diff --git a/configure.ac b/configure.ac index fdc7a6d65..8239821c4 100644 --- a/configure.ac +++ b/configure.ac @@ -3372,6 +3372,7 @@ AS_CASE([$FIPS_VERSION], [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"]) AS_IF([test "x$ENABLED_AESGCM" = "xno"], [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"]) + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECDSA_SET_K" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q" AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_3072 -DHAVE_FFDHE_4096 -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DFP_MAX_BITS=16384" ], diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index 4293bd941..66806356a 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -530,6 +530,9 @@ const char* wc_GetErrorString(int error) case BAD_LENGTH_E: return "Value of length parameter is invalid."; + case ECDSA_KAT_FIPS_E: + return "wolfcrypt FIPS ECDSA Known Answer Test Failure"; + default: return "unknown error number"; diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 78851d3d4..2ca1131bd 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -238,8 +238,9 @@ enum { MISSING_IV = -277, /* IV was not set */ MISSING_KEY = -278, /* Key was not set */ BAD_LENGTH_E = -279, /* Value of length parameter is invalid. */ + ECDSA_KAT_FIPS_E = -280, /* ECDSA KAT failure */ - WC_LAST_E = -279, /* Update this to indicate last error */ + WC_LAST_E = -280, /* Update this to indicate last error */ MIN_CODE_E = -300 /* errors -101 - -299 */ /* add new companion error id strings for any new error codes diff --git a/wolfssl/wolfcrypt/fips_test.h b/wolfssl/wolfcrypt/fips_test.h index 6cca35d1f..42debf9e7 100644 --- a/wolfssl/wolfcrypt/fips_test.h +++ b/wolfssl/wolfcrypt/fips_test.h @@ -43,6 +43,7 @@ enum FipsCastId { FIPS_CAST_ECC_CDH, FIPS_CAST_ECC_PRIMITIVE_Z, FIPS_CAST_DH_PRIMITIVE_Z, + FIPS_CAST_ECDSA, FIPS_CAST_ECDSA_PAIRWISE, FIPS_CAST_ECDSA_SHA3_PAIRWISE, FIPS_CAST_COUNT