return -12701; return -12701;
if (wc_LockMutex(&m) != 0) if (wc_LockMutex(&m) != 0)
return -12702; return -12702;
#if !defined(WOLFSSL_SOLARIS)
if (wc_FreeMutex(&m) != BAD_MUTEX_E) if (wc_FreeMutex(&m) != BAD_MUTEX_E)
return -12703; return -12703;
#endif
if (wc_UnLockMutex(&m) != 0) if (wc_UnLockMutex(&m) != 0)
return -12704; return -12704;
if (wc_FreeMutex(&m) != 0) if (wc_FreeMutex(&m) != 0)
return -12705; return -12705;
#ifndef WOLFSSL_NO_MUTEXLOCK_AFTER_FREE #if !defined(WOLFSSL_NO_MUTEXLOCK_AFTER_FREE)
if (wc_LockMutex(&m) != BAD_MUTEX_E) if (wc_LockMutex(&m) != BAD_MUTEX_E)
return -12706; return -12706;
if (wc_UnLockMutex(&m) != BAD_MUTEX_E) if (wc_UnLockMutex(&m) != BAD_MUTEX_E)

22
wolfssl/wolfcrypt/settings.h
View File

@@ -209,6 +209,9 @@
/* Uncomment next line if using RENESAS RX64N */ /* Uncomment next line if using RENESAS RX64N */
/* #define WOLFSSL_RENESAS_RX65N */ /* #define WOLFSSL_RENESAS_RX65N */
/* Uncomment next line if using Solaris OS*/
/* #define WOLFSSL_SOLARIS */
#include <wolfssl/wolfcrypt/visibility.h> #include <wolfssl/wolfcrypt/visibility.h>
#ifdef WOLFSSL_USER_SETTINGS #ifdef WOLFSSL_USER_SETTINGS
@@ -703,7 +706,7 @@ extern void uITRON4_free(void *p) ;
https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */ https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */
#if !defined(USE_FAST_MATH) || defined(HAVE_ED25519) || defined(HAVE_ED448) #if !defined(USE_FAST_MATH) || defined(HAVE_ED25519) || defined(HAVE_ED448)
#if defined(WOLFSSL_ESPIDF) #if defined(WOLFSSL_ESPIDF)
/*In IDF, realloc(p, n) is equivalent to /*In IDF, realloc(p, n) is equivalent to
heap_caps_realloc(p, s, MALLOC_CAP_8BIT) */ heap_caps_realloc(p, s, MALLOC_CAP_8BIT) */
#define XREALLOC(p, n, h, t) realloc((p), (n)) #define XREALLOC(p, n, h, t) realloc((p), (n))
#else #else
@@ -1400,6 +1403,23 @@ extern void uITRON4_free(void *p) ;
#endif #endif
#endif /* MICRIUM */ #endif /* MICRIUM */
#if defined(sun) || defined(__sun)
# if defined(__SVR4) || defined(__svr4__)
/* Solaris */
#ifndef WOLFSSL_SOLARIS
#define WOLFSSL_SOLARIS
#endif
# else
/* SunOS */
# endif
#endif
#ifdef WOLFSSL_SOLARIS
#define WOLFSSL_NO_MUTEXLOCK_AFTER_FREE
/* Avoid naming clash with fp_zero from math.h > ieefp.h */
#define WOLFSSL_DH_CONST
#endif
#ifdef WOLFSSL_MCF5441X #ifdef WOLFSSL_MCF5441X
#define BIG_ENDIAN_ORDER #define BIG_ENDIAN_ORDER
#ifndef SIZEOF_LONG #ifndef SIZEOF_LONG