diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 49353bc67..355cc8c4b 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -790,6 +790,7 @@ WOLFSSL_MONT_RED_CT WOLFSSL_MP_COND_COPY WOLFSSL_MP_INVMOD_CONSTANT_TIME WOLFSSL_MULTICIRCULATE_ALTNAMELIST +WOLFSSL_NEW_PRIME_CHECK WOLFSSL_NONBLOCK_OCSP WOLFSSL_NOSHA3_384 WOLFSSL_NOT_WINDOWS_API diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 2397557d1..bf3029791 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -431,6 +431,8 @@ (WOLFSSL_FIPS_VERSION2_CODE >= WOLFSSL_MAKE_FIPS_VERSION(major,minor)) #define FIPS_VERSION_GT(major,minor) \ (WOLFSSL_FIPS_VERSION2_CODE > WOLFSSL_MAKE_FIPS_VERSION(major,minor)) +#define FIPS_VERSION_NE(major,minor) \ + (WOLFSSL_FIPS_VERSION2_CODE != WOLFSSL_MAKE_FIPS_VERSION(major,minor)) #define FIPS_VERSION3_LT(major,minor,patch) \ (WOLFSSL_FIPS_VERSION_CODE < WOLFSSL_MAKE_FIPS_VERSION3(major,minor,patch)) @@ -3680,9 +3682,6 @@ extern void uITRON4_free(void *p) ; #ifndef WOLFSSL_KERNEL_MODE #define WOLFSSL_KERNEL_MODE #endif - #ifndef WOLFSSL_API_PREFIX_MAP - #define WOLFSSL_API_PREFIX_MAP - #endif #if defined(WOLFSSL_LINUXKM_VERBOSE_DEBUG) && \ !defined(WOLFSSL_KERNEL_VERBOSE_DEBUG) #define WOLFSSL_KERNEL_VERBOSE_DEBUG @@ -3715,21 +3714,11 @@ extern void uITRON4_free(void *p) ; #ifndef USE_WOLF_STRTOK #define USE_WOLF_STRTOK #endif - #ifndef WOLFSSL_OLD_PRIME_CHECK - #define WOLFSSL_OLD_PRIME_CHECK - #endif #ifdef LINUXKM_LKCAPI_REGISTER #ifndef WC_TEST_EXPORT_SUBTESTS #define WC_TEST_EXPORT_SUBTESTS #endif #endif - #ifndef WOLFSSL_TEST_SUBROUTINE - #ifdef WC_TEST_EXPORT_SUBTESTS - #define WOLFSSL_TEST_SUBROUTINE - #else - #define WOLFSSL_TEST_SUBROUTINE static - #endif - #endif #undef HAVE_PTHREAD /* linuxkm uses linux/string.h, included by linuxkm_wc_port.h. */ #undef HAVE_STRINGS_H @@ -3790,21 +3779,6 @@ extern void uITRON4_free(void *p) ; #undef HAVE_PUBLIC_FFDHE #endif - #ifndef NO_OLD_WC_NAMES - #define NO_OLD_WC_NAMES - #endif - #ifndef NO_OLD_SHA_NAMES - #define NO_OLD_SHA_NAMES - #endif - #ifndef NO_OLD_MD5_NAME - #define NO_OLD_MD5_NAME - #endif - #ifndef OPENSSL_COEXIST - #define OPENSSL_COEXIST - #endif - #ifndef NO_OLD_SSL_NAMES - #define NO_OLD_SSL_NAMES - #endif #undef WOLFSSL_MIN_AUTH_TAG_SZ #define WOLFSSL_MIN_AUTH_TAG_SZ 4 @@ -3814,22 +3788,10 @@ extern void uITRON4_free(void *p) ; */ #define WOLFSSL_ASN_INT_LEAD_0_ANY #endif - - #if !defined(WC_RESEED_INTERVAL) && defined(LINUXKM_LKCAPI_REGISTER) - /* If installing handlers, use the maximum reseed interval allowed by - * NIST SP 800-90A Rev. 1, to avoid unnecessary delays in DRBG - * generation. - */ - #if defined(HAVE_FIPS) && FIPS_VERSION_LT(6,0) - #define WC_RESEED_INTERVAL UINT_MAX - #else - #define WC_RESEED_INTERVAL (((word64)1UL)<<48UL) - #endif - #endif #if defined(__aarch64__) && !defined(WOLFSSL_AARCH64_PRIVILEGE_MODE) #define WOLFSSL_AARCH64_PRIVILEGE_MODE #endif -#endif +#endif /* WOLFSSL_LINUXKM */ /* FreeBSD Kernel Module */ #ifdef WOLFSSL_BSDKM @@ -3869,16 +3831,6 @@ extern void uITRON4_free(void *p) ; #ifndef USE_WOLF_STRTOK #define USE_WOLF_STRTOK #endif - #ifndef WOLFSSL_OLD_PRIME_CHECK - #define WOLFSSL_OLD_PRIME_CHECK - #endif - #ifndef WOLFSSL_TEST_SUBROUTINE - #ifndef NO_CRYPT_TEST - #define WOLFSSL_TEST_SUBROUTINE - #else - #define WOLFSSL_TEST_SUBROUTINE static - #endif - #endif /* bsdkm uses kernel headers, included in bsdkm_wc_port.h. */ #undef HAVE_PTHREAD #undef HAVE_STRINGS_H @@ -3909,6 +3861,19 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_SP_DIV_WORD_HALF #endif + /* FreeBSD kernel defines its own min, max functions in sys/libkern.h */ + #undef WOLFSSL_HAVE_MIN + #define WOLFSSL_HAVE_MIN + + #undef WOLFSSL_HAVE_MAX + #define WOLFSSL_HAVE_MAX +#endif /* WOLFSSL_BSDKM */ + +/* Common setup for kernel mode builds */ +#ifdef WOLFSSL_KERNEL_MODE + #ifndef WOLFSSL_API_PREFIX_MAP + #define WOLFSSL_API_PREFIX_MAP + #endif #ifndef NO_OLD_WC_NAMES #define NO_OLD_WC_NAMES #endif @@ -3925,18 +3890,36 @@ extern void uITRON4_free(void *p) ; #define NO_OLD_SSL_NAMES #endif - /* FreeBSD kernel defines its own min, max functions in sys/libkern.h */ - #undef WOLFSSL_HAVE_MIN - #define WOLFSSL_HAVE_MIN + #ifndef WOLFSSL_TEST_SUBROUTINE + #ifdef WC_TEST_EXPORT_SUBTESTS + #define WOLFSSL_TEST_SUBROUTINE + #else + #define WOLFSSL_TEST_SUBROUTINE static + #endif + #endif - #undef WOLFSSL_HAVE_MAX - #define WOLFSSL_HAVE_MAX -#endif + #if !defined(WOLFSSL_OLD_PRIME_CHECK) && \ + !defined(WOLFSSL_NEW_PRIME_CHECK) && !defined(HAVE_FIPS) + #define WOLFSSL_OLD_PRIME_CHECK + #endif -#if defined(WOLFSSL_KERNEL_MODE) && !defined(WC_NO_VERBOSE_RNG) && \ - !defined(WC_VERBOSE_RNG) - #define WC_VERBOSE_RNG -#endif + #ifndef WC_RESEED_INTERVAL + /* In kernel mode, use the maximum reseed interval allowed by + * NIST SP 800-90A Rev. 1, to avoid unnecessary delays in DRBG + * generation. + */ + #if defined(HAVE_FIPS) && \ + FIPS_VERSION_LT(6,0) && FIPS_VERSION3_NE(5,2,4) + #define WC_RESEED_INTERVAL UINT_MAX + #else + #define WC_RESEED_INTERVAL (((word64)1UL)<<48UL) + #endif + #endif + + #if !defined(WC_NO_VERBOSE_RNG) && !defined(WC_VERBOSE_RNG) + #define WC_VERBOSE_RNG + #endif +#endif /* WOLFSSL_KERNEL_MODE */ #if defined(WC_SYM_RELOC_TABLES) && defined(HAVE_FIPS) && \ !defined(WC_PIE_RELOC_TABLES)