Merge pull request #6751 from ejohnstown/merge-fips-builds

FIPS 140-3 Pilot Program Check-in

wolfcrypt/src/aes.c

@@ -4570,6 +4570,19 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
             return 0;
         }
 
+        int wc_AesCtrSetKey(Aes* aes, const byte* key, word32 len,
+                                        const byte* iv, int dir)
+        {
+            if (aes == NULL) {
+                return BAD_FUNC_ARG;
+            }
+            if (len > sizeof(aes->key)) {
+                return BAD_FUNC_ARG;
+            }
+
+            return wc_AesSetKeyLocal(aes, key, len, iv, dir, 0);
+        }
+
     #endif /* NEED_AES_CTR_SOFT */
 
 #endif /* WOLFSSL_AES_COUNTER */

wolfcrypt/src/dh.c

@@ -1352,7 +1352,7 @@ static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz,
         *pubSz = (word32)mp_unsigned_bin_size(y);
 
     mp_clear(y);
-    mp_clear(x);
+    mp_forcezero(x);
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     XFREE(y, key->heap, DYNAMIC_TYPE_DH);
     XFREE(x, key->heap, DYNAMIC_TYPE_DH);

wolfcrypt/src/hmac.c

@@ -1173,6 +1173,8 @@ void wc_HmacFree(Hmac* hmac)
         default:
             break;
     }
+
+    ForceZero(hmac, sizeof(*hmac));
 }
 #endif /* WOLFSSL_KCAPI_HMAC */
 

wolfcrypt/src/port/arm/armv8-aes.c

@@ -1452,6 +1452,13 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     return 0;
 }
 
+int wc_AesCtrSetKey(Aes* aes, const byte* key, word32 len,
+        const byte* iv, int dir)
+{
+    (void)dir;
+    return wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION);
+}
+
 #endif /* WOLFSSL_AES_COUNTER */
 
 #ifdef HAVE_AESGCM
@@ -4212,6 +4219,13 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     return 0;
 }
 
+int wc_AesCtrSetKey(Aes* aes, const byte* key, word32 len,
+        const byte* iv, int dir)
+{
+    (void)dir;
+    return wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION);
+}
+
 #endif /* WOLFSSL_AES_COUNTER */
 
 #ifdef HAVE_AESGCM
@@ -5719,6 +5733,13 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     }
     return 0;
 }
+
+int wc_AesCtrSetKey(Aes* aes, const byte* key, word32 len,
+        const byte* iv, int dir)
+{
+    (void)dir;
+    return wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION);
+}
 #endif /* WOLFSSL_AES_COUNTER */
 
 #ifdef HAVE_AESCCM

wolfcrypt/src/port/arm/armv8-sha256.c

@@ -85,6 +85,10 @@ static int InitSha256(wc_Sha256* sha256)
     sha256->loLen   = 0;
     sha256->hiLen   = 0;
 
+#ifdef WOLFSSL_HASH_FLAGS
+    sha256->flags = 0;
+#endif
+
     return ret;
 }
 
@@ -1575,6 +1579,9 @@ int wc_Sha256Transform(wc_Sha256* sha256, const unsigned char* data)
         sha224->loLen   = 0;
         sha224->hiLen   = 0;
 
+    #ifdef WOLFSSL_HASH_FLAGS
+        sha224->flags = 0;
+    #endif
         return ret;
     }
 

wolfcrypt/src/sha256.c

@@ -931,6 +931,7 @@ static int InitSha256(wc_Sha256* sha256)
         }
 
     #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE)
+        ForceZero(W, sizeof(word32) * WC_SHA256_BLOCK_SIZE);
         XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
         return 0;
@@ -1691,6 +1692,7 @@ static int InitSha256(wc_Sha256* sha256)
 
 #ifdef WOLFSSL_SMALL_STACK_CACHE
         if (sha224->W != NULL) {
+            ForceZero(sha224->W, sizeof(word32) * WC_SHA224_BLOCK_SIZE);
             XFREE(sha224->W, NULL, DYNAMIC_TYPE_DIGEST);
             sha224->W = NULL;
         }
@@ -1708,10 +1710,12 @@ static int InitSha256(wc_Sha256* sha256)
     #endif
     #if defined(WOLFSSL_RENESAS_RX64_HASH)
         if (sha224->msg != NULL) {
+            ForceZero(sha224->msg, sha224->len);
             XFREE(sha224->msg, sha224->heap, DYNAMIC_TYPE_TMP_BUFFER);
             sha224->msg = NULL;
         }
     #endif
+        ForceZero(sha224, sizeof(*sha224));
     }
 #endif /* WOLFSSL_SHA224 */
 #endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */
@@ -1737,6 +1741,7 @@ void wc_Sha256Free(wc_Sha256* sha256)
 
 #ifdef WOLFSSL_SMALL_STACK_CACHE
     if (sha256->W != NULL) {
+        ForceZero(sha256->W, sizeof(word32) * WC_SHA256_BLOCK_SIZE);
         XFREE(sha256->W, NULL, DYNAMIC_TYPE_DIGEST);
         sha256->W = NULL;
     }
@@ -1772,6 +1777,7 @@ void wc_Sha256Free(wc_Sha256* sha256)
     defined(WOLFSSL_HASH_KEEP)
 
     if (sha256->msg != NULL) {
+        ForceZero(sha256->msg, sha256->len);
         XFREE(sha256->msg, sha256->heap, DYNAMIC_TYPE_TMP_BUFFER);
         sha256->msg = NULL;
     }
@@ -1813,6 +1819,7 @@ void wc_Sha256Free(wc_Sha256* sha256)
         ESP_LOGV(TAG, "Hardware unlock not needed in wc_Sha256Free.");
     }
 #endif
+    ForceZero(sha256, sizeof(*sha256));
 }
 
 #endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */

wolfcrypt/src/sha512.c

@@ -1126,6 +1126,7 @@ void wc_Sha512Free(wc_Sha512* sha512)
 
 #ifdef WOLFSSL_SMALL_STACK_CACHE
     if (sha512->W != NULL) {
+        ForceZero(sha512->W, sizeof(word64) * 16);
         XFREE(sha512->W, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
         sha512->W = NULL;
     }
@@ -1137,6 +1138,7 @@ void wc_Sha512Free(wc_Sha512* sha512)
 
 #if defined(WOLFSSL_HASH_KEEP)
     if (sha512->msg != NULL) {
+        ForceZero(sha512->msg, sha512->len);
         XFREE(sha512->msg, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
         sha512->msg = NULL;
     }
@@ -1145,6 +1147,8 @@ void wc_Sha512Free(wc_Sha512* sha512)
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
     wolfAsync_DevCtxFree(&sha512->asyncDev, WOLFSSL_ASYNC_MARKER_SHA512);
 #endif /* WOLFSSL_ASYNC_CRYPT */
+
+    ForceZero(sha512, sizeof(*sha512));
 }
 #if (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) \
     && !defined(WOLFSSL_KCAPI_HASH)
@@ -1197,6 +1201,7 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
 
     XMEMCPY(sha->buffer, buffer, WC_SHA512_BLOCK_SIZE);
 #ifdef WOLFSSL_SMALL_STACK
+    ForceZero(buffer, WC_SHA512_BLOCK_SIZE);
     XFREE(buffer, sha->heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return ret;
@@ -1446,6 +1451,7 @@ void wc_Sha384Free(wc_Sha384* sha384)
 
 #ifdef WOLFSSL_SMALL_STACK_CACHE
     if (sha384->W != NULL) {
+        ForceZero(sha384->W, sizeof(word64) * 16);
         XFREE(sha384->W, sha384->heap, DYNAMIC_TYPE_TMP_BUFFER);
         sha384->W = NULL;
     }
@@ -1457,6 +1463,7 @@ void wc_Sha384Free(wc_Sha384* sha384)
 
 #if defined(WOLFSSL_HASH_KEEP)
     if (sha384->msg != NULL) {
+        ForceZero(sha384->msg, sha384->len);
         XFREE(sha384->msg, sha384->heap, DYNAMIC_TYPE_TMP_BUFFER);
         sha384->msg = NULL;
     }
@@ -1476,6 +1483,8 @@ void wc_Sha384Free(wc_Sha384* sha384)
         sha384->hSession = NULL;
     }
 #endif
+
+    ForceZero(sha384, sizeof(*sha384));
 }
 
 #endif /* WOLFSSL_SHA384 */

wolfssl/wolfcrypt/aes.h

@@ -415,6 +415,9 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out,
 #ifdef WOLFSSL_AES_COUNTER
  WOLFSSL_API int wc_AesCtrEncrypt(Aes* aes, byte* out,
                                    const byte* in, word32 sz);
+ WOLFSSL_API int wc_AesCtrSetKey(Aes* aes, const byte* key, word32 len,
+                                        const byte* iv, int dir);
+
 #endif
 /* AES-DIRECT */
 #if defined(WOLFSSL_AES_DIRECT)

wolfssl/wolfcrypt/fips_test.h

@@ -77,10 +77,10 @@ enum FipsCastStateId {
 };
 
 enum FipsModeId {
-    FIPS_MODE_INIT,
-    FIPS_MODE_NORMAL,
-    FIPS_MODE_DEGRADED,
-    FIPS_MODE_FAILED
+    FIPS_MODE_INIT = 0,
+    FIPS_MODE_NORMAL = 1,
+    FIPS_MODE_DEGRADED = 2,
+    FIPS_MODE_FAILED = 3
 };
 
 
@@ -92,6 +92,7 @@ WOLFSSL_API int wolfCrypt_SetCb_fips(wolfCrypt_fips_cb cbf);
 
 /* Public get status functions */
 WOLFSSL_API int wolfCrypt_GetStatus_fips(void);
+WOLFSSL_API int wolfCrypt_GetMode_fips(void);
 WOLFSSL_API const char* wolfCrypt_GetCoreHash_fips(void);
 
 #ifdef HAVE_FORCE_FIPS_FAILURE
@@ -105,6 +106,7 @@ WOLFSSL_LOCAL int DoKnownAnswerTests(char* base16_hash, int base16_hashSz); /* F
 
 WOLFSSL_API int wc_RunCast_fips(int type);
 WOLFSSL_API int wc_GetCastStatus_fips(int type);
+WOLFSSL_API int wc_RunAllCast_fips(void);
 
 #ifdef __cplusplus
     } /* extern "C" */