wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

FIPS Revalidation/Test Fixes

Browse Source 
1. For FIPSv2 builds, changed the FP_MAX_BITS to 6144.
2. Fixed bug in HMAC-SHA-3 where the digest size was being used instead of the block size for processing the key.
This commit is contained in:
John Safranek
2018-03-26 17:30:07 -07:00
parent 8fb3a0c078
commit 27470aa704
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@@ -2043,7 +2043,7 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS" AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
# Add the FIPS flag. # Add the FIPS flag.
AS_IF([test "x$FIPS_VERSION" = "xv2"], AS_IF([test "x$FIPS_VERSION" = "xv2"],
[AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING" [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DFP_MAX_BITS=6144"
ENABLED_KEYGEN="yes" ENABLED_KEYGEN="yes"
ENABLED_SHA224="yes" ENABLED_SHA224="yes"
AS_IF([test "x$ENABLED_AESCCM" != "xyes"], AS_IF([test "x$ENABLED_AESCCM" != "xyes"],

8
wolfcrypt/src/hmac.c
View File

@@ -462,7 +462,7 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
#ifdef WOLFSSL_SHA3 #ifdef WOLFSSL_SHA3
case WC_SHA3_224: case WC_SHA3_224:
hmac_block_size = WC_SHA3_224_BLOCK_SIZE; hmac_block_size = WC_SHA3_224_BLOCK_SIZE;
if (length <= WC_SHA3_224_DIGEST_SIZE) { if (length <= WC_SHA3_224_BLOCK_SIZE) {
if (key != NULL) { if (key != NULL) {
XMEMCPY(ip, key, length); XMEMCPY(ip, key, length);
} }
@@ -480,7 +480,7 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
break; break;
case WC_SHA3_256: case WC_SHA3_256:
hmac_block_size = WC_SHA3_256_BLOCK_SIZE; hmac_block_size = WC_SHA3_256_BLOCK_SIZE;
if (length <= WC_SHA3_256_DIGEST_SIZE) { if (length <= WC_SHA3_256_BLOCK_SIZE) {
if (key != NULL) { if (key != NULL) {
XMEMCPY(ip, key, length); XMEMCPY(ip, key, length);
} }
@@ -498,7 +498,7 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
break; break;
case WC_SHA3_384: case WC_SHA3_384:
hmac_block_size = WC_SHA3_384_BLOCK_SIZE; hmac_block_size = WC_SHA3_384_BLOCK_SIZE;
if (length <= WC_SHA3_384_DIGEST_SIZE) { if (length <= WC_SHA3_384_BLOCK_SIZE) {
if (key != NULL) { if (key != NULL) {
XMEMCPY(ip, key, length); XMEMCPY(ip, key, length);
} }
@@ -516,7 +516,7 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
break; break;
case WC_SHA3_512: case WC_SHA3_512:
hmac_block_size = WC_SHA3_512_BLOCK_SIZE; hmac_block_size = WC_SHA3_512_BLOCK_SIZE;
if (length <= WC_SHA3_512_DIGEST_SIZE) { if (length <= WC_SHA3_512_BLOCK_SIZE) {
if (key != NULL) { if (key != NULL) {
XMEMCPY(ip, key, length); XMEMCPY(ip, key, length);
} }