diff --git a/IDE/VisualDSP/user_settings.h b/IDE/VisualDSP/user_settings.h index f0fa67553..d4fbdbfd1 100644 --- a/IDE/VisualDSP/user_settings.h +++ b/IDE/VisualDSP/user_settings.h @@ -350,9 +350,6 @@ extern "C" { #undef WOLFSSL_SHA3 #if 1 #define WOLFSSL_SHA3 - #ifdef HAVE_FIPS - #define WOLFSSL_NO_SHAKE256 - #endif #endif /* MD5 */ diff --git a/configure.ac b/configure.ac index 45d6ea321..dbdb037a7 100644 --- a/configure.ac +++ b/configure.ac @@ -1556,7 +1556,7 @@ if test "$ENABLED_AFALG" = "xilinx" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX -DWOLFSSL_AFALG_XILINX_AES" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX_SHA3 -DWOLFSSL_AFALG_XILINX_RSA" - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA3_224 -DWOLFSSL_NOSHA3_256 -DWOLFSSL_NOSHA3_512 -DWOLFSSL_NO_SHAKE256" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA3_224 -DWOLFSSL_NOSHA3_256 -DWOLFSSL_NOSHA3_512" ENABLED_AFALG="yes" ENABLED_XILINX="yes" fi @@ -1572,7 +1572,7 @@ if test "$ENABLED_AFALG" = "xilinx-sha3" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX_SHA3" - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA3_224 -DWOLFSSL_NOSHA3_256 -DWOLFSSL_NOSHA3_512 -DWOLFSSL_NO_SHAKE256" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA3_224 -DWOLFSSL_NOSHA3_256 -DWOLFSSL_NOSHA3_512" ENABLED_AFALG="yes" ENABLED_XILINX="yes" fi @@ -1776,9 +1776,8 @@ fi # SHAKE256 AC_ARG_ENABLE([shake256], - [AS_HELP_STRING([--enable-shake256],[Enable wolfSSL SHAKE256 support (default: enabled on x86_64/aarch64)])], - [ ENABLED_SHAKE256=$enableval ], - [ ENABLED_SHAKE256=$ENABLED_SHA3 ] + [AS_HELP_STRING([--enable-shake256],[Enable wolfSSL SHAKE256 support (default: disabled)])], + [ ENABLED_SHAKE256=$enableval ] ) # SHA512 @@ -2209,6 +2208,10 @@ then then AC_MSG_ERROR([cannot enable ed448 without enabling sha512.]) fi + if test "$FIPS_VERSION" = "v2" + then + AC_MSG_ERROR([cannot enable ed448 w/ dependency shake256 in FIPSv2 mode]) + fi ENABLED_FE448=yes ENABLED_GE448=yes AM_CFLAGS="$AM_CFLAGS -DHAVE_ED448" @@ -3106,8 +3109,6 @@ AS_CASE([$FIPS_VERSION], AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q" ENABLED_KEYGEN="yes" ENABLED_SHA224="yes" - # Shake256 is a SHA-3 algorithm not in our FIPS algorithm list - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256" AS_IF([test "x$ENABLED_AESCCM" != "xyes"], [ENABLED_AESCCM="yes" AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"]) diff --git a/tests/api.c b/tests/api.c index 0ad8e9b11..6176b913d 100644 --- a/tests/api.c +++ b/tests/api.c @@ -10112,7 +10112,7 @@ static int test_wc_Sha3_GetFlags (void) static int test_wc_InitShake256 (void) { int ret = 0; -#if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_NO_SHAKE256) +#ifdef WOLFSSL_SHAKE256 wc_Shake shake; printf(testingFmt, "wc_InitShake256()"); @@ -10139,7 +10139,7 @@ static int testing_wc_Shake256_Update (void) { int ret = 0; -#if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_NO_SHAKE256) +#ifdef WOLFSSL_SHAKE256 wc_Shake shake; byte msg[] = "Everybody's working for the weekend."; byte msg2[] = "Everybody gets Friday off."; @@ -10191,7 +10191,7 @@ static int testing_wc_Shake256_Update (void) wc_Shake256_Free(&shake); printf(resultFmt, ret == 0 ? passed : failed); -#endif /* WOLFSSL_SHAKE256 && !WOLFSSL_NO_SHAKE256 */ +#endif /* WOLFSSL_SHAKE256 */ return ret; @@ -10201,7 +10201,7 @@ static int test_wc_Shake256_Final (void) { int ret = 0; -#if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_NO_SHAKE256) +#ifdef WOLFSSL_SHAKE256 wc_Shake shake; const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom" "nopnopq"; @@ -10256,7 +10256,7 @@ static int test_wc_Shake256_Final (void) static int test_wc_Shake256_Copy (void) { int ret = 0; -#if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_NO_SHAKE256) +#ifdef WOLFSSL_SHAKE256 wc_Shake shake, shakeCpy; const char* msg = TEST_STRING; word32 msglen = (word32)TEST_STRING_SZ; @@ -10319,7 +10319,7 @@ static int test_wc_Shake256_Copy (void) static int test_wc_Shake256Hash(void) { int ret = 0; -#if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_NO_SHAKE256) +#ifdef WOLFSSL_SHAKE256 const byte data[] = { /* Hello World */ 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index 921210bce..b58a2c33a 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -1381,7 +1381,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags) } #endif /* !WOLFSSL_NOSHA3_512 */ -#if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_NO_SHAKE256) +#ifdef WOLFSSL_SHAKE256 int wc_Shake256Hash(const byte* data, word32 len, byte* hash, word32 hashLen) { @@ -1418,7 +1418,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags) return ret; } -#endif /* WOLFSSL_SHAKE_256 && !WOLFSSL_NO_SHAKE256 */ +#endif /* WOLFSSL_SHAKE_256 */ #endif /* WOLFSSL_SHA3 */ #endif /* !NO_HASH_WRAPPER */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index efa3c430f..0f630d20f 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -3366,7 +3366,6 @@ WOLFSSL_TEST_SUBROUTINE int sha3_test(void) #ifdef WOLFSSL_SHAKE256 WOLFSSL_TEST_SUBROUTINE int shake256_test(void) { -#ifndef WOLFSSL_NO_SHAKE256 wc_Shake sha; byte hash[250]; @@ -3507,9 +3506,6 @@ exit: wc_Shake256_Free(&sha); return ret; -#else - return 0; -#endif } #endif