diff --git a/configure.ac b/configure.ac index d45cc9111..828b52c40 100644 --- a/configure.ac +++ b/configure.ac @@ -1944,6 +1944,7 @@ else fi AM_CONDITIONAL([BUILD_FIPS], [test "x$ENABLED_FIPS" = "xyes"]) +AM_CONDITIONAL([BUILD_FIPS_V2], [test "x$FIPS_VERSION" = "xv2"]) # set sha224 default diff --git a/src/include.am b/src/include.am index 81f9c9faa..c0f132d43 100644 --- a/src/include.am +++ b/src/include.am @@ -33,8 +33,12 @@ src_libwolfssl_la_SOURCES += \ ctaocrypt/src/sha256.c if BUILD_RSA +if BUILD_FIPS_V2 +src_libwolfssl_la_SOURCES += wolfcrypt/src/rsa.c +else src_libwolfssl_la_SOURCES += ctaocrypt/src/rsa.c endif +endif if BUILD_ECC src_libwolfssl_la_SOURCES += wolfcrypt/src/ecc.c @@ -92,10 +96,12 @@ if BUILD_RSA if BUILD_FAST_RSA src_libwolfssl_la_SOURCES += wolfcrypt/user-crypto/src/rsa.c else +if !BUILD_FIPS_V2 src_libwolfssl_la_SOURCES += wolfcrypt/src/rsa.c endif endif endif +endif if BUILD_SP src_libwolfssl_la_SOURCES += wolfcrypt/src/sp.c endif diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index a333f4636..a53a36863 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -29,6 +29,18 @@ #ifndef NO_RSA +#if defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + + /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ + #define FIPS_NO_WRAPPERS + + #ifdef USE_WINDOWS_API + #pragma code_seg(".fipsA$e") + #pragma const_seg(".fipsB$e") + #endif +#endif + #include #ifdef WOLFSSL_HAVE_SP_RSA @@ -54,7 +66,10 @@ RSA Key Size Configuration: */ -#ifdef HAVE_FIPS +/* If building for old FIPS. */ +#if defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) + int wc_InitRsaKey(RsaKey* key, void* ptr) { if (key == NULL) { @@ -64,6 +79,7 @@ int wc_InitRsaKey(RsaKey* key, void* ptr) return InitRsaKey_fips(key, ptr); } + int wc_InitRsaKey_ex(RsaKey* key, void* ptr, int devId) { (void)devId; @@ -73,6 +89,7 @@ int wc_InitRsaKey_ex(RsaKey* key, void* ptr, int devId) return InitRsaKey_fips(key, ptr); } + int wc_FreeRsaKey(RsaKey* key) { return FreeRsaKey_fips(key); @@ -102,7 +119,7 @@ int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key) { - if (in == NULL || out == NULL || key == NULL) { + if (in == NULL || out == NULL || key == NULL) { return BAD_FUNC_ARG; } return RsaPrivateDecrypt_fips(in, inLen, out, outLen, key); @@ -147,56 +164,20 @@ int wc_RsaEncryptSize(RsaKey* key) } -/* New FIPS functions. */ -#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) +int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b, + word32* bSz) +{ - int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b, - word32* bSz) - { - return RsaFlattenPublicKey_fips(key, a, aSz, b, bSz); - } + /* not specified as fips so not needing _fips */ + return RsaFlattenPublicKey(key, a, aSz, b, bSz); +} - int wc_RsaExportKey(RsaKey* key, - byte* e, word32* eSz, byte* n, word32* nSz, - byte* d, word32* dSz, byte* p, word32* pSz, - byte* q, word32* qSz) - { - return RsaExportKey_fips(key, e, eSz, n, nSz, d, dSz, p, pSz, q, qSz); - } - - int wc_CheckProbablePrime(const byte* pRaw, word32 pRawSz, - const byte* qRaw, word32 qRawSz, - const byte* eRaw, word32 eRawSz, - int nlen, int* isPrime) - { - return CheckProbablePrime_fips(pRaw, pRawSz, - qRaw, qRawSz, - eRaw, eRawSz, - nlen, isPrime); - } - - int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) - { - return MakeRsaKey_fips(key, size, e, rng); - } - -#else /* Use old version of FIPS functions. */ - - int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b, - word32* bSz) - { - - /* not specified as fips so not needing _fips */ - return RsaFlattenPublicKey(key, a, aSz, b, bSz); - } - - #ifdef WOLFSSL_KEY_GEN - int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) - { - return MakeRsaKey(key, size, e, rng); - } - #endif +#ifdef WOLFSSL_KEY_GEN + int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) + { + return MakeRsaKey(key, size, e, rng); + } #endif