Make mp_get_digit refactor FIPS friendly.

tests/api/test_wolfmath.c

@@ -46,8 +46,13 @@ int test_mp_get_digit_count(void)
 
     ExpectIntEQ(mp_init(&a), 0);
 
+#ifdef HAVE_FIPS
+    ExpectIntEQ(get_digit_count(NULL), 0);
+    ExpectIntEQ(get_digit_count(&a), 0);
+#else
     ExpectIntEQ(mp_get_digit_count(NULL), 0);
     ExpectIntEQ(mp_get_digit_count(&a), 0);
+#endif
 
     mp_clear(&a);
 #endif
@@ -67,8 +72,13 @@ int test_mp_get_digit(void)
     XMEMSET(&a, 0, sizeof(mp_int));
 
     ExpectIntEQ(mp_init(&a), MP_OKAY);
+#ifdef HAVE_FIPS
+    ExpectIntEQ(get_digit(NULL, n), 0);
+    ExpectIntEQ(get_digit(&a, n), 0);
+#else
     ExpectIntEQ(mp_get_digit(NULL, n), 0);
     ExpectIntEQ(mp_get_digit(&a, n), 0);
+#endif
 
     mp_clear(&a);
 #endif
@@ -89,10 +99,17 @@ int test_mp_get_rand_digit(void)
 
     ExpectIntEQ(wc_InitRng(&rng), 0);
 
+#ifdef HAVE_FIPS
+    ExpectIntEQ(get_rand_digit(&rng, &d), 0);
+    ExpectIntEQ(get_rand_digit(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(get_rand_digit(NULL, &d), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(get_rand_digit(&rng, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#else
     ExpectIntEQ(mp_get_rand_digit(&rng, &d), 0);
     ExpectIntEQ(mp_get_rand_digit(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(mp_get_rand_digit(NULL, &d), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(mp_get_rand_digit(&rng, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
 #endif

wolfcrypt/src/wolfmath.c

@@ -85,7 +85,11 @@ void mp_reverse(unsigned char *s, int len)
     }
 }
 
+#ifdef HAVE_FIPS
+int get_digit_count(const mp_int* a)
+#else
 int mp_get_digit_count(const mp_int* a)
+#endif
 {
     if (a == NULL)
         return 0;
@@ -93,7 +97,11 @@ int mp_get_digit_count(const mp_int* a)
     return (int)a->used;
 }
 
+#ifdef HAVE_FIPS
+mp_digit get_digit(const mp_int* a, int n)
+#else
 mp_digit mp_get_digit(const mp_int* a, int n)
+#endif
 {
     if (a == NULL)
         return 0;
@@ -138,10 +146,18 @@ int mp_cond_copy(mp_int* a, int copy, mp_int* b)
          * mp_get_digit() returns 0 when index greater than available digit.
          */
         for (i = 0; i < a->used; i++) {
+#ifdef HAVE_FIPS
+            b->dp[i] ^= (get_digit(a, (int)i) ^ get_digit(b, (int)i)) & mask;
+#else
             b->dp[i] ^= (mp_get_digit(a, (int)i) ^ mp_get_digit(b, (int)i)) & mask;
+#endif
         }
         for (; i < b->used; i++) {
+#ifdef HAVE_FIPS
+            b->dp[i] ^= (get_digit(a, (int)i) ^ get_digit(b, (int)i)) & mask;
+#else
             b->dp[i] ^= (mp_get_digit(a, (int)i) ^ mp_get_digit(b, (int)i)) & mask;
+#endif
         }
         b->used ^= (a->used ^ b->used) & (wc_mp_size_t)mask;
 #if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \
@@ -156,7 +172,11 @@ int mp_cond_copy(mp_int* a, int copy, mp_int* b)
 
 
 #ifndef WC_NO_RNG
+#ifdef HAVE_FIPS
+int get_rand_digit(WC_RNG* rng, mp_digit* d)
+#else
 int mp_get_rand_digit(WC_RNG* rng, mp_digit* d)
+#endif
 {
     return wc_RNG_GenerateBlock(rng, (byte*)d, sizeof(mp_digit));
 }

wolfssl/wolfcrypt/wolfmath.h

@@ -83,9 +83,15 @@ This library provides big integer math functions.
 
 #if !defined(NO_BIG_INT)
 /* common math functions */
+#ifdef HAVE_FIPS
+MP_API int get_digit_count(const mp_int* a);
+MP_API mp_digit get_digit(const mp_int* a, int n);
+MP_API int get_rand_digit(WC_RNG* rng, mp_digit* d);
+#else
 MP_API int mp_get_digit_count(const mp_int* a);
 MP_API mp_digit mp_get_digit(const mp_int* a, int n);
 MP_API int mp_get_rand_digit(WC_RNG* rng, mp_digit* d);
+#endif
 WOLFSSL_LOCAL void mp_reverse(unsigned char *s, int len);
 
 WOLFSSL_API int mp_cond_copy(mp_int* a, int copy, mp_int* b);