wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

FIPS Revalidation/Test Fixes

Browse Source 
1. For FIPSv2 builds, changed the FP_MAX_BITS to 6144.
2. Fixed bug in HMAC-SHA-3 where the digest size was being used instead of the block size for processing the key.
This commit is contained in:
John Safranek
2018-03-26 17:30:07 -07:00
parent ab9f1875b8
commit dca2424aae
2 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@ -1982,7 +1982,7 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS" AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
# Add the FIPS flag. # Add the FIPS flag.
AS_IF([test "x$FIPS_VERSION" = "xv2"], AS_IF([test "x$FIPS_VERSION" = "xv2"],
[AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING" [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DFP_MAX_BITS=6144"
ENABLED_KEYGEN="yes" ENABLED_KEYGEN="yes"
ENABLED_SHA224="yes" ENABLED_SHA224="yes"
AS_IF([test "x$ENABLED_AESCCM" != "xyes"], AS_IF([test "x$ENABLED_AESCCM" != "xyes"],

16
wolfcrypt/src/hmac.c
View File

@ -479,7 +479,7 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
#ifdef WOLFSSL_SHA3 #ifdef WOLFSSL_SHA3
case WC_SHA3_224: case WC_SHA3_224:
hmac_block_size = WC_SHA3_224_BLOCK_SIZE; hmac_block_size = WC_SHA3_224_BLOCK_SIZE;
if (length <= SHA3_224_DIGEST_SIZE) { if (length <= WC_SHA3_224_BLOCK_SIZE) {
if (key != NULL) { if (key != NULL) {
XMEMCPY(ip, key, length); XMEMCPY(ip, key, length);
} }
@ -492,12 +492,12 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
if (ret != 0) if (ret != 0)
break; break;
length = SHA3_224_DIGEST_SIZE; length = WC_SHA3_224_DIGEST_SIZE;
} }
break; break;
case WC_SHA3_256: case WC_SHA3_256:
hmac_block_size = WC_SHA3_256_BLOCK_SIZE; hmac_block_size = WC_SHA3_256_BLOCK_SIZE;
if (length <= SHA3_256_DIGEST_SIZE) { if (length <= WC_SHA3_256_BLOCK_SIZE) {
if (key != NULL) { if (key != NULL) {
XMEMCPY(ip, key, length); XMEMCPY(ip, key, length);
} }
@ -510,12 +510,12 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
if (ret != 0) if (ret != 0)
break; break;
length = SHA3_256_DIGEST_SIZE; length = WC_SHA3_256_DIGEST_SIZE;
} }
break; break;
case WC_SHA3_384: case WC_SHA3_384:
hmac_block_size = WC_SHA3_384_BLOCK_SIZE; hmac_block_size = WC_SHA3_384_BLOCK_SIZE;
if (length <= SHA3_384_DIGEST_SIZE) { if (length <= WC_SHA3_384_BLOCK_SIZE) {
if (key != NULL) { if (key != NULL) {
XMEMCPY(ip, key, length); XMEMCPY(ip, key, length);
} }
@ -528,12 +528,12 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
if (ret != 0) if (ret != 0)
break; break;
length = SHA3_384_DIGEST_SIZE; length = WC_SHA3_384_DIGEST_SIZE;
} }
break; break;
case WC_SHA3_512: case WC_SHA3_512:
hmac_block_size = WC_SHA3_512_BLOCK_SIZE; hmac_block_size = WC_SHA3_512_BLOCK_SIZE;
if (length <= SHA3_512_DIGEST_SIZE) { if (length <= WC_SHA3_512_BLOCK_SIZE) {
if (key != NULL) { if (key != NULL) {
XMEMCPY(ip, key, length); XMEMCPY(ip, key, length);
} }
@ -546,7 +546,7 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
if (ret != 0) if (ret != 0)
break; break;
length = SHA3_512_DIGEST_SIZE; length = WC_SHA3_512_DIGEST_SIZE;
} }
break; break;
#endif /* WOLFSSL_SHA3 */ #endif /* WOLFSSL_SHA3 */