wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2354 from ejohnstown/fixes

Browse Source 
Fixes for FIPS
This commit is contained in:
toddouska
2019-07-19 09:59:21 -07:00
committed by GitHub
parent 45abd67bd1 3aad9a2673
commit ab01cd9be1
3 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
tests/api.c
View File

@@ -11341,7 +11341,7 @@ static int test_wc_RsaPublicKeyDecodeRaw (void)
/* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find /* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find
* a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps * a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps
* trying until it gets a probable prime. */ * trying until it gets a probable prime. */
#ifdef WOLFSSL_FIPS #ifdef HAVE_FIPS
static int MakeRsaKeyRetry(RsaKey* key, int size, long e, WC_RNG* rng) static int MakeRsaKeyRetry(RsaKey* key, int size, long e, WC_RNG* rng)
{ {
int ret; int ret;
@@ -20664,6 +20664,10 @@ static void test_wolfSSL_PKCS8_Compat(void)
static void test_wolfSSL_PKCS8_d2i(void) static void test_wolfSSL_PKCS8_d2i(void)
{ {
#ifndef HAVE_FIPS
/* This test ends up using HMAC as a part of PBKDF2, and HMAC
* requires a 12 byte password in FIPS mode. This test ends up
* trying to use an 8 byte password. */
#ifdef OPENSSL_ALL #ifdef OPENSSL_ALL
WOLFSSL_EVP_PKEY* pkey = NULL; WOLFSSL_EVP_PKEY* pkey = NULL;
#ifndef NO_FILESYSTEM #ifndef NO_FILESYSTEM
@@ -20817,6 +20821,7 @@ static void test_wolfSSL_PKCS8_d2i(void)
printf(resultFmt, passed); printf(resultFmt, passed);
#endif #endif
#endif /* HAVE_FIPS */
} }
static void test_wolfSSL_ERR_put_error(void) static void test_wolfSSL_ERR_put_error(void)

3
wolfcrypt/src/aes.c
View File

@@ -1628,7 +1628,8 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
#endif #endif
/* if input and output same will overwrite input iv */ /* if input and output same will overwrite input iv */
XMEMCPY(aes->tmp, inBlock, AES_BLOCK_SIZE); if ((const byte*)aes->tmp != inBlock)
XMEMCPY(aes->tmp, inBlock, AES_BLOCK_SIZE);
AES_ECB_decrypt(inBlock, outBlock, AES_BLOCK_SIZE, (byte*)aes->key, AES_ECB_decrypt(inBlock, outBlock, AES_BLOCK_SIZE, (byte*)aes->key,
aes->rounds); aes->rounds);
return; return;

4
wolfcrypt/src/rsa.c
View File

@@ -3654,7 +3654,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
if (err == MP_OKAY) if (err == MP_OKAY)
err = _CheckProbablePrime(&p, NULL, &tmp3, size, &isPrime, rng); err = _CheckProbablePrime(&p, NULL, &tmp3, size, &isPrime, rng);
#ifdef WOLFSSL_FIPS #ifdef HAVE_FIPS
i++; i++;
#else #else
/* Keep the old retry behavior in non-FIPS build. */ /* Keep the old retry behavior in non-FIPS build. */
@@ -3689,7 +3689,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
if (err == MP_OKAY) if (err == MP_OKAY)
err = _CheckProbablePrime(&p, &q, &tmp3, size, &isPrime, rng); err = _CheckProbablePrime(&p, &q, &tmp3, size, &isPrime, rng);
#ifdef WOLFSSL_FIPS #ifdef HAVE_FIPS
i++; i++;
#else #else
/* Keep the old retry behavior in non-FIPS build. */ /* Keep the old retry behavior in non-FIPS build. */