FIPS CAST Update

1. In the unit test, when checking the build options, also check for FIPSv4 to make sure 2048-bit RSA is used. 2. In the standalone SHA-1 one step hash function, wc_InitSha() wasn't getting called, so the FIPS flags didn't get checked. (It was using wc_InitSha_ex() which bypasses the FIPS checks.)
2025-08-01 11:44:38 +02:00 · 2020-12-04 14:56:08 -08:00
parent 9c1fe16e62
commit 344950a36d
1 changed files with 12 additions and 6 deletions
--- a/tests/api.c
+++ b/tests/api.c
@@ -399,7 +399,8 @@ static const char* failed = "failed";
 #define TEST_STRING    "Everyone gets Friday off."
 #define TEST_STRING_SZ 25

-#if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
+#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
 #define TEST_RSA_BITS 1024
 #else
 #define TEST_RSA_BITS 2048
@@ -14467,7 +14468,8 @@ static int test_wc_MakeRsaKey (void)

    RsaKey  genKey;
    WC_RNG  rng;
-    #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
+    #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
+        (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
    int     bits = 1024;
    #else
    int     bits = 2048;
@@ -15128,7 +15130,8 @@ static int test_wc_RsaKeyToDer (void)
    RsaKey  genKey;
    WC_RNG  rng;
    byte*   der;
-    #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
+    #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
+        (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
    int     bits = 1024;
    word32  derSz = 611;
    /* (2 x 128) + 2 (possible leading 00) + (5 x 64) + 5 (possible leading 00)
@@ -15238,7 +15241,8 @@ static int test_wc_RsaKeyToPublicDer (void)
    RsaKey      key;
    WC_RNG      rng;
    byte*       der;
-    #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
+    #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
+        (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
    int         bits = 1024;
    word32      derLen = 162;
    #else
@@ -15716,7 +15720,8 @@ static int test_wc_RsaEncryptSize (void)
    }

    printf(testingFmt, "wc_RsaEncryptSize()");
-#if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
+#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
    if (ret == 0) {
        ret = MAKE_RSA_KEY(&key, 1024, WC_RSA_EXPONENT, &rng);
        if (ret == 0) {
@@ -15786,7 +15791,8 @@ static int test_wc_RsaFlattenPublicKey (void)
    byte    n[256];
    word32  eSz = sizeof(e);
    word32  nSz = sizeof(n);
-    #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
+    #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
+        (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
    int         bits = 1024;
    #else
    int         bits = 2048;