From 7d856aebd03429fac9474138b45e363f6cc46960 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 2 Jan 2025 15:42:19 -0600 Subject: [PATCH 1/2] update FIPS v6 to point to wolfcrypt WCv6.0.0-RC3 (aka v5.7.6-stable) and fips WCv6.0.0-RC3. --- fips-check.sh | 13 ++++++++++--- wolfssl/ssl.h | 2 +- wolfssl/wolfcrypt/settings.h | 4 ++-- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/fips-check.sh b/fips-check.sh index 968e87820..d0ceaf56e 100755 --- a/fips-check.sh +++ b/fips-check.sh @@ -237,9 +237,9 @@ linuxv5|linuxv5.2.1) ) ;; v6.0.0) - WOLF_REPO_TAG='WCv6.0.0-RC1' - FIPS_REPO_TAG='WCv6.0.0-RC1' - ASM_PICKUPS_TAG='WCv6.0.0-RC2' + WOLF_REPO_TAG='WCv6.0.0-RC3' + FIPS_REPO_TAG='WCv6.0.0-RC3' + ASM_PICKUPS_TAG='WCv6.0.0-RC3' FIPS_OPTION='v6' FIPS_FILES=( "wolfcrypt/src/fips.c:${FIPS_REPO_TAG}" @@ -272,6 +272,13 @@ v6.0.0) "wolfcrypt/src/port/arm/armv8-sha512-asm_c.c:${ASM_PICKUPS_TAG}" "wolfcrypt/src/port/arm/armv8-sha512-asm.S:${WOLF_REPO_TAG}" "wolfcrypt/src/port/arm/armv8-sha512.c:${WOLF_REPO_TAG}" + "wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c:${WOLF_REPO_TAG}" + "wolfcrypt/src/port/arm/armv8-32-sha3-asm.S:${WOLF_REPO_TAG}" + "wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c:${WOLF_REPO_TAG}" + "wolfcrypt/src/port/arm/thumb2-sha3-asm.S:${WOLF_REPO_TAG}" + "wolfcrypt/src/port/riscv/riscv-64-sha256.c:${WOLF_REPO_TAG}" + "wolfcrypt/src/port/riscv/riscv-64-sha512.c:${WOLF_REPO_TAG}" + "wolfcrypt/src/port/riscv/riscv-64-sha3.c:${WOLF_REPO_TAG}" "wolfcrypt/src/cmac.c:${WOLF_REPO_TAG}" "wolfcrypt/src/curve25519.c:${WOLF_REPO_TAG}" "wolfcrypt/src/curve448.c:${WOLF_REPO_TAG}" diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 8b7ebedc7..5ca6f8288 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -166,7 +166,7 @@ #include #include #include - #if defined(HAVE_FIPS_VERSION) && FIPS_VERSION3_LT(7,0,0) + #if defined(HAVE_FIPS_VERSION) && FIPS_VERSION3_LT(6,0,0) /* clear conflicting name */ #undef RSA_PKCS1_PADDING_SIZE #endif diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 50eb0cbc1..455802e01 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -438,9 +438,9 @@ /* old FIPS has only AES_BLOCK_SIZE. */ #if !defined(NO_AES) && (defined(HAVE_SELFTEST) || \ - (defined(HAVE_FIPS) && FIPS_VERSION3_LT(7,0,0))) + (defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0))) #define WC_AES_BLOCK_SIZE AES_BLOCK_SIZE -#endif /* !NO_AES && (HAVE_SELFTEST || FIPS_VERSION3_LT(7,0,0)) */ +#endif /* !NO_AES && (HAVE_SELFTEST || FIPS_VERSION3_LT(6,0,0)) */ #ifdef WOLFSSL_HARDEN_TLS #if WOLFSSL_HARDEN_TLS != 112 && WOLFSSL_HARDEN_TLS != 128 From bb482d188172bf45b389a4d5f68085ec9757e8b2 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Thu, 2 Jan 2025 15:41:47 -0700 Subject: [PATCH 2/2] Order into respective groups --- fips-check.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/fips-check.sh b/fips-check.sh index d0ceaf56e..158de9019 100755 --- a/fips-check.sh +++ b/fips-check.sh @@ -261,6 +261,8 @@ v6.0.0) "wolfcrypt/src/port/arm/armv8-32-curve25519.S:${WOLF_REPO_TAG}" "wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c:${ASM_PICKUPS_TAG}" "wolfcrypt/src/port/arm/armv8-32-sha256-asm.S:${WOLF_REPO_TAG}" + "wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c:${WOLF_REPO_TAG}" + "wolfcrypt/src/port/arm/armv8-32-sha3-asm.S:${WOLF_REPO_TAG}" "wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c:${ASM_PICKUPS_TAG}" "wolfcrypt/src/port/arm/armv8-32-sha512-asm.S:${WOLF_REPO_TAG}" "wolfcrypt/src/port/arm/armv8-aes.c:${ASM_PICKUPS_TAG}" @@ -272,13 +274,6 @@ v6.0.0) "wolfcrypt/src/port/arm/armv8-sha512-asm_c.c:${ASM_PICKUPS_TAG}" "wolfcrypt/src/port/arm/armv8-sha512-asm.S:${WOLF_REPO_TAG}" "wolfcrypt/src/port/arm/armv8-sha512.c:${WOLF_REPO_TAG}" - "wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c:${WOLF_REPO_TAG}" - "wolfcrypt/src/port/arm/armv8-32-sha3-asm.S:${WOLF_REPO_TAG}" - "wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c:${WOLF_REPO_TAG}" - "wolfcrypt/src/port/arm/thumb2-sha3-asm.S:${WOLF_REPO_TAG}" - "wolfcrypt/src/port/riscv/riscv-64-sha256.c:${WOLF_REPO_TAG}" - "wolfcrypt/src/port/riscv/riscv-64-sha512.c:${WOLF_REPO_TAG}" - "wolfcrypt/src/port/riscv/riscv-64-sha3.c:${WOLF_REPO_TAG}" "wolfcrypt/src/cmac.c:${WOLF_REPO_TAG}" "wolfcrypt/src/curve25519.c:${WOLF_REPO_TAG}" "wolfcrypt/src/curve448.c:${WOLF_REPO_TAG}" @@ -313,6 +308,8 @@ v6.0.0) "wolfcrypt/src/port/arm/thumb2-curve25519.S:${WOLF_REPO_TAG}" "wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c:${WOLF_REPO_TAG}" "wolfcrypt/src/port/arm/thumb2-sha256-asm.S:${WOLF_REPO_TAG}" + "wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c:${WOLF_REPO_TAG}" + "wolfcrypt/src/port/arm/thumb2-sha3-asm.S:${WOLF_REPO_TAG}" "wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c:${WOLF_REPO_TAG}" "wolfcrypt/src/port/arm/thumb2-sha512-asm.S:${WOLF_REPO_TAG}" "wolfssl/wolfcrypt/aes.h:${WOLF_REPO_TAG}" @@ -333,6 +330,9 @@ v6.0.0) "wolfssl/wolfcrypt/sha256.h:${WOLF_REPO_TAG}" "wolfssl/wolfcrypt/sha3.h:${WOLF_REPO_TAG}" "wolfssl/wolfcrypt/sha512.h:${WOLF_REPO_TAG}" + "wolfcrypt/src/port/riscv/riscv-64-sha256.c:${WOLF_REPO_TAG}" + "wolfcrypt/src/port/riscv/riscv-64-sha3.c:${WOLF_REPO_TAG}" + "wolfcrypt/src/port/riscv/riscv-64-sha512.c:${WOLF_REPO_TAG}" ) ;; fips-ready|fips-dev)