wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

AES-SIV:

Browse Source 
in configure.ac, enable SIV only if !ENABLED_FIPS or if building FIPS v5-dev;

in cmac.{c,h}, remove !HAVE_FIPS gating on ShiftAndXorRb().
This commit is contained in:
Daniel Pouzzner
2022-01-20 14:51:30 -06:00
parent 84f7d812d3
commit 386aac9694
4 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
configure.ac
View File

@@ -498,7 +498,6 @@ then
test "$enable_aesctr" = "" && enable_aesctr=yes test "$enable_aesctr" = "" && enable_aesctr=yes
test "$enable_aesofb" = "" && enable_aesofb=yes test "$enable_aesofb" = "" && enable_aesofb=yes
test "$enable_aescfb" = "" && enable_aescfb=yes test "$enable_aescfb" = "" && enable_aescfb=yes
test "$enable_aessiv" = "" && enable_aessiv=yes
test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes
test "$enable_camellia" = "" && enable_camellia=yes test "$enable_camellia" = "" && enable_camellia=yes
test "$enable_ripemd" = "" && enable_ripemd=yes test "$enable_ripemd" = "" && enable_ripemd=yes
@@ -629,6 +628,10 @@ then
fi fi
fi fi
if test "$ENABLED_FIPS" = "no" || test "$ENABLED_FIPS" = "v5-dev"; then
test "$enable_aessiv" = "" && enable_aessiv=yes
fi
# Enable DH const table speedups (eliminates `-lm` math lib dependency) # Enable DH const table speedups (eliminates `-lm` math lib dependency)
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072" AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072"
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096 DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
@@ -665,7 +668,6 @@ then
test "$enable_aesctr" = "" && enable_aesctr=yes test "$enable_aesctr" = "" && enable_aesctr=yes
test "$enable_aesofb" = "" && enable_aesofb=yes test "$enable_aesofb" = "" && enable_aesofb=yes
test "$enable_aescfb" = "" && enable_aescfb=yes test "$enable_aescfb" = "" && enable_aescfb=yes
test "$enable_aessiv" = "" && enable_aessiv=yes
test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes
test "$enable_camellia" = "" && enable_camellia=yes test "$enable_camellia" = "" && enable_camellia=yes
test "$enable_ripemd" = "" && enable_ripemd=yes test "$enable_ripemd" = "" && enable_ripemd=yes
@@ -752,6 +754,10 @@ then
fi fi
fi fi
if test "$ENABLED_FIPS" = "no" || test "$ENABLED_FIPS" = "v5-dev"; then
test "$enable_aessiv" = "" && enable_aessiv=yes
fi
# Enable AES Decrypt, AES ECB, Alt Names, DER Load # Enable AES Decrypt, AES ECB, Alt Names, DER Load
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES -DWOLFSSL_DER_LOAD" AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES -DWOLFSSL_DER_LOAD"

4
wolfcrypt/src/cmac.c
View File

@@ -57,12 +57,8 @@
#endif #endif
#ifdef HAVE_FIPS
static void ShiftAndXorRb(byte* out, byte* in)
#else
/* Used by AES-SIV. See aes.c. */ /* Used by AES-SIV. See aes.c. */
void ShiftAndXorRb(byte* out, byte* in) void ShiftAndXorRb(byte* out, byte* in)
#endif
{ {
int i, j, xorRb; int i, j, xorRb;
int mask = 0, last = 0; int mask = 0, last = 0;

2
wolfcrypt/test/test.c
View File

@@ -38870,7 +38870,7 @@ typedef struct {
const byte plaintext[83]; const byte plaintext[83];
word32 plaintextSz; word32 plaintextSz;
const byte siv[AES_BLOCK_SIZE+1]; const byte siv[AES_BLOCK_SIZE+1];
const byte ciphertext[83]; const byte ciphertext[82];
word32 ciphertextSz; word32 ciphertextSz;
} AesSivTestVector; } AesSivTestVector;

2
wolfssl/wolfcrypt/cmac.h
View File

@@ -103,10 +103,8 @@ int wc_AesCmacVerify(const byte* check, word32 checkSz,
const byte* in, word32 inSz, const byte* in, word32 inSz,
const byte* key, word32 keySz); const byte* key, word32 keySz);
#ifndef HAVE_FIPS
WOLFSSL_LOCAL WOLFSSL_LOCAL
void ShiftAndXorRb(byte* out, byte* in); void ShiftAndXorRb(byte* out, byte* in);
#endif
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */