From 2380086209ef29280a94ded64b0ab4c5ecc11faf Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 28 Aug 2023 15:11:13 -0700 Subject: [PATCH 1/2] FIPS Update 1. Rename the error code for degraded mode so it matches what's in the fips repo. 2. Update the tag used for linuxv5 builds in the fips-check script. --- fips-check.sh | 68 ++++++++++++++++----------------- wolfcrypt/src/error.c | 2 +- wolfssl/wolfcrypt/error-crypt.h | 2 +- 3 files changed, 36 insertions(+), 36 deletions(-) diff --git a/fips-check.sh b/fips-check.sh index bd4d516b8..0ef2256cb 100755 --- a/fips-check.sh +++ b/fips-check.sh @@ -140,42 +140,42 @@ marvell-linux-selftest) linuxv5) FIPS_OPTION='v5' FIPS_FILES=( - 'wolfcrypt/src/fips.c:WCv5.0-RC12' - 'wolfcrypt/src/fips_test.c:WCv5.0-RC12' - 'wolfcrypt/src/wolfcrypt_first.c:WCv5.0-RC12' - 'wolfcrypt/src/wolfcrypt_last.c:WCv5.0-RC12' - 'wolfssl/wolfcrypt/fips.h:WCv5.0-RC12' + 'wolfcrypt/src/fips.c:v5.2.1-stable' + 'wolfcrypt/src/fips_test.c:v5.2.1-stable' + 'wolfcrypt/src/wolfcrypt_first.c:v5.2.1-stable' + 'wolfcrypt/src/wolfcrypt_last.c:v5.2.1-stable' + 'wolfssl/wolfcrypt/fips.h:v5.2.1-stable' ) WOLFCRYPT_FILES=( - 'wolfcrypt/src/aes.c:WCv5.0-RC12' - 'wolfcrypt/src/aes_asm.asm:WCv5.0-RC12' - 'wolfcrypt/src/aes_asm.S:WCv5.0-RC12' - 'wolfcrypt/src/aes_gcm_asm.S:WCv5.0-RC12' - 'wolfcrypt/src/cmac.c:WCv5.0-RC12' - 'wolfcrypt/src/dh.c:WCv5.0-RC12' - 'wolfcrypt/src/ecc.c:WCv5.0-RC12' - 'wolfcrypt/src/hmac.c:WCv5.0-RC12' - 'wolfcrypt/src/kdf.c:WCv5.0-RC12' - 'wolfcrypt/src/random.c:WCv5.0-RC12' - 'wolfcrypt/src/rsa.c:WCv5.0-RC12' - 'wolfcrypt/src/sha.c:WCv5.0-RC12' - 'wolfcrypt/src/sha256.c:WCv5.0-RC12' - 'wolfcrypt/src/sha256_asm.S:WCv5.0-RC12' - 'wolfcrypt/src/sha3.c:WCv5.0-RC12' - 'wolfcrypt/src/sha512.c:WCv5.0-RC12' - 'wolfcrypt/src/sha512_asm.S:WCv5.0-RC12' - 'wolfssl/wolfcrypt/aes.h:WCv5.0-RC12' - 'wolfssl/wolfcrypt/cmac.h:WCv5.0-RC12' - 'wolfssl/wolfcrypt/dh.h:WCv5.0-RC12' - 'wolfssl/wolfcrypt/ecc.h:WCv5.0-RC12' - 'wolfssl/wolfcrypt/hmac.h:WCv5.0-RC12' - 'wolfssl/wolfcrypt/kdf.h:WCv5.0-RC12' - 'wolfssl/wolfcrypt/random.h:WCv5.0-RC12' - 'wolfssl/wolfcrypt/rsa.h:WCv5.0-RC12' - 'wolfssl/wolfcrypt/sha.h:WCv5.0-RC12' - 'wolfssl/wolfcrypt/sha256.h:WCv5.0-RC12' - 'wolfssl/wolfcrypt/sha3.h:WCv5.0-RC12' - 'wolfssl/wolfcrypt/sha512.h:WCv5.0-RC12' + 'wolfcrypt/src/aes.c:v5.2.1-stable' + 'wolfcrypt/src/aes_asm.asm:v5.2.1-stable' + 'wolfcrypt/src/aes_asm.S:v5.2.1-stable' + 'wolfcrypt/src/aes_gcm_asm.S:v5.2.1-stable' + 'wolfcrypt/src/cmac.c:v5.2.1-stable' + 'wolfcrypt/src/dh.c:v5.2.1-stable' + 'wolfcrypt/src/ecc.c:v5.2.1-stable' + 'wolfcrypt/src/hmac.c:v5.2.1-stable' + 'wolfcrypt/src/kdf.c:v5.2.1-stable' + 'wolfcrypt/src/random.c:v5.2.1-stable' + 'wolfcrypt/src/rsa.c:v5.2.1-stable' + 'wolfcrypt/src/sha.c:v5.2.1-stable' + 'wolfcrypt/src/sha256.c:v5.2.1-stable' + 'wolfcrypt/src/sha256_asm.S:v5.2.1-stable' + 'wolfcrypt/src/sha3.c:v5.2.1-stable' + 'wolfcrypt/src/sha512.c:v5.2.1-stable' + 'wolfcrypt/src/sha512_asm.S:v5.2.1-stable' + 'wolfssl/wolfcrypt/aes.h:v5.2.1-stable' + 'wolfssl/wolfcrypt/cmac.h:v5.2.1-stable' + 'wolfssl/wolfcrypt/dh.h:v5.2.1-stable' + 'wolfssl/wolfcrypt/ecc.h:v5.2.1-stable' + 'wolfssl/wolfcrypt/hmac.h:v5.2.1-stable' + 'wolfssl/wolfcrypt/kdf.h:v5.2.1-stable' + 'wolfssl/wolfcrypt/random.h:v5.2.1-stable' + 'wolfssl/wolfcrypt/rsa.h:v5.2.1-stable' + 'wolfssl/wolfcrypt/sha.h:v5.2.1-stable' + 'wolfssl/wolfcrypt/sha256.h:v5.2.1-stable' + 'wolfssl/wolfcrypt/sha3.h:v5.2.1-stable' + 'wolfssl/wolfcrypt/sha512.h:v5.2.1-stable' ) ;; fips-ready|fips-dev) diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index 90c87b7ca..6ad73d77c 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -595,7 +595,7 @@ const char* wc_GetErrorString(int error) case SM4_CCM_AUTH_E: return "SM4-CCM Authentication check fail"; - case DEGRADED_FIPS_E: + case FIPS_DEGRADED_E: return "FIPS module in DEGRADED mode"; default: diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 99035cc26..2cc58efe5 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -66,7 +66,7 @@ enum { MEMORY_E = -125, /* out of memory error */ VAR_STATE_CHANGE_E = -126, /* var state modified by different thread */ - DEGRADED_FIPS_E = -127, /* FIPS Module in degraded mode */ + FIPS_DEGRADED_E = -127, /* FIPS Module in degraded mode */ RSA_WRONG_TYPE_E = -130, /* RSA wrong block type for RSA function */ RSA_BUFFER_E = -131, /* RSA buffer error, output too small or From b13294623b9a895a29bda85c421aa645b4fa9d77 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 28 Aug 2023 16:41:47 -0700 Subject: [PATCH 2/2] FIPS Update 1. Restore the linuxv5 option of fips-check. 2. Added option linuxv5.2.1 to fips-check. --- fips-check.sh | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/fips-check.sh b/fips-check.sh index 0ef2256cb..b31b16dd0 100755 --- a/fips-check.sh +++ b/fips-check.sh @@ -138,6 +138,48 @@ marvell-linux-selftest) ) ;; linuxv5) + FIPS_OPTION='v5' + FIPS_FILES=( + 'wolfcrypt/src/fips.c:WCv5.0-RC12' + 'wolfcrypt/src/fips_test.c:WCv5.0-RC12' + 'wolfcrypt/src/wolfcrypt_first.c:WCv5.0-RC12' + 'wolfcrypt/src/wolfcrypt_last.c:WCv5.0-RC12' + 'wolfssl/wolfcrypt/fips.h:WCv5.0-RC12' + ) + WOLFCRYPT_FILES=( + 'wolfcrypt/src/aes.c:WCv5.0-RC12' + 'wolfcrypt/src/aes_asm.asm:WCv5.0-RC12' + 'wolfcrypt/src/aes_asm.S:WCv5.0-RC12' + 'wolfcrypt/src/aes_gcm_asm.S:WCv5.0-RC12' + 'wolfcrypt/src/cmac.c:WCv5.0-RC12' + 'wolfcrypt/src/dh.c:WCv5.0-RC12' + 'wolfcrypt/src/ecc.c:WCv5.0-RC12' + 'wolfcrypt/src/hmac.c:WCv5.0-RC12' + 'wolfcrypt/src/kdf.c:WCv5.0-RC12' + 'wolfcrypt/src/random.c:WCv5.0-RC12' + 'wolfcrypt/src/rsa.c:WCv5.0-RC12' + 'wolfcrypt/src/sha.c:WCv5.0-RC12' + 'wolfcrypt/src/sha256.c:WCv5.0-RC12' + 'wolfcrypt/src/sha256_asm.S:WCv5.0-RC12' + 'wolfcrypt/src/sha3.c:WCv5.0-RC12' + 'wolfcrypt/src/sha512.c:WCv5.0-RC12' + 'wolfcrypt/src/sha512_asm.S:WCv5.0-RC12' + 'wolfssl/wolfcrypt/aes.h:WCv5.0-RC12' + 'wolfssl/wolfcrypt/cmac.h:WCv5.0-RC12' + 'wolfssl/wolfcrypt/dh.h:WCv5.0-RC12' + 'wolfssl/wolfcrypt/ecc.h:WCv5.0-RC12' + 'wolfssl/wolfcrypt/fips_test.h:WCv5.0-RC12' + 'wolfssl/wolfcrypt/hmac.h:WCv5.0-RC12' + 'wolfssl/wolfcrypt/kdf.h:WCv5.0-RC12' + 'wolfssl/wolfcrypt/random.h:WCv5.0-RC12' + 'wolfssl/wolfcrypt/rsa.h:WCv5.0-RC12' + 'wolfssl/wolfcrypt/sha.h:WCv5.0-RC12' + 'wolfssl/wolfcrypt/sha256.h:WCv5.0-RC12' + 'wolfssl/wolfcrypt/sha3.h:WCv5.0-RC12' + 'wolfssl/wolfcrypt/sha512.h:WCv5.0-RC12' + ) + ;; +linuxv5.2.1) FIPS_OPTION='v5' FIPS_FILES=( 'wolfcrypt/src/fips.c:v5.2.1-stable' @@ -168,6 +210,7 @@ linuxv5) 'wolfssl/wolfcrypt/cmac.h:v5.2.1-stable' 'wolfssl/wolfcrypt/dh.h:v5.2.1-stable' 'wolfssl/wolfcrypt/ecc.h:v5.2.1-stable' + 'wolfssl/wolfcrypt/fips_test.h:v5.2.1-stable' 'wolfssl/wolfcrypt/hmac.h:v5.2.1-stable' 'wolfssl/wolfcrypt/kdf.h:v5.2.1-stable' 'wolfssl/wolfcrypt/random.h:v5.2.1-stable'