adding comment to header and _fips to c files

cyassl/ctaocrypt/camellia.h

@@ -23,7 +23,7 @@
 #define CTAO_CRYPT_CAMELLIA_H
 
 
-/* for blake2 reverse compatibility */
+/* for camellia reverse compatibility */
 #ifdef HAVE_CAMELLIA
     #include <wolfssl/wolfcrypt/camellia.h>
 	#define CamelliaSetKey        wc_CamelliaSetKey

cyassl/ctaocrypt/hmac.h

@@ -33,7 +33,7 @@
     #define HmacInitCavium wc_HmacInitCavium
     #define HmacFreeCavium wc_HmacFreeCavium
 #endif
-#define wolfSSL_GetHmacMaxSize wc_wolfSSL_GetHmacMaxSize
+#define CyaSSL_GetHmacMaxSize wolfSSL_GetHmacMaxSize
 #ifdef HAVE_HKDF
     #define HKDF wc_HKDF
 #endif /* HAVE_HKDF */

cyassl/ctaocrypt/types.h

@@ -32,7 +32,8 @@
 #define CYASSL_BIT_SIZE     WOLFSSL_BIT_SIZE
 #define CYASSL_MAX_16BIT    WOLFSSL_MAX_16BIT
 #define CYASSL_MAX_ERROR_SZ WOLFSSL_MAX_ERROR_SZ
-#define cyassl_word wolfssl_word
+#define cyassl_word         wolfssl_word
+#define CYASSL_MAX_ERROR_SZ WOLFSSL_MAX_ERROR_SZ
 
 /* if macros need to be reverted back to previous name for fips */
 //    #define WOLFSSL_MAX_ERROR_SZ CYASSL_MAX_ERROR_SZ

cyassl/ssl.h

@@ -30,6 +30,7 @@
  * include the new ssl.h
  */
 #include <wolfssl/ssl.h>
+#include <cyassl/ctaocrypt/types.h>
 #include <cyassl/ctaocrypt/settings.h>
 
 #ifdef __cplusplus
@@ -385,18 +386,10 @@
 
 /* JRB macro redefinitions and api calls for cryptography for reverse compat. */
 
-/* new fips header files since old ones could not be changed for compatibility*/
-#ifndef NO_AES
-    #include <wolfssl/wolfcrypt/aes.h>
-#endif
-
 #ifdef WOLFSSL_SMALL_STACK
     #define CYASSL_SMALL_STACK
 #endif
 
-#if !defined(CYASSL_MAX_ERROR_SZ) && !defined(HAVE_FIPS)
-    #define CYASSL_MAX_ERROR_SZ WOLFSSL_MAX_ERROR_SZ
-#endif
 
 /*
  * wrapper around macros until they are changed in cyassl code

examples/server/server.c

@@ -1,4 +1,3 @@
-#include <wolfssl/test.h>
 /* server.c
  *
  * Copyright (C) 2006-2015 wolfSSL Inc.

wolfcrypt/benchmark/benchmark.c

@@ -167,7 +167,7 @@ int benchmark_test(void *args)
 #endif
 
     #if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND)
-        wolfSSL_Debugging_ON();
+        WOLFSSL_API int wolfSSL_Debugging_ON();
     #endif
 
 	#ifdef HAVE_CAVIUM

wolfcrypt/src/aes.c

@@ -33,25 +33,25 @@
 int wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv,
                           int dir)
 {
-    return AesSetKey(aes, key, len, iv, dir);
+    return AesSetKey_fips(aes, key, len, iv, dir);
 }
 
 
 int wc_AesSetIV(Aes* aes, const byte* iv)
 {
-    return AesSetIV(aes, iv);
+    return AesSetIV_fips(aes, iv);
 }
 
 
 int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
-    return AesCbcEncrypt(aes, out, in, sz);
+    return AesCbcEncrypt_fips(aes, out, in, sz);
 }
 
 
 int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
-    return AesCbcDecrypt(aes, out, in, sz);
+    return AesCbcDecrypt_fips(aes, out, in, sz);
 }
 
 
@@ -95,7 +95,7 @@ int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
 #ifdef HAVE_AESGCM
 int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
 {
-    return AesGcmSetKey(aes, key, len);
+    return AesGcmSetKey_fips(aes, key, len);
 }
 
 
@@ -104,7 +104,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
                               byte* authTag, word32 authTagSz,
                               const byte* authIn, word32 authInSz)
 {
-    return AesGcmEncrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
+    return AesGcmEncrypt_fips(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
                               authIn, authInSz);
 }
 
@@ -114,7 +114,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
                               const byte* authTag, word32 authTagSz,
                               const byte* authIn, word32 authInSz)
 {
-    return AesGcmDecrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
+    return AesGcmDecrypt_fips(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
                               authIn, authInSz);
 }
 

wolfcrypt/src/des3.c

@@ -46,7 +46,7 @@ int wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
 
 int wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
 {
-    return Des3_SetKey(des, key, iv, dir);
+    return Des3_SetKey_fips(des, key, iv, dir);
 }
 
 
@@ -64,13 +64,13 @@ int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
 
 int wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
 {
-    return Des3_CbcEncrypt(des, out, in, sz);
+    return Des3_CbcEncrypt_fips(des, out, in, sz);
 }
 
 
 int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
 {
-    return Des3_CbcDecrypt(des, out, in, sz);
+    return Des3_CbcDecrypt_fips(des, out, in, sz);
 }
 
 
@@ -100,7 +100,7 @@ int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
 
 int wc_Des3_SetIV(Des3* des, const byte* iv)
 {
-    return Des3_SetIV(des, iv);
+    return Des3_SetIV_fips(des, iv);
 }
 
 
@@ -128,7 +128,7 @@ void wc_Des3_FreeCavium(Des3* des3)
 
 
 #endif /* HAVE_CAVIUM */
-#else
+#else /* build without fips */
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/logging.h>
 

wolfcrypt/src/hmac.c

@@ -33,19 +33,19 @@
 /* does init */
 int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 keySz)
 {
-    return HmacSetKey(hmac, type, key, keySz);
+    return HmacSetKey_fips(hmac, type, key, keySz);
 }
 
 
 int wc_HmacUpdate(Hmac* hmac, const byte* in, word32 sz)
 {
-    return HmacUpdate(hmac, in, sz);
+    return HmacUpdate_fips(hmac, in, sz);
 }
 
 
 int wc_HmacFinal(Hmac* hmac, byte* out)
 {
-    return HmacFinal(hmac, out);
+    return HmacFinal_fips(hmac, out);
 }
 
 
@@ -62,7 +62,7 @@ int wc_HmacFinal(Hmac* hmac, byte* out)
     }
 #endif
 
-int wc_wolfSSL_GetHmacMaxSize(void)
+int wolfSSL_GetHmacMaxSize(void)
 {
     return CyaSSL_GetHmacMaxSize();
 }
@@ -79,35 +79,7 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
 
 
 #endif /* HAVE_HKDF */
-
+#else /* else build without fips */
-
-#ifdef HAVE_FIPS
-    /* fips wrapper calls, user can call direct */
-int wc_HmacSetKey_fips(Hmac* hmac, int type, const byte* key,
-                                   word32 keySz)
-{
-    return HmacSetKey_fips(hmac, type, key, keySz);
-}
-
-int wc_HmacUpdate_fips(Hmac* hmac, const byte* in , word32 sz)
-{
-    return HmacUpdate_fips(hmac, in, sz);
-}
-
-
-int wc_HmacFinal_fips(Hmac* hmac, byte* out)
-{
-    return HmacFinal_fips(hmac, out);
-}
-#ifndef FIPS_NO_WRAPPERS
-        /* if not impl or fips.c impl wrapper force fips calls if fips build */
-        #define HmacSetKey HmacSetKey_fips
-        #define HmacUpdate HmacUpdate_fips
-        #define HmacFinal  HmacFinal_fips
-    #endif /* FIPS_NO_WRAPPERS */
-
-#endif /* HAVE_FIPS */
-#else
 #ifdef WOLFSSL_PIC32MZ_HASH
 
 #define wc_InitMd5   wc_InitMd5_sw
@@ -743,7 +715,7 @@ static void HmacCaviumSetKey(Hmac* hmac, int type, const byte* key,
 
 #endif /* HAVE_CAVIUM */
 
-int wc_wolfSSL_GetHmacMaxSize(void)
+int wolfSSL_GetHmacMaxSize(void)
 {
     return MAX_DIGEST_SIZE;
 }

wolfcrypt/src/random.c

@@ -48,13 +48,13 @@ int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz)
 
 int  wc_InitRng(RNG* rng)
 {
-    return InitRng(rng);
+    return InitRng_fips(rng);
 }
 
 
 int  wc_RNG_GenerateBlock(RNG* rng, byte* b, word32 sz)
 {
-    return RNG_GenerateBlock(rng, b, sz);
+    return RNG_GenerateBlock_fips(rng, b, sz);
 }
 
 
@@ -66,7 +66,7 @@ int  wc_RNG_GenerateByte(RNG* rng, byte* b)
 #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
     int wc_FreeRng(RNG* rng)
     {
-        return FreeRng(rng);
+        return FreeRng_fips(rng);
     }
 
 
@@ -75,48 +75,11 @@ int  wc_RNG_GenerateByte(RNG* rng, byte* b)
                                         const byte* entropyB, word32 entropyBSz,
                                         byte* output, word32 outputSz)
     {
-        return RNG_HealthTest(reseed, entropyA, entropyASz,
+        return RNG_HealthTest_fips(reseed, entropyA, entropyASz,
                               entropyB, entropyBSz, output, outputSz);
     }
 #endif /* HAVE_HASHDRBG || NO_RC4 */
-
+#else /* else build without fips */
-
-#ifdef HAVE_FIPS
-    /* fips wrapper calls, user can call direct */
-    int wc_InitRng_fips(RNG* rng)
-    {
-        return InitRng_fips(rng);
-    }
-
-
-    int wc_FreeRng_fips(RNG* rng)
-    {
-        return FreeRng_fips(rng);
-    }
-
-
-    int wc_RNG_GenerateBlock_fips(RNG* rng, byte* buf, word32 bufSz)
-    {
-        return RNG_GenerateBlock_fips(rng, buf, bufSz);
-    }
-
-    int wc_RNG_HealthTest_fips(int reseed,
-                                        const byte* entropyA, word32 entropyASz,
-                                        const byte* entropyB, word32 entropyBSz,
-                                        byte* output, word32 outputSz)
-    {
-        return RNG_HealthTest_fips(reseed, entropyA, entropyASz,
-                                   entropyB, entropyBSz, output, outputSz);
-    }
-    #ifndef FIPS_NO_WRAPPERS
-        /* if not impl or fips.c impl wrapper force fips calls if fips build */
-        #define InitRng              InitRng_fips
-        #define FreeRng              FreeRng_fips
-        #define RNG_GenerateBlock    RNG_GenerateBlock_fips
-        #define RNG_HealthTest       RNG_HealthTest_fips
-    #endif /* FIPS_NO_WRAPPERS */
-#endif /* HAVE_FIPS */
-#else
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #if defined(HAVE_HASHDRBG) || defined(NO_RC4)

wolfcrypt/src/rsa.c

@@ -32,66 +32,67 @@
 #ifdef HAVE_FIPS
 int  wc_InitRsaKey(RsaKey* key, void* ptr)
 {
-    return InitRsaKey(key, ptr);
+    return InitRsaKey_fips(key, ptr);
 }
 
 
 int  wc_FreeRsaKey(RsaKey* key)
 {
-    return FreeRsaKey(key);
+    return FreeRsaKey_fips(key);
 }
 
 
 int  wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
                                  word32 outLen, RsaKey* key, RNG* rng)
 {
-    return RsaPublicEncrypt(in, inLen, out, outLen, key, rng);
+    return RsaPublicEncrypt_fips(in, inLen, out, outLen, key, rng);
 }
 
 
 int  wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
                                         RsaKey* key)
 {
-    return RsaPrivateDecryptInline(in, inLen, out, key);
+    return RsaPrivateDecryptInline_fips(in, inLen, out, key);
 }
 
 
 int  wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
                                   word32 outLen, RsaKey* key)
 {
-    return RsaPrivateDecrypt(in, inLen, out, outLen, key);
+    return RsaPrivateDecrypt_fips(in, inLen, out, outLen, key);
 }
 
 
 int  wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
                             word32 outLen, RsaKey* key, RNG* rng)
 {
-    return RsaSSL_Sign(in, inLen, out, outLen, key, rng);
+    return RsaSSL_Sign_fips(in, inLen, out, outLen, key, rng);
 }
 
 
 int  wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
 {
-    return RsaSSL_VerifyInline(in, inLen, out, key);
+    return RsaSSL_VerifyInline_fips(in, inLen, out, key);
 }
 
 
 int  wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
                               word32 outLen, RsaKey* key)
 {
-    return RsaSSL_Verify(in, inLen, out, outLen, key);
+    return RsaSSL_Verify_fips(in, inLen, out, outLen, key);
 }
 
 
 int  wc_RsaEncryptSize(RsaKey* key)
 {
-    return RsaEncryptSize(key);
+    return RsaEncryptSize_fips(key);
 }
 
 
 int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
                            word32* bSz)
 {
+    /* not specified as fips so not needing _fips */
     return RsaFlattenPublicKey(key, a, aSz, b, bSz);
 }
 #ifdef WOLFSSL_KEY_GEN
@@ -121,97 +122,12 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
     }
 #endif
 
+/* these are functions in asn and are routed to wolfssl/wolfcrypt/asn.c
+* wc_RsaPrivateKeyDecode
+* wc_RsaPublicKeyDecode
+*/
 
-#ifdef HAVE_FIPS
+#else /* else build without fips */
-    /* fips wrapper calls, user can call direct */
-    int  wc_InitRsaKey_fips(RsaKey* key, void* ptr)
-    {
-        return InitRsaKey_fips(key, ptr);
-    }
-
-
-    int  wc_FreeRsaKey_fips(RsaKey* key)
-    {
-        return FreeRsaKey_fips(key);
-    }
-
-
-    int  wc_RsaPublicEncrypt_fips(const byte* in,word32 inLen,byte* out,
-                                 word32 outLen, RsaKey* key, RNG* rng)
-    {
-        return RsaPublicEncrypt_fips(in, inLen, out, outLen, key, rng);
-    }
-
-
-    int  wc_RsaPrivateDecryptInline_fips(byte* in, word32 inLen,
-                                                 byte** out, RsaKey* key)
-    {
-        return RsaPrivateDecryptInline_fips(in, inLen, out, key);
-    }
-
-
-    int  wc_RsaPrivateDecrypt_fips(const byte* in, word32 inLen,
-                                           byte* out,word32 outLen,RsaKey* key)
-    {
-        return RsaPrivateDecrypt_fips(in, inLen, out, outLen, key);
-    }
-
-
-    int wc_RsaSSL_Sign_fips(const byte* in, word32 inLen, byte* out,
-                            word32 outLen, RsaKey* key, RNG* rng)
-    {
-        return RsaSSL_Sign_fips(in, inLen, out, outLen, key, rng);
-    }
-
-
-    int  wc_RsaSSL_VerifyInline_fips(byte* in, word32 inLen, byte** out,
-                                    RsaKey* key)
-    {
-        return RsaSSL_VerifyInline_fips(in, inLen, out, key);
-    }
-
-
-    int  wc_RsaSSL_Verify_fips(const byte* in, word32 inLen, byte* out,
-                              word32 outLen, RsaKey* key)
-    {
-        return RsaSSL_Verify_fips(in, inLen, out, outLen, key);
-    }
-
-
-    int  wc_RsaEncryptSize_fips(RsaKey* key)
-    {
-        return RsaEncryptSize_fips(key);
-    }
-
-
-    int wc_RsaPrivateKeyDecode_fips(const byte* input, word32* inOutIdx,
-                                            RsaKey* key, word32 sz)
-    {
-        return RsaPrivateKeyDecode_fips(input, inOutIdx, key, sz);
-    }
-
-
-    int wc_RsaPublicKeyDecode_fips(const byte* input, word32* inOutIdx,
-                                           RsaKey* key, word32 sz)
-    {
-        return RsaPublicKeyDecode_fips(input, inOutIdx, key, sz);
-    }
-    #ifndef FIPS_NO_WRAPPERS
-        /* if not impl or fips.c impl wrapper force fips calls if fips build */
-        #define InitRsaKey              InitRsaKey_fips 
-        #define FreeRsaKey              FreeRsaKey_fips 
-        #define RsaPublicEncrypt        RsaPublicEncrypt_fips 
-        #define RsaPrivateDecryptInline RsaPrivateDecryptInline_fips 
-        #define RsaPrivateDecrypt       RsaPrivateDecrypt_fips 
-        #define RsaSSL_Sign             RsaSSL_Sign_fips
-        #define RsaSSL_VerifyInline     RsaSSL_VerifyInline_fips
-        #define RsaSSL_Verify           RsaSSL_Verify_fips
-        #define RsaEncryptSize          RsaEncryptSize_fips
-        /* no implicit KeyDecodes since in asn.c (not rsa.c) */
-    #endif /* FIPS_NO_WRAPPERS */
-
-#endif /* HAVE_FIPS */
-#else
 #include <wolfssl/wolfcrypt/random.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/logging.h>

wolfcrypt/src/sha.c

@@ -28,11 +28,6 @@
 
 #if !defined(NO_SHA)
 
-#ifdef HAVE_FIPS
-    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
-    #define FIPS_NO_WRAPPERS
-#endif
-
 #include <wolfssl/wolfcrypt/sha.h>
 #include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
@@ -67,23 +62,7 @@
         return ShaHash(data, sz, out);
     }
 
-
+#else /* else build without fips */
-    int wc_InitSha_fips(Sha* sha)
-    {
-        return InitSha_fips(sha);
-    }
-
-    int wc_ShaUpdate_fips(Sha* sha, const byte* data, word32 sz)
-    {
-        return ShaUpdate_fips(sha, data, sz);
-    }
-
-    int wc_ShaFinal_fips(Sha* sha, byte* out)
-    {
-        return ShaFinal_fips(sha, out);
-    }
-
-#else
 
 #ifdef FREESCALE_MMCAU
     #include "cau_api.h"
@@ -111,18 +90,18 @@ int wc_InitSha(Sha* sha)
     XMEMSET(sha->buffer, 0, SHA_REG_SIZE);
     sha->buffLen = 0;
     sha->loLen = 0;
-    
+
     /* initialize HASH peripheral */
     HASH_DeInit();
-    
+
     /* configure algo used, algo mode, datatype */
     HASH->CR &= ~ (HASH_CR_ALGO | HASH_CR_DATATYPE | HASH_CR_MODE);
     HASH->CR |= (HASH_AlgoSelection_SHA1 | HASH_AlgoMode_HASH
                  | HASH_DataType_8b);
-    
+
     /* reset HASH processor */
     HASH->CR |= HASH_CR_INIT;
-    
+
     return 0;
 }
 
@@ -131,16 +110,16 @@ int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
     word32 i = 0;
     word32 fill = 0;
     word32 diff = 0;
-    
+
     /* if saved partial block is available */
     if (sha->buffLen) {
         fill = 4 - sha->buffLen;
-        
+
         /* if enough data to fill, fill and push to FIFO */
         if (fill <= len) {
             XMEMCPY((byte*)sha->buffer + sha->buffLen, data, fill);
             HASH_DataIn(*(uint32_t*)sha->buffer);
-            
+
             data += fill;
             len -= fill;
             sha->loLen += 4;
@@ -152,7 +131,7 @@ int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
             return;
         }
     }
-    
+
     /* write input block in the IN FIFO */
     for(i = 0; i < len; i += 4)
     {
@@ -167,46 +146,46 @@ int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
             data+=4;
         }
     }
-    
+
     /* keep track of total data length thus far */
     sha->loLen += (len - sha->buffLen);
-    
+
     return 0;
 }
 
 int wc_ShaFinal(Sha* sha, byte* hash)
 {
     __IO uint16_t nbvalidbitsdata = 0;
-    
+
     /* finish reading any trailing bytes into FIFO */
     if (sha->buffLen) {
         HASH_DataIn(*(uint32_t*)sha->buffer);
         sha->loLen += sha->buffLen;
     }
-    
+
     /* calculate number of valid bits in last word of input data */
     nbvalidbitsdata = 8 * (sha->loLen % SHA_REG_SIZE);
-    
+
     /* configure number of valid bits in last word of the data */
     HASH_SetLastWordValidBitsNbr(nbvalidbitsdata);
-    
+
     /* start HASH processor */
     HASH_StartDigest();
-    
+
     /* wait until Busy flag == RESET */
     while (HASH_GetFlagStatus(HASH_FLAG_BUSY) != RESET) {}
-    
+
     /* read message digest */
     sha->digest[0] = HASH->HR[0];
     sha->digest[1] = HASH->HR[1];
     sha->digest[2] = HASH->HR[2];
     sha->digest[3] = HASH->HR[3];
     sha->digest[4] = HASH->HR[4];
-    
+
     ByteReverseWords(sha->digest, sha->digest, SHA_DIGEST_SIZE);
-    
+
     XMEMCPY(hash, sha->digest, SHA_DIGEST_SIZE);
-    
+
     return wc_InitSha(sha);  /* reset state */
 }
 
@@ -233,11 +212,11 @@ int wc_InitSha(Sha* sha)
     sha->digest[3] = 0x10325476L;
     sha->digest[4] = 0xC3D2E1F0L;
 #endif
-    
+
     sha->buffLen = 0;
     sha->loLen   = 0;
     sha->hiLen   = 0;
-    
+
     return 0;
 }
 
@@ -267,37 +246,37 @@ rotlFixed((v),5); (w) = rotlFixed((w),30);
 static void Transform(Sha* sha)
 {
     word32 W[SHA_BLOCK_SIZE / sizeof(word32)];
-    
+
     /* Copy context->state[] to working vars */
     word32 a = sha->digest[0];
     word32 b = sha->digest[1];
     word32 c = sha->digest[2];
     word32 d = sha->digest[3];
     word32 e = sha->digest[4];
-    
+
 #ifdef USE_SLOW_SHA
     word32 t, i;
-    
+
     for (i = 0; i < 16; i++) {
         R0(a, b, c, d, e, i);
         t = e; e = d; d = c; c = b; b = a; a = t;
     }
-    
+
     for (; i < 20; i++) {
         R1(a, b, c, d, e, i);
         t = e; e = d; d = c; c = b; b = a; a = t;
     }
-    
+
     for (; i < 40; i++) {
         R2(a, b, c, d, e, i);
         t = e; e = d; d = c; c = b; b = a; a = t;
     }
-    
+
     for (; i < 60; i++) {
         R3(a, b, c, d, e, i);
         t = e; e = d; d = c; c = b; b = a; a = t;
     }
-    
+
     for (; i < 80; i++) {
         R4(a, b, c, d, e, i);
         t = e; e = d; d = c; c = b; b = a; a = t;
@@ -309,28 +288,28 @@ static void Transform(Sha* sha)
     R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
     R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
     R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
-    
+
     R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
-    
+
     R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
     R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
     R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
     R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
     R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
-    
+
     R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
     R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
     R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
     R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
     R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
-    
+
     R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
     R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
     R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
     R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
     R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
 #endif
-    
+
     /* Add the working vars back into digest state[] */
     sha->digest[0] += a;
     sha->digest[1] += b;
@@ -354,15 +333,15 @@ int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
 {
     /* do block size increments */
     byte* local = (byte*)sha->buffer;
-    
+
     while (len) {
         word32 add = min(len, SHA_BLOCK_SIZE - sha->buffLen);
         XMEMCPY(&local[sha->buffLen], data, add);
-        
+
         sha->buffLen += add;
         data         += add;
         len          -= add;
-        
+
         if (sha->buffLen == SHA_BLOCK_SIZE) {
 #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
             ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
@@ -372,7 +351,7 @@ int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
             sha->buffLen = 0;
         }
     }
-    
+
     return 0;
 }
 
@@ -380,16 +359,16 @@ int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
 int wc_ShaFinal(Sha* sha, byte* hash)
 {
     byte* local = (byte*)sha->buffer;
-    
+
     AddLength(sha, sha->buffLen);  /* before adding pads */
-    
+
     local[sha->buffLen++] = 0x80;  /* add 1 */
-    
+
     /* pad with zeros */
     if (sha->buffLen > SHA_PAD_SIZE) {
         XMEMSET(&local[sha->buffLen], 0, SHA_BLOCK_SIZE - sha->buffLen);
         sha->buffLen += SHA_BLOCK_SIZE - sha->buffLen;
-        
+
 #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
         ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
 #endif
@@ -397,12 +376,12 @@ int wc_ShaFinal(Sha* sha, byte* hash)
         sha->buffLen = 0;
     }
     XMEMSET(&local[sha->buffLen], 0, SHA_PAD_SIZE - sha->buffLen);
-    
+
     /* put lengths in bits */
     sha->hiLen = (sha->loLen >> (8*sizeof(sha->loLen) - 3)) +
     (sha->hiLen << 3);
     sha->loLen = sha->loLen << 3;
-    
+
     /* store lengths */
 #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
     ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);

wolfcrypt/src/sha256.c

@@ -34,19 +34,19 @@
 
 int wc_InitSha256(Sha256* sha)
 {
-    return InitSha256(sha);
+    return InitSha256_fips(sha);
 }
 
 
 int wc_Sha256Update(Sha256* sha, const byte* data, word32 len)
 {
-    return Sha256Update(sha, data, len);    
+    return Sha256Update_fips(sha, data, len);
 }
 
 
 int wc_Sha256Final(Sha256* sha, byte* out)
 {
-    return Sha256Final(sha, out);
+    return Sha256Final_fips(sha, out);
 }
 
 
@@ -54,7 +54,7 @@ int wc_Sha256Hash(const byte* data, word32 len, byte* out)
 {
     return Sha256Hash(data, len, out);
 }
-#else
+#else /* else build without fips */
 #ifdef WOLFSSL_PIC32MZ_HASH
 #define wc_InitSha256   InitSha256_sw
 #define wc_Sha256Update Sha256Update_sw

wolfcrypt/src/sha512.c

@@ -31,19 +31,19 @@
 #ifdef HAVE_FIPS
 int wc_InitSha512(Sha512* sha)
 {
-    return InitSha512(sha);
+    return InitSha512_fips(sha);
 }
 
 
 int wc_Sha512Update(Sha512* sha, const byte* data, word32 len)
 {
-    return Sha512Update(sha, data, len);
+    return Sha512Update_fips(sha, data, len);
 }
 
 
 int wc_Sha512Final(Sha512* sha, byte* out)
 {
-    return Sha512Final(sha, out);
+    return Sha512Final_fips(sha, out);
 }
 
 
@@ -56,19 +56,19 @@ int wc_Sha512Hash(const byte* data, word32 len, byte* out)
 
 int wc_InitSha384(Sha384* sha)
 {
-    return InitSha384(sha);
+    return InitSha384_fips(sha);
 }
 
 
 int wc_Sha384Update(Sha384* sha, const byte* data, word32 len)
 {
-    return Sha384Update(sha, data, len);
+    return Sha384Update_fips(sha, data, len);
 }
 
 
 int wc_Sha384Final(Sha384* sha, byte* out)
 {
-    return Sha384Final(sha, out);
+    return Sha384Final_fips(sha, out);
 }
 
 
@@ -77,7 +77,7 @@ int wc_Sha384Hash(const byte* data, word32 len, byte* out)
     return Sha384Hash(data, len, out);
 }
 #endif /* WOLFSSL_SHA384 */
-#else
+#else /* else build without using fips */
 #include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 

wolfssl/wolfcrypt/aes.h

@@ -39,7 +39,7 @@
 #endif
 #endif
 
-#ifndef HAVE_FIPS
+#ifndef HAVE_FIPS /* to avoid redefinition of macros */
 #ifdef HAVE_CAVIUM
     #include <wolfssl/ctaocrypt/logging.h>
     #include "cavium_common.h"
@@ -72,7 +72,7 @@
     extern "C" {
 #endif
 
-#ifndef HAVE_FIPS
+#ifndef HAVE_FIPS /* to avoid redefinition of structures */
 #define WOLFSSL_AES_CAVIUM_MAGIC 0xBEEF0002
 
 enum {
@@ -177,39 +177,6 @@ typedef struct Gmac {
      WOLFSSL_API void wc_AesFreeCavium(Aes*);
 #endif
 
-
-#ifdef HAVE_FIPS
-    /* fips wrapper calls, user can call direct */
-     WOLFSSL_API int  wc_AesSetKey_fips(Aes* aes, const byte* key, word32 len,
-                                   const byte* iv, int dir);
-     WOLFSSL_API int  wc_AesSetIV_fips(Aes* aes, const byte* iv);
-     WOLFSSL_API int  wc_AesCbcEncrypt_fips(Aes* aes, byte* out, const byte* in,
-                                       word32 sz);
-     WOLFSSL_API int  wc_AesCbcDecrypt_fips(Aes* aes, byte* out, const byte* in,
-                                       word32 sz);
-     WOLFSSL_API int  wc_AesGcmSetKey_fips(Aes* aes, const byte* key, word32 len);
-     WOLFSSL_API int  wc_AesGcmEncrypt_fips(Aes* aes, byte* out, const byte* in,
-                              word32 sz, const byte* iv, word32 ivSz,
-                              byte* authTag, word32 authTagSz,
-                              const byte* authIn, word32 authInSz);
-     WOLFSSL_API int  wc_AesGcmDecrypt_fips(Aes* aes, byte* out, const byte* in,
-                              word32 sz, const byte* iv, word32 ivSz,
-                              const byte* authTag, word32 authTagSz,
-                              const byte* authIn, word32 authInSz);
-//    #ifndef FIPS_NO_WRAPPERS
-//        /* if not impl or fips.c impl wrapper force fips calls if fips build */
-//        #define AesSetKey     AesSetKey_fips
-//        #define AesSetIV      AesSetIV_fips
-//        #define AesCbcEncrypt AesCbcEncrypt_fips
-//        #define AesCbcDecrypt AesCbcDecrypt_fips
-//        #define AesGcmSetKey  AesGcmSetKey_fips
-//        #define AesGcmEncrypt AesGcmEncrypt_fips
-//        #define AesGcmDecrypt AesGcmDecrypt_fips
-//    #endif /* FIPS_NO_WRAPPERS */
-
-#endif /* HAVE_FIPS */
-
-
 #ifdef __cplusplus
     } /* extern "C" */
 #endif

wolfssl/wolfcrypt/asn.h

@@ -57,7 +57,7 @@ enum {
 };
 
 /* ASN Tags   */
-enum ASN_Tags {        
+enum ASN_Tags {
     ASN_BOOLEAN           = 0x01,
     ASN_INTEGER           = 0x02,
     ASN_BIT_STRING        = 0x03,
@@ -114,7 +114,7 @@ enum ECC_TYPES {
     ECC_PREFIX_1 = 161
 };
 
-enum Misc_ASN { 
+enum Misc_ASN {
     ASN_NAME_MAX        = 256,
     MAX_SALT_SIZE       =  64,     /* MAX PKCS Salt length */
     MAX_IV_SIZE         =  64,     /* MAX PKCS Iv length */
@@ -134,8 +134,8 @@ enum Misc_ASN {
     MAX_ENCODED_SIG_SZ  = 512,
     MAX_SIG_SZ          = 256,
     MAX_ALGO_SZ         =  20,
-    MAX_SEQ_SZ          =   5,     /* enum(seq | con) + length(4) */  
+    MAX_SEQ_SZ          =   5,     /* enum(seq | con) + length(4) */
-    MAX_SET_SZ          =   5,     /* enum(set | con) + length(4) */  
+    MAX_SET_SZ          =   5,     /* enum(set | con) + length(4) */
     MAX_OCTET_STR_SZ    =   5,     /* enum(set | con) + length(4) */
     MAX_EXP_SZ          =   5,     /* enum(contextspec|con|exp) + length(4) */
     MAX_PRSTR_SZ        =   5,     /* enum(prstr) + length(4) */
@@ -461,7 +461,7 @@ struct DecodedCert {
 #ifdef SHA_DIGEST_SIZE
     #define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE
 #else
-    #define SIGNER_DIGEST_SIZE 20 
+    #define SIGNER_DIGEST_SIZE 20
 #endif
 
 /* CA Signers */
@@ -697,8 +697,8 @@ struct DecodedCRL {
     word32  sigLength;               /* length of signature              */
     word32  signatureOID;            /* sum of algorithm object id       */
     byte*   signature;               /* pointer into raw source, not owned */
-    byte    issuerHash[SHA_DIGEST_SIZE];  /* issuer hash                 */ 
+    byte    issuerHash[SHA_DIGEST_SIZE];  /* issuer hash                 */
-    byte    crlHash[SHA_DIGEST_SIZE];     /* raw crl data hash           */ 
+    byte    crlHash[SHA_DIGEST_SIZE];     /* raw crl data hash           */
     byte    lastDate[MAX_DATE_SIZE]; /* last date updated  */
     byte    nextDate[MAX_DATE_SIZE]; /* next update date   */
     byte    lastDateFormat;          /* format of last date */

wolfssl/wolfcrypt/blake2.h

@@ -60,7 +60,7 @@ WOLFSSL_API int wc_Blake2bFinal(Blake2b*, byte*, word32);
 
 
 #ifdef __cplusplus
-    } 
+    }
 #endif
 
 #endif  /* WOLF_CRYPT_BLAKE2_H */

wolfssl/wolfcrypt/des3.h

@@ -29,7 +29,7 @@
 #include <wolfssl/wolfcrypt/types.h>
 
 #ifdef HAVE_FIPS
-/* included for fips */
+/* included for fips @wc_fips */
 #include <cyassl/ctaocrypt/des3.h>
 #endif
 
@@ -37,7 +37,7 @@
     extern "C" {
 #endif
 
-#ifndef HAVE_FIPS
+#ifndef HAVE_FIPS /* to avoid redifinition of macros */
 #define WOLFSSL_3DES_CAVIUM_MAGIC 0xBEEF0003
 
 enum {
@@ -106,27 +106,6 @@ WOLFSSL_API int  wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
     WOLFSSL_API void wc_Des3_FreeCavium(Des3*);
 #endif
 
-
-#ifdef HAVE_FIPS
-    /* fips wrapper calls, user can call direct */
-    WOLFSSL_API int  wc_Des3_SetKey_fips(Des3* des, const byte* key, const byte* iv,
-                                     int dir);
-    WOLFSSL_API int  wc_Des3_SetIV_fips(Des3* des, const byte* iv);
-    WOLFSSL_API int  wc_Des3_CbcEncrypt_fips(Des3* des, byte* out, const byte* in,
-                                         word32 sz);
-    WOLFSSL_API int  wc_Des3_CbcDecrypt_fips(Des3* des, byte* out, const byte* in,
-                                         word32 sz);
-    #ifndef FIPS_NO_WRAPPERS
-        /* if not impl or fips.c impl wrapper force fips calls if fips build */
-        #define Des3_SetKey     Des3_SetKey_fips
-        #define Des3_SetIV      Des3_SetIV_fips
-        #define Des3_CbcEncrypt Des3_CbcEncrypt_fips
-        #define Des3_CbcDecrypt Des3_CbcDecrypt_fips
-    #endif /* FIPS_NO_WRAPPERS */
-
-#endif /* HAVE_FIPS */
-
-
 #ifdef __cplusplus
     } /* extern "C" */
 #endif

wolfssl/wolfcrypt/ecc.h

@@ -74,7 +74,7 @@ typedef struct {
                            curve in dp */
     const ecc_set_type* dp;     /* domain parameters, either points to NIST
                                    curves (idx >= 0) or user supplied */
-    ecc_point pubkey;   /* public key */  
+    ecc_point pubkey;   /* public key */
     mp_int    k;        /* private key */
 } ecc_key;
 
@@ -148,11 +148,11 @@ enum ecMacAlgo {
 };
 
 enum {
-    KEY_SIZE_128     = 16,   
+    KEY_SIZE_128     = 16,
-    KEY_SIZE_256     = 32,   
+    KEY_SIZE_256     = 32,
     IV_SIZE_64       =  8,
-    EXCHANGE_SALT_SZ = 16,  
+    EXCHANGE_SALT_SZ = 16,
-    EXCHANGE_INFO_SZ = 23  
+    EXCHANGE_INFO_SZ = 23
 };
 
 enum ecFlags {
@@ -187,7 +187,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
 #endif /* HAVE_ECC_ENCRYPT */
 
 #ifdef __cplusplus
-    }    /* extern "C" */    
+    }    /* extern "C" */
 #endif
 
 #endif /* WOLF_CRYPT_ECC_H */

wolfssl/wolfcrypt/error-crypt.h

@@ -62,7 +62,7 @@ enum {
     MEMORY_E           = -125,  /* out of memory error */
 
     RSA_WRONG_TYPE_E   = -130,  /* RSA wrong block type for RSA function */
-    RSA_BUFFER_E       = -131,  /* RSA buffer error, output too small or 
+    RSA_BUFFER_E       = -131,  /* RSA buffer error, output too small or
                                    input too large */
     BUFFER_E           = -132,  /* output buffer too small or input too large */
     ALGO_ID_E          = -133,  /* setting algo id error */

wolfssl/wolfcrypt/hmac.h

@@ -168,7 +168,7 @@ WOLFSSL_API int wc_HmacFinal(Hmac*, byte*);
     WOLFSSL_API void wc_HmacFreeCavium(Hmac*);
 #endif
 
-WOLFSSL_API int wc_wolfSSL_GetHmacMaxSize(void);
+WOLFSSL_API int wolfSSL_GetHmacMaxSize(void);
 
 
 #ifdef HAVE_HKDF
@@ -180,16 +180,6 @@ WOLFSSL_API int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
 
 #endif /* HAVE_HKDF */
 
-
-#ifdef HAVE_FIPS
-    /* fips wrapper calls, user can call direct */
-    WOLFSSL_API int wc_HmacSetKey_fips(Hmac*, int type, const byte* key,
-                                   word32 keySz);
-    WOLFSSL_API int wc_HmacUpdate_fips(Hmac*, const byte*, word32);
-    WOLFSSL_API int wc_HmacFinal_fips(Hmac*, byte*);
-#endif /* HAVE_FIPS */
-
-
 #ifdef __cplusplus
     } /* extern "C" */
 #endif

wolfssl/wolfcrypt/integer.h

@@ -65,7 +65,7 @@ extern "C" {
 
 
 /* detect 64-bit mode if possible */
-#if defined(__x86_64__) 
+#if defined(__x86_64__)
    #if !(defined(MP_64BIT) && defined(MP_16BIT) && defined(MP_8BIT))
       #define MP_64BIT
    #endif
@@ -97,8 +97,8 @@ extern "C" {
    #define DIGIT_BIT          60
 #else
    /* this is the default case, 28-bit digits */
-   
+
-   #if defined(_MSC_VER) || defined(__BORLANDC__) 
+   #if defined(_MSC_VER) || defined(__BORLANDC__)
       typedef unsigned __int64   ulong64;
    #else
       typedef unsigned long long ulong64;
@@ -107,14 +107,14 @@ extern "C" {
    typedef unsigned int       mp_digit;  /* long could be 64 now, changed TAO */
    typedef ulong64            mp_word;
 
-#ifdef MP_31BIT   
+#ifdef MP_31BIT
    /* this is an extension that uses 31-bit digits */
    #define DIGIT_BIT          31
 #else
    /* default case is 28-bit digits, defines MP_28BIT as a handy test macro */
    #define DIGIT_BIT          28
    #define MP_28BIT
-#endif   
+#endif
 #endif
 
 
@@ -161,10 +161,10 @@ typedef int           mp_err;
       #define MP_PREC                 32     /* default digits of precision */
    #else
       #define MP_PREC                 1      /* default digits of precision */
-   #endif   
+   #endif
 #endif
 
-/* size of comba arrays, should be at least 2 * 2**(BITS_PER_WORD - 
+/* size of comba arrays, should be at least 2 * 2**(BITS_PER_WORD -
    BITS_PER_DIGIT*2) */
 #define MP_WARRAY  (1 << (sizeof(mp_word) * CHAR_BIT - 2 * DIGIT_BIT + 1))
 

wolfssl/wolfcrypt/md5.h

@@ -52,7 +52,7 @@ enum {
 #if defined(CYASSL_PIC32MZ_HASH) || defined(WOLFSSL_PIC32MZ_HASH)
 #include "port/pic32/pic32mz-crypt.h"
 #endif
-        
+
 /* MD5 digest */
 typedef struct Md5 {
     word32  buffLen;   /* in bytes          */

wolfssl/wolfcrypt/pkcs7.h

@@ -85,7 +85,7 @@ typedef struct PKCS7 {
     word32 publicKeySz;
     byte*  privateKey;            /* private key, DER, not owner          */
     word32 privateKeySz;          /* size of private key buffer, bytes    */
-    
+
     PKCS7Attrib* signedAttribs;
     word32 signedAttribsSz;
 } PKCS7;

wolfssl/wolfcrypt/random.h

@@ -26,7 +26,7 @@
 #include <wolfssl/wolfcrypt/types.h>
 
 #ifdef HAVE_FIPS
-/* for fips */
+/* for fips @wc_fips */
 #include <cyassl/ctaocrypt/random.h>
 #endif
 
@@ -34,7 +34,7 @@
     extern "C" {
 #endif
 
-#ifndef HAVE_FIPS
+#ifndef HAVE_FIPS /* avoid redefining structs and macros */
 #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
     #ifdef NO_SHA256
         #error "Hash DRBG requires SHA-256."
@@ -135,26 +135,6 @@ WOLFSSL_API int  wc_RNG_GenerateByte(RNG*, byte*);
                                         byte* output, word32 outputSz);
 #endif /* HAVE_HASHDRBG || NO_RC4 */
 
-
-#ifdef HAVE_FIPS
-    /* fips wrapper calls, user can call direct */
-    WOLFSSL_API int wc_InitRng_fips(RNG* rng);
-    WOLFSSL_API int wc_FreeRng_fips(RNG* rng);
-    WOLFSSL_API int wc_RNG_GenerateBlock_fips(RNG* rng, byte* buf, word32 bufSz);
-    WOLFSSL_API int wc_RNG_HealthTest_fips(int reseed,
-                                        const byte* entropyA, word32 entropyASz,
-                                        const byte* entropyB, word32 entropyBSz,
-                                        byte* output, word32 outputSz);
-    #ifndef FIPS_NO_WRAPPERS
-        /* if not impl or fips.c impl wrapper force fips calls if fips build */
-        #define InitRng              InitRng_fips
-        #define FreeRng              FreeRng_fips
-        #define RNG_GenerateBlock    RNG_GenerateBlock_fips
-        #define RNG_HealthTest       RNG_HealthTest_fips
-    #endif /* FIPS_NO_WRAPPERS */
-#endif /* HAVE_FIPS */
-
-
 #ifdef __cplusplus
     } /* extern "C" */
 #endif

wolfssl/wolfcrypt/rsa.h

@@ -35,13 +35,13 @@
 #else
     #include <wolfssl/wolfcrypt/integer.h>
     #include <wolfssl/wolfcrypt/random.h>
-#endif
+#endif /* HAVE_FIPS */
 
 #ifdef __cplusplus
     extern "C" {
 #endif
 
-#ifndef HAVE_FIPS
+#ifndef HAVE_FIPS /* avoid redefinition of structs */
 #define WOLFSSL_RSA_CAVIUM_MAGIC 0xBEEF0006
 
 enum {
@@ -110,33 +110,6 @@ WOLFSSL_API int  wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
     WOLFSSL_API void wc_RsaFreeCavium(RsaKey*);
 #endif
 
-
-#ifdef HAVE_FIPS
-    /* fips wrapper calls, user can call direct */
-    WOLFSSL_API int  wc_InitRsaKey_fips(RsaKey* key, void*);
-    WOLFSSL_API int  wc_FreeRsaKey_fips(RsaKey* key);
-
-    WOLFSSL_API int  wc_RsaPublicEncrypt_fips(const byte* in,word32 inLen,byte* out,
-                                 word32 outLen, RsaKey* key, RNG* rng);
-    WOLFSSL_API int  wc_RsaPrivateDecryptInline_fips(byte* in, word32 inLen,
-                                                 byte** out, RsaKey* key);
-    WOLFSSL_API int  wc_RsaPrivateDecrypt_fips(const byte* in, word32 inLen,
-                                           byte* out,word32 outLen,RsaKey* key);
-    WOLFSSL_API int  wc_RsaSSL_Sign_fips(const byte* in, word32 inLen, byte* out,
-                            word32 outLen, RsaKey* key, RNG* rng);
-    WOLFSSL_API int  wc_RsaSSL_VerifyInline_fips(byte* in, word32 inLen, byte** out,
-                                    RsaKey* key);
-    WOLFSSL_API int  wc_RsaSSL_Verify_fips(const byte* in, word32 inLen, byte* out,
-                              word32 outLen, RsaKey* key);
-    WOLFSSL_API int  wc_RsaEncryptSize_fips(RsaKey* key);
-
-    WOLFSSL_API int wc_RsaPrivateKeyDecode_fips(const byte* input, word32* inOutIdx,
-                                            RsaKey*, word32);
-    WOLFSSL_API int wc_RsaPublicKeyDecode_fips(const byte* input, word32* inOutIdx,
-                                           RsaKey*, word32);
-#endif /* HAVE_FIPS */
-
-
 #ifdef __cplusplus
     } /* extern "C" */
 #endif

wolfssl/wolfcrypt/settings.h

@@ -53,7 +53,7 @@
 
 /* Uncomment next line if using PIC32MZ Crypto Engine */
 /* #define WOLFSSL_MICROCHIP_PIC32MZ */
-        
+
 /* Uncomment next line if using FreeRTOS */
 /* #define FREERTOS */
 
@@ -86,7 +86,7 @@
 
 /* Uncomment next line if building for EROAD */
 /* #define WOLFSSL_EROAD */
-      
+
 /* Uncomment next line if building for IAR EWARM */
 /* #define WOLFSSL_IAR_ARM */
 
@@ -124,11 +124,11 @@
     #define NO_HC128
     #define NO_RSA
     #define NO_SESSION_CACHE
-    #define HAVE_ECC 
+    #define HAVE_ECC
 #endif
 
 
-#ifdef THREADX 
+#ifdef THREADX
     #define SIZEOF_LONG_LONG 8
 #endif
 
@@ -142,8 +142,8 @@
     #define SINGLE_THREADED
     #define WOLFSSL_USER_IO
     #define NO_FILESYSTEM
-#endif 
+#endif
-    
+
 #if defined(WOLFSSL_IAR_ARM)
     #define NO_MAIN_DRIVER
     #define SINGLE_THREADED
@@ -154,7 +154,7 @@
     #define WOLFSSL_USER_IO
     #define  BENCH_EMBEDDED
 #endif
-      
+
 #ifdef MICROCHIP_PIC32
     /* #define WOLFSSL_MICROCHIP_PIC32MZ */
     #define SIZEOF_LONG_LONG 8
@@ -271,7 +271,7 @@
 #if defined(WOLFSSL_LEANPSK) && !defined(XMALLOC_USER)
     #include <stdlib.h>
     #define XMALLOC(s, h, type)  malloc((s))
-    #define XFREE(p, h, type)    free((p)) 
+    #define XFREE(p, h, type)    free((p))
     #define XREALLOC(p, n, h, t) realloc((p), (n))
 #endif
 
@@ -403,7 +403,7 @@
 
     #include "SafeRTOS/heap.h"
     #define XMALLOC(s, h, type)  pvPortMalloc((s))
-    #define XFREE(p, h, type)    vPortFree((p)) 
+    #define XFREE(p, h, type)    vPortFree((p))
     #define XREALLOC(p, n, h, t) pvPortRealloc((p), (n))
 #endif
 
@@ -479,7 +479,7 @@
                      (CPU_CHAR *)(pstr_src), (CPU_SIZE_T)(len_max)))
     #define XSTRNCMP(pstr_1, pstr_2, len_max) \
                     ((CPU_INT16S)Str_Cmp_N((CPU_CHAR *)(pstr_1), \
-                     (CPU_CHAR *)(pstr_2), (CPU_SIZE_T)(len_max)))  
+                     (CPU_CHAR *)(pstr_2), (CPU_SIZE_T)(len_max)))
     #define XSTRSTR(pstr, pstr_srch) \
                     ((CPU_CHAR *)Str_Str((CPU_CHAR *)(pstr), \
                      (CPU_CHAR *)(pstr_srch)))
@@ -494,7 +494,7 @@
     #define XMEMMOVE XMEMCPY
 
 #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
-    #define MICRIUM_MALLOC    
+    #define MICRIUM_MALLOC
     #define XMALLOC(s, h, type) ((void *)NetSecure_BlkGet((CPU_INT08U)(type), \
                                  (CPU_SIZE_T)(s), (void *)0))
     #define XFREE(p, h, type)   (NetSecure_BlkFree((CPU_INT08U)(type), \
@@ -594,13 +594,13 @@
     #endif
 
     #if (SSL_CFG_USER_RNG_SEED_EN == DEF_ENABLED)
-        #define NO_DEV_RANDOM   
+        #define NO_DEV_RANDOM
     #else
         #undef  NO_DEV_RANDOM
     #endif
 
     #if (SSL_CFG_USER_IO_EN == DEF_ENABLED)
-        #define WOLFSSL_USER_IO   
+        #define WOLFSSL_USER_IO
     #else
         #undef  WOLFSSL_USER_IO
     #endif
@@ -714,8 +714,8 @@
         #define WOLFSSL_GENERAL_ALIGNMENT  4
     #elif defined(FREESCALE_MMCAU)
         #define WOLFSSL_GENERAL_ALIGNMENT  WOLFSSL_MMCAU_ALIGNMENT
-    #else 
+    #else
-        #define WOLFSSL_GENERAL_ALIGNMENT  0 
+        #define WOLFSSL_GENERAL_ALIGNMENT  0
     #endif
 #endif
 

wolfssl/wolfcrypt/sha.h

@@ -29,15 +29,15 @@
 #include <wolfssl/wolfcrypt/types.h>
 
 #ifdef HAVE_FIPS
-/* for fips */
+/* for fips @wc_fips */
 #include <cyassl/ctaocrypt/sha.h>
 #endif
 
 #ifdef __cplusplus
     extern "C" {
 #endif
-#ifndef HAVE_FIPS
 
+#ifndef HAVE_FIPS /* avoid redefining structs */
 /* in bytes */
 enum {
 #ifdef STM32F2_HASH
@@ -73,22 +73,6 @@ WOLFSSL_API int wc_ShaUpdate(Sha*, const byte*, word32);
 WOLFSSL_API int wc_ShaFinal(Sha*, byte*);
 WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
 
-
-#ifdef HAVE_FIPS
-    /* fips wrapper calls, user can call direct */
-    WOLFSSL_API int wc_InitSha_fips(Sha*);
-    WOLFSSL_API int wc_ShaUpdate_fips(Sha*, const byte*, word32);
-    WOLFSSL_API int wc_ShaFinal_fips(Sha*, byte*);
-    #ifndef FIPS_NO_WRAPPERS
-        /* if not impl or fips.c impl wrapper force fips calls if fips build */
-        #define wc_InitSha   wc_InitSha_fips
-        #define wc_ShaUpdate wc_ShaUpdate_fips
-        #define wc_ShaFinal  wc_ShaFinal_fips
-    #endif /* FIPS_NO_WRAPPERS */
-
-#endif /* HAVE_FIPS */
-
- 
 #ifdef __cplusplus
     } /* extern "C" */
 #endif

wolfssl/wolfcrypt/sha256.h

@@ -27,7 +27,7 @@
 #define WOLF_CRYPT_SHA256_H
 
 #ifdef HAVE_FIPS
-/* for fips */
+/* for fips @wc_fips */
 #include <cyassl/ctaocrypt/sha256.h>
 #endif
 
@@ -37,12 +37,11 @@
     extern "C" {
 #endif
 
-#ifndef HAVE_FIPS
+#ifndef HAVE_FIPS /* avoid redefinition of structs */
 #ifdef WOLFSSL_PIC32MZ_HASH
 #include "port/pic32/pic32mz-crypt.h"
 #endif
 
-
 /* in bytes */
 enum {
     SHA256              =  2,   /* hash type unique */
@@ -70,7 +69,7 @@ WOLFSSL_API int wc_InitSha256(Sha256*);
 WOLFSSL_API int wc_Sha256Update(Sha256*, const byte*, word32);
 WOLFSSL_API int wc_Sha256Final(Sha256*, byte*);
 WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
- 
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif

wolfssl/wolfcrypt/sha512.h

@@ -26,8 +26,7 @@
 
 #include <wolfssl/wolfcrypt/types.h>
 
-/* since using old code turn on old macros @wc_fips */
+/* for fips @wc_fips */
-/* for fips */
 #ifdef HAVE_FIPS
     #define CYASSL_SHA512
     #if defined(WOLFSSL_SHA384)
@@ -40,7 +39,7 @@
     extern "C" {
 #endif
 
-#ifndef HAVE_FIPS
+#ifndef HAVE_FIPS /* avoid redefinition of structs */
 
 /* in bytes */
 enum {
@@ -69,7 +68,7 @@ WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*);
 
 #if defined(WOLFSSL_SHA384) || defined(HAVE_AESGCM)
 
-#ifndef HAVE_FIPS
+#ifndef HAVE_FIPS /* avoid redefinition of structs */
 /* in bytes */
 enum {
     SHA384              =   5,   /* hash type unique */
@@ -94,33 +93,6 @@ WOLFSSL_API int wc_Sha384Update(Sha384*, const byte*, word32);
 WOLFSSL_API int wc_Sha384Final(Sha384*, byte*);
 WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*);
 
-
-#ifdef HAVE_FIPS
-    /* fips wrapper calls, user can call direct */
-    WOLFSSL_API int wc_InitSha512_fips(Sha512*);
-    WOLFSSL_API int wc_Sha512Update_fips(Sha512*, const byte*, word32);
-    WOLFSSL_API int wc_Sha512Final_fips(Sha512*, byte*);
-    #ifndef FIPS_NO_WRAPPERS
-        /* if not impl or fips.c impl wrapper force fips calls if fips build */
-        #define wc_InitSha512   wc_InitSha512_fips
-        #define wc_Sha512Update wc_Sha512Update_fips
-        #define wc_Sha512Final  wc_Sha512Final_fips
-    #endif /* FIPS_NO_WRAPPERS */
-
-    /* fips wrapper calls, user can call direct */
-    WOLFSSL_API int wc_InitSha384_fips(Sha384*);
-    WOLFSSL_API int wc_Sha384Update_fips(Sha384*, const byte*, word32);
-    WOLFSSL_API int wc_Sha384Final_fips(Sha384*, byte*);
-    #ifndef FIPS_NO_WRAPPERS
-        /* if not impl or fips.c impl wrapper force fips calls if fips build */
-        #define wc_InitSha384   wc_InitSha384_fips
-        #define wc_Sha384Update wc_Sha384Update_fips
-        #define wc_Sha384Final  wc_Sha384Final_fips
-    #endif /* FIPS_NO_WRAPPERS */
-
-#endif /* HAVE_FIPS */
-
-
 #endif /* WOLFSSL_SHA384 */
 
 #ifdef __cplusplus

wolfssl/wolfcrypt/tfm.h

@@ -57,7 +57,7 @@
 #ifndef NO_64BIT
 /* autodetect x86-64 and make sure we are using 64-bit digits with x86-64 asm */
 #if defined(__x86_64__)
-   #if defined(TFM_X86) || defined(TFM_SSE2) || defined(TFM_ARM) 
+   #if defined(TFM_X86) || defined(TFM_SSE2) || defined(TFM_ARM)
        #error x86-64 detected, x86-32/SSE2/ARM optimizations are not valid!
    #endif
    #if !defined(TFM_X86_64) && !defined(TFM_NO_ASM)
@@ -82,7 +82,7 @@
 
 /* try to detect x86-32 */
 #if defined(__i386__) && !defined(TFM_SSE2)
-   #if defined(TFM_X86_64) || defined(TFM_ARM) 
+   #if defined(TFM_X86_64) || defined(TFM_ARM)
        #error x86-32 detected, x86-64/ARM optimizations are not valid!
    #endif
    #if !defined(TFM_X86) && !defined(TFM_NO_ASM)
@@ -146,7 +146,7 @@
    #undef TFM_PPC32
    #undef TFM_PPC64
    #undef TFM_AVR32
-   #undef TFM_ASM   
+   #undef TFM_ASM
 #endif
 
 /* ECC helpers */
@@ -208,7 +208,7 @@
    typedef unsigned long long fp_digit;   /* 64bit, 128 uses mode(TI) below */
    typedef unsigned long      fp_word __attribute__ ((mode(TI)));
 #else
-   #if defined(_MSC_VER) || defined(__BORLANDC__) 
+   #if defined(_MSC_VER) || defined(__BORLANDC__)
       typedef unsigned __int64   ulong64;
    #else
       typedef unsigned long long ulong64;
@@ -278,14 +278,14 @@ typedef struct {
 /* externally define this symbol to ignore the default settings, useful for changing the build from the make process */
 #ifndef TFM_ALREADY_SET
 
-/* do we want the large set of small multiplications ? 
+/* do we want the large set of small multiplications ?
    Enable these if you are going to be doing a lot of small (<= 16 digit) multiplications say in ECC
    Or if you're on a 64-bit machine doing RSA as a 1024-bit integer == 16 digits ;-)
  */
 /* need to refactor the function */
 /*#define TFM_SMALL_SET */
 
-/* do we want huge code 
+/* do we want huge code
    Enable these if you are doing 20, 24, 28, 32, 48, 64 digit multiplications (useful for RSA)
    Less important on 64-bit machines as 32 digits == 2048 bits
  */
@@ -676,7 +676,7 @@ void mp_rshb(mp_int *a, int x);
     int mp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp);
     int mp_montgomery_setup(fp_int *a, fp_digit *rho);
     int mp_div_2(fp_int * a, fp_int * b);
-    int mp_init_copy(fp_int * a, fp_int * b); 
+    int mp_init_copy(fp_int * a, fp_int * b);
 #endif
 
 #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)

wolfssl/wolfcrypt/visibility.h

@@ -43,7 +43,7 @@
         #define WOLFSSL_API   __attribute__ ((visibility("default")))
         #define WOLFSSL_LOCAL __attribute__ ((visibility("hidden")))
     #elif defined(__SUNPRO_C) && (__SUNPRO_C >= 0x550)
-        #define WOLFSSL_API   __global  
+        #define WOLFSSL_API   __global
         #define WOLFSSL_LOCAL __hidden
     #elif defined(_MSC_VER)
         #ifdef WOLFSSL_DLL