From 978928be834d80c3acc36dcf2c5bd29b8941cd42 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 3 Jun 2019 09:40:00 -0700 Subject: [PATCH] NetBSD Selftest, TLSv1.3, and wolfCrypt v4 When building for TLSv1.3 and the NetBSD Selftest, need to use the old pre-wolfCrypt v4 APIs for AES-GCM and AES-CCM. --- src/tls13.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/tls13.c b/src/tls13.c index 5dae3cd5f..d37835a49 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -1696,6 +1696,12 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, #endif nonceSz = AESGCM_NONCE_SZ; + #if ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))) + ret = wc_AesGcmEncrypt(ssl->encrypt.aes, output, input, + dataSz, ssl->encrypt.nonce, nonceSz, + output + dataSz, macSz, aad, aadSz); + #else ret = wc_AesGcmSetExtIV(ssl->encrypt.aes, ssl->encrypt.nonce, nonceSz); if (ret == 0) { @@ -1703,6 +1709,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, input, dataSz, ssl->encrypt.nonce, nonceSz, output + dataSz, macSz, aad, aadSz); } + #endif break; #endif @@ -1717,6 +1724,12 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, #endif nonceSz = AESCCM_NONCE_SZ; + #if ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))) + ret = wc_AesCcmEncrypt(ssl->encrypt.aes, output, input, + dataSz, ssl->encrypt.nonce, nonceSz, + output + dataSz, macSz, aad, aadSz); + #else ret = wc_AesCcmSetNonce(ssl->encrypt.aes, ssl->encrypt.nonce, nonceSz); if (ret == 0) { @@ -1724,6 +1737,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, input, dataSz, ssl->encrypt.nonce, nonceSz, output + dataSz, macSz, aad, aadSz); } + #endif break; #endif