wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

wolfRand

Browse Source 
In configure.ac,
1. Change some whitespace in the FIPS enable section.
2. Reorganize the FIPS section a little bit.
3. When enabling wolfRand, also force cryptonly.
4. Treat wolfRand like FIPSv2 at build time.
In the source include.am,
5. Add checks against BUILD_FIPS_RAND as appropriate.
6. Add the SHA-256 assembly to the wolfRand source list.
This commit is contained in:
John Safranek
2019-06-24 15:40:05 -07:00
parent a229e1e8e4
commit 63fe2a219e
2 changed files with 73 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
configure.ac
View File

@ -2247,54 +2247,56 @@ AC_ARG_ENABLE([fips],
[ENABLED_FIPS="no"]) [ENABLED_FIPS="no"])
AS_CASE([$ENABLED_FIPS], AS_CASE([$ENABLED_FIPS],
["v2"],[FIPS_VERSION="v2" ["v2"],[FIPS_VERSION="v2"
ENABLED_FIPS=yes ENABLED_FIPS=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q" AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
ENABLED_KEYGEN="yes" ENABLED_KEYGEN="yes"
ENABLED_SHA224="yes" ENABLED_SHA224="yes"
AS_IF([test "x$ENABLED_AESCCM" != "xyes"], AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
[ENABLED_AESCCM="yes" [ENABLED_AESCCM="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"]) AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
AS_IF([test "x$ENABLED_RSAPSS" != "xyes"], AS_IF([test "x$ENABLED_RSAPSS" != "xyes"],
[ENABLED_RSAPSS="yes" [ENABLED_RSAPSS="yes"
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"]) AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
AS_IF([test "x$ENABLED_ECC" != "xyes"], AS_IF([test "x$ENABLED_ECC" != "xyes"],
[ENABLED_ECC="yes" [ENABLED_ECC="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DWOLFSSL_VALIDATE_ECC_IMPORT" AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DWOLFSSL_VALIDATE_ECC_IMPORT"
AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"], AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])], [AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT"]) [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT"])
AS_IF([test "x$ENABLED_AESCTR" != "xyes"], AS_IF([test "x$ENABLED_AESCTR" != "xyes"],
[ENABLED_AESCTR="yes" [ENABLED_AESCTR="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"]) AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
AS_IF([test "x$ENABLED_CMAC" != "xyes"], AS_IF([test "x$ENABLED_CMAC" != "xyes"],
[ENABLED_CMAC="yes" [ENABLED_CMAC="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"]) AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
AS_IF([test "x$ENABLED_HKDF" != "xyes"], AS_IF([test "x$ENABLED_HKDF" != "xyes"],
[ENABLED_HKDF="yes" [ENABLED_HKDF="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"]) AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
AS_IF([test "x$ENABLED_INTELASM" = "xyes"], AS_IF([test "x$ENABLED_INTELASM" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"]) [AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"])
], ],
["rand"],[ ["rand"],[
ENABLED_FIPS="yes" ENABLED_FIPS="yes"
FIPS_VERSION="rand" FIPS_VERSION="rand"
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_FIPS_RAND" AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_FIPS_RAND -DHAVE_FIPS -DHAVE_FIPS_VERSION=2"
], ],
["no"],[FIPS_VERSION="none"], ["no"],[FIPS_VERSION="none"],
[ [
ENABLED_FIPS="yes" ENABLED_FIPS="yes"
FIPS_VERSION="v1" FIPS_VERSION="v1"
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS" AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
]) ])
AS_IF([test "x$ENABLED_FIPS" = "xyes"], AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$thread_ls_on" = "xno"],
[AC_MSG_ERROR([FIPS requires Thread Local Storage])])
AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$FIPS_VERSION" != "xrand"],
[ [
# Check prerequisites, force them on or error out. # Force enable the prerequisites.
AS_IF([test "x$thread_ls_on" = "xno"],[AC_MSG_ERROR([FIPS requires Thread Local Storage])])
AS_IF([test "x$ENABLED_SHA512" = "xno"], AS_IF([test "x$ENABLED_SHA512" = "xno"],
[ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"]) [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
AS_IF([test "x$ENABLED_AESGCM" != "xyes"], AS_IF([test "x$ENABLED_AESGCM" = "xno"],
[ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"]) [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"]) AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])
], ],
@ -3494,6 +3496,8 @@ AC_ARG_ENABLE([cryptonly],
[ENABLED_CRYPTONLY=$enableval], [ENABLED_CRYPTONLY=$enableval],
[ENABLED_CRYPTONLY=no]) [ENABLED_CRYPTONLY=no])
AS_IF([test "x$FIPS_VERSION" = "xrand"],[ENABLED_CRYPTONLY="yes"])
if test "$ENABLED_CRYPTONLY" = "yes" if test "$ENABLED_CRYPTONLY" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_ONLY" AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_ONLY"

35
src/include.am
View File

@ -124,42 +124,45 @@ src_libwolfssl_la_SOURCES += \
wolfcrypt/src/hmac.c \ wolfcrypt/src/hmac.c \
wolfcrypt/src/random.c \ wolfcrypt/src/random.c \
wolfcrypt/src/sha256.c \ wolfcrypt/src/sha256.c \
wolfcrypt/src/sha256_asm.S \
wolfcrypt/src/fips.c \ wolfcrypt/src/fips.c \
wolfcrypt/src/fips_test.c \ wolfcrypt/src/fips_test.c \
wolfcrypt/src/wolfcrypt_last.c wolfcrypt/src/wolfcrypt_last.c
endif endif BUILD_FIPS_RAND
endif endif BUILD_FIPS
# For wolfRand, exclude everything else.
if !BUILD_FIPS_RAND
# For FIPSV2, exclude the wolfCrypt files included above. # For FIPSV2, exclude the wolfCrypt files included above.
# For wolfRand, exclude just a couple files. # For wolfRand, exclude just a couple files.
# For old FIPS, keep the wolfCrypt versions of the # For old FIPS, keep the wolfCrypt versions of the
# CtaoCrypt files included above. # CtaoCrypt files included above.
if !BUILD_FIPS_V2 if !BUILD_FIPS_V2
if !BUILD_FIPS_RAND
src_libwolfssl_la_SOURCES += wolfcrypt/src/hmac.c src_libwolfssl_la_SOURCES += wolfcrypt/src/hmac.c
endif endif
endif
# CAVP self test # CAVP self test
if BUILD_SELFTEST if BUILD_SELFTEST
src_libwolfssl_la_SOURCES += wolfcrypt/src/selftest.c src_libwolfssl_la_SOURCES += wolfcrypt/src/selftest.c
endif endif
endif !BUILD_FIPS_RAND
src_libwolfssl_la_SOURCES += \ src_libwolfssl_la_SOURCES += \
wolfcrypt/src/hash.c \ wolfcrypt/src/hash.c \
wolfcrypt/src/cpuid.c wolfcrypt/src/cpuid.c
if !BUILD_FIPS_V2
if !BUILD_FIPS_RAND if !BUILD_FIPS_RAND
if !BUILD_FIPS_V2
if BUILD_RNG if BUILD_RNG
src_libwolfssl_la_SOURCES += wolfcrypt/src/random.c src_libwolfssl_la_SOURCES += wolfcrypt/src/random.c
endif endif
endif endif
endif
if !BUILD_FIPS_V2 if !BUILD_FIPS_V2
if !BUILD_FIPS_RAND
if BUILD_ARMASM if BUILD_ARMASM
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c
else else
@ -169,7 +172,6 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/sha256_asm.S
endif endif
endif endif
endif endif
endif
if BUILD_AFALG if BUILD_AFALG
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/af_alg/afalg_hash.c src_libwolfssl_la_SOURCES += wolfcrypt/src/port/af_alg/afalg_hash.c
@ -272,18 +274,25 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/sha3.c
endif endif
endif endif
endif !BUILD_FIPS_RAND
src_libwolfssl_la_SOURCES += \ src_libwolfssl_la_SOURCES += \
wolfcrypt/src/logging.c \ wolfcrypt/src/logging.c \
wolfcrypt/src/wc_encrypt.c \ wolfcrypt/src/wc_encrypt.c \
wolfcrypt/src/wc_port.c \ wolfcrypt/src/wc_port.c \
wolfcrypt/src/error.c \ wolfcrypt/src/error.c
if !BUILD_FIPS_RAND
src_libwolfssl_la_SOURCES += \
wolfcrypt/src/signature.c \ wolfcrypt/src/signature.c \
wolfcrypt/src/wolfmath.c wolfcrypt/src/wolfmath.c
endif !BUILD_FIPS_RAND
if BUILD_MEMORY if BUILD_MEMORY
src_libwolfssl_la_SOURCES += wolfcrypt/src/memory.c src_libwolfssl_la_SOURCES += wolfcrypt/src/memory.c
endif endif
if !BUILD_FIPS_RAND
if !BUILD_FIPS_V2 if !BUILD_FIPS_V2
if BUILD_DH if BUILD_DH
src_libwolfssl_la_SOURCES += wolfcrypt/src/dh.c src_libwolfssl_la_SOURCES += wolfcrypt/src/dh.c
@ -294,10 +303,14 @@ if BUILD_ASN
src_libwolfssl_la_SOURCES += wolfcrypt/src/asn.c src_libwolfssl_la_SOURCES += wolfcrypt/src/asn.c
endif endif
endif !BUILD_FIPS_RAND
if BUILD_CODING if BUILD_CODING
src_libwolfssl_la_SOURCES += wolfcrypt/src/coding.c src_libwolfssl_la_SOURCES += wolfcrypt/src/coding.c
endif endif
if !BUILD_FIPS_RAND
if BUILD_POLY1305 if BUILD_POLY1305
if BUILD_ARMASM if BUILD_ARMASM
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-poly1305.c src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-poly1305.c
@ -484,4 +497,6 @@ if BUILD_SNIFFER
src_libwolfssl_la_SOURCES += src/sniffer.c src_libwolfssl_la_SOURCES += src/sniffer.c
endif endif
endif # !BUILD_CRYPTONLY endif !BUILD_CRYPTONLY
endif !BUILD_FIPS_RAND