wolfRand

1. Updated fips-check.sh to make an archive for wolfRand. 2. Updated configure.ac to provide a wolfRand build.
2025-07-29 18:27:29 +02:00 · 2019-08-16 09:33:41 -07:00
parent e7f0ed4b98
commit e8986f389f
2 changed files with 35 additions and 1 deletions
--- a/configure.ac
+++ b/configure.ac
@ -4395,6 +4395,26 @@ then
 fi


+# When building for wolfRand, strip out all options to disable everything.
+AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$FIPS_VERSION" = "xrand"],
+[NEW_AM_CFLAGS="-DNO_AES -DNO_DH -DNO_ASN -DNO_RSA -DNO_SHA -DNO_MD5 -DNO_BIG_INT"
+for v in $AM_CFLAGS
+do
+  case $v in
+-DHAVE_FFDHE_2048 | -DTFM_TIMING_RESISTANT | -DECC_TIMING_RESISTANT | \
+-DWC_RSA_BLINDING | -DHAVE_AESGCM | -DWOLFSSL_SHA512 | -DWOLFSSL_SHA384 | \
+-DHAVE_ECC | -DTFM_ECC256 | -DECC_SHAMIR | -DHAVE_TLS_EXTENSIONS | \
+-DHAVE_SUPPORTED_CURVES | -DHAVE_EXTENDED_MASTER | -DUSE_FAST_MATH)
+    AS_ECHO(["ignoring $v"])
+    ;;
+  *)
+    NEW_AM_CFLAGS="$NEW_AM_CFLAGS $v"
+    ;;
+  esac
+done
+AM_CFLAGS=$NEW_AM_CFLAGS])
+
+
 ################################################################################
 # Check for build-type conflicts                                               #
 ################################################################################
--- a/fips-check.sh
+++ b/fips-check.sh
@ -33,6 +33,7 @@ Platform is one of:
    linuxv2 (FIPSv2, use for Win10)
    fips-ready
    stm32l4-v2 (FIPSv2, use for STM32L4)
+    wolfrand
 Keep (default off) retains the XXX-fips-test temp dir for inspection.

 Example:
@ -215,6 +216,19 @@ stm32l4-v2)
  FIPS_INCS=( fips.h )
  FIPS_OPTION=v2
  ;;
+wolfrand)
+  FIPS_REPO=git@github.com:wolfssl/fips.git
+  FIPS_VERSION=WRv4-stable
+  CRYPT_REPO=git@github.com:wolfssl/wolfssl.git
+  CRYPT_VERSION=WCv4-stable
+  CRYPT_INC_PATH=wolfssl/wolfcrypt
+  CRYPT_SRC_PATH=wolfcrypt/src
+  RNG_VERSION=WCv4-rng-stable
+  WC_MODS=( hmac sha256 random )
+  FIPS_SRCS+=( wolfcrypt_first.c wolfcrypt_last.c )
+  FIPS_INCS=( fips.h )
+  FIPS_OPTION=rand
+  ;;
 *)
  Usage
  exit 1
@ -254,7 +268,7 @@ then
        cp "old-tree/$CRYPT_SRC_PATH/random.c" $CRYPT_SRC_PATH
        cp "old-tree/$CRYPT_INC_PATH/random.h" $CRYPT_INC_PATH
    fi
-elif [ "x$FIPS_OPTION" == "xv2" ]
+elif [ "x$FIPS_OPTION" == "xv2" ] || [ "x$FIPS_OPTION" == "xrand" ]
 then
    $GIT branch --no-track "my$CRYPT_VERSION" $CRYPT_VERSION
    # Checkout the fips versions of the wolfCrypt files from the repo.