diff --git a/fips-check.sh b/fips-check.sh index 4a488b3d6..3c16edba7 100755 --- a/fips-check.sh +++ b/fips-check.sh @@ -93,7 +93,7 @@ netbsd-selftest) CRYPT_INC_PATH=wolfssl/wolfcrypt CRYPT_SRC_PATH=wolfcrypt/src CAVP_SELFTEST_ONLY="yes" - FIPS_OPTION="ready" + FIPS_OPTION="v1" ;; marvell-linux-selftest) FIPS_VERSION=$MARVELL_LINUX_FIPS_VERSION @@ -106,7 +106,7 @@ marvell-linux-selftest) CRYPT_SRC_PATH=wolfcrypt/src CAVP_SELFTEST_ONLY="yes" CAVP_SELFTEST_OPTION=v2 - FIPS_OPTION="ready" + FIPS_OPTION="v1" ;; linuxv5) FIPS_REPO="git@github.com:wolfSSL/fips.git" @@ -203,6 +203,33 @@ case "$FIPS_OPTION" in *ready) echo "Don't need to copy in tagged wolfCrypt files for FIPS Ready." ;; +v1) + # make a clone of the last FIPS release tag + if ! $GIT clone --depth 1 -b "$CRYPT_VERSION" "$CRYPT_REPO" old-tree; then + echo "fips-check: Couldn't checkout the FIPS release." + exit 1 + fi + + for MOD in "${WC_MODS[@]}" + do + cp "old-tree/$CRYPT_SRC_PATH/${MOD}.c" "$CRYPT_SRC_PATH" + cp "old-tree/$CRYPT_INC_PATH/${MOD}.h" "$CRYPT_INC_PATH" + done + + # We are using random.c from a separate release. + # This is forcefully overwriting any other checkout of the cyassl sources. + # Removing this as default behavior for SGX and netos projects. + if [ "$CAVP_SELFTEST_ONLY" == "no" ] && [ "$FLAVOR" != "sgx" ] && \ + [ "$FLAVOR" != "netos-7.6" ]; + then + pushd old-tree || exit 2 + $GIT fetch origin "$RNG_VERSION" || exit $? + $GIT checkout FETCH_HEAD || exit $? + popd || exit 2 + cp "old-tree/$CRYPT_SRC_PATH/random.c" "$CRYPT_SRC_PATH" + cp "old-tree/$CRYPT_INC_PATH/random.h" "$CRYPT_INC_PATH" + fi + ;; v2|rand|v5*) $GIT branch --no-track "my$CRYPT_VERSION" "$CRYPT_VERSION" || exit $? diff --git a/src/internal.c b/src/internal.c index 98e66e394..71f6a1ebc 100644 --- a/src/internal.c +++ b/src/internal.c @@ -17907,6 +17907,14 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, * IV length minus the authentication tag size. */ c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, ssl->encrypt.additional + AEAD_LEN_OFFSET); +#if !defined(NO_PUBLIC_GCM_SET_IV) && \ + ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))) + XMEMCPY(ssl->encrypt.nonce, + ssl->keys.aead_enc_imp_IV, AESGCM_IMP_IV_SZ); + XMEMCPY(ssl->encrypt.nonce + AESGCM_IMP_IV_SZ, + ssl->keys.aead_exp_IV, AESGCM_EXP_IV_SZ); +#endif #ifdef HAVE_PK_CALLBACKS ret = NOT_COMPILED_IN; if (ssl->ctx && ssl->ctx->PerformTlsRecordProcessingCb) { @@ -18251,6 +18259,11 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, ssl->specs.bulk_cipher_algorithm == wolfssl_aria_gcm) { /* finalize authentication cipher */ +#if !defined(NO_PUBLIC_GCM_SET_IV) && \ + ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))) + AeadIncrementExpIV(ssl); +#endif if (ssl->encrypt.nonce) ForceZero(ssl->encrypt.nonce, AESGCM_NONCE_SZ); } @@ -21713,6 +21726,15 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, if (ret != 0) goto exit_buildmsg; } +#if !defined(NO_PUBLIC_GCM_SET_IV) && \ + ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) && \ + defined(HAVE_AEAD)) + if (ssl->specs.cipher_type == aead) { + if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha) + XMEMCPY(args->iv, ssl->keys.aead_exp_IV, AESGCM_EXP_IV_SZ); + } +#endif args->size = (word16)(args->sz - args->headerSz); /* include mac and digest */ AddRecordHeader(output, args->size, (byte)type, ssl, epochOrder); diff --git a/src/tls13.c b/src/tls13.c index fbdd30191..f393abc06 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -2572,6 +2572,12 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, #endif { + #if ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))) + ret = wc_AesGcmEncrypt(ssl->encrypt.aes, output, input, + dataSz, ssl->encrypt.nonce, nonceSz, + output + dataSz, macSz, aad, aadSz); + #else ret = wc_AesGcmSetExtIV(ssl->encrypt.aes, ssl->encrypt.nonce, nonceSz); if (ret == 0) { @@ -2579,6 +2585,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, input, dataSz, ssl->encrypt.nonce, nonceSz, output + dataSz, macSz, aad, aadSz); } + #endif } break; #endif @@ -2606,6 +2613,12 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, if (ret == NOT_COMPILED_IN) #endif { + #if ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))) + ret = wc_AesCcmEncrypt(ssl->encrypt.aes, output, input, + dataSz, ssl->encrypt.nonce, nonceSz, + output + dataSz, macSz, aad, aadSz); + #else ret = wc_AesCcmSetNonce(ssl->encrypt.aes, ssl->encrypt.nonce, nonceSz); if (ret == 0) { @@ -2613,6 +2626,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, input, dataSz, ssl->encrypt.nonce, nonceSz, output + dataSz, macSz, aad, aadSz); } + #endif } break; #endif