Skip to content

Commit 13ef400

Browse files
kaleb-himeskaleb-himes
committed
Fixups from CI testing
1 parent 1b4f4ba commit 13ef400

6 files changed

Lines changed: 27 additions & 8 deletions

File tree

wolfcrypt/src/random.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1618,6 +1618,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
16181618
rng->status = DRBG_NOT_INIT;
16191619

16201620
/* Select DRBG type: prefer SHA-512 unless disabled or not compiled */
1621+
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
16211622
#ifdef WOLFSSL_DRBG_SHA512
16221623
if (!wc_Sha512Drbg_GetStatus())
16231624
rng->drbgType = WC_DRBG_SHA512;
@@ -1631,6 +1632,9 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
16311632
{
16321633
return BAD_STATE_E; /* no DRBG available */
16331634
}
1635+
#else
1636+
rng->drbgType = WC_DRBG_SHA256;
1637+
#endif
16341638
#endif
16351639

16361640
#if defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND) || \

wolfcrypt/test/test.c

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1268,9 +1268,13 @@ static void myFipsCb(int ok, int err, const char* hash)
12681268
}
12691269
#endif /* HAVE_FIPS && !WOLFSSL_KERNEL_MODE */
12701270

1271-
#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) && !defined(WC_NO_CONSTRUCTORS)
1271+
/* Polyfill for old FIPS modules whose headers don't declare the
1272+
* constructor/destructor helpers. Skip when the current headers
1273+
* already provide them (WC_AES_NEW_API_AVAILABLE / WC_RSA_NEW_API_AVAILABLE). */
1274+
#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) && \
1275+
!defined(WC_NO_CONSTRUCTORS)
12721276

1273-
#if !defined(NO_AES)
1277+
#if !defined(NO_AES) && !defined(WC_AES_NEW_API_AVAILABLE)
12741278
static WC_MAYBE_UNUSED Aes* wc_AesNew(void* heap, int thisDevId, int *result_code)
12751279
{
12761280
int ret;
@@ -1328,9 +1332,9 @@ static WC_MAYBE_UNUSED Aes* wc_AesNew_Id(unsigned char* id, int len,
13281332
}
13291333
#endif /* WOLF_PRIVATE_KEY_ID */
13301334

1331-
#endif /* !NO_AES */
1335+
#endif /* !NO_AES && !WC_AES_NEW_API_AVAILABLE */
13321336

1333-
#if !defined(NO_RSA)
1337+
#if !defined(NO_RSA) && !defined(WC_RSA_NEW_API_AVAILABLE)
13341338
static WC_MAYBE_UNUSED RsaKey* wc_NewRsaKey(void* heap, int thisDevId, int *result_code)
13351339
{
13361340
int ret;
@@ -1386,9 +1390,9 @@ static WC_MAYBE_UNUSED RsaKey* wc_NewRsaKey_Id(unsigned char* id, int len,
13861390
return key;
13871391
}
13881392
#endif /* WOLF_PRIVATE_KEY_ID */
1389-
#endif /* !NO_RSA */
1393+
#endif /* !NO_RSA && !WC_RSA_NEW_API_AVAILABLE */
13901394

1391-
#endif /* FIPS_VERSION3_LT(6,0,0) && !WC_NO_CONSTRUCTORS */
1395+
#endif /* HAVE_FIPS && FIPS_VERSION3_LT(6,0,0) && !WC_NO_CONSTRUCTORS */
13921396

13931397
/* AES/RSA New helpers -- placed after the FIPS polyfill block so wc_AesNew /
13941398
* wc_NewRsaKey are visible from either the library or the polyfill above.

wolfssl/wolfcrypt/aes.h

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -189,6 +189,12 @@ enum {
189189
#include <wolfssl/wolfcrypt/async.h>
190190
#endif
191191

192+
/* Undefine the settings.h compat macro so it doesn't collide with the enum
193+
* member below (settings.h may pre-define WC_AES_BLOCK_SIZE for old FIPS). */
194+
#ifdef WC_AES_BLOCK_SIZE
195+
#undef WC_AES_BLOCK_SIZE
196+
#endif
197+
192198
enum {
193199
AES_ENC_TYPE = WC_CIPHER_AES, /* cipher unique type */
194200
AES_ENCRYPTION = 0,
@@ -777,6 +783,7 @@ WOLFSSL_API int wc_AesInit_Label(Aes* aes, const char* label, void* heap,
777783
#endif
778784
WOLFSSL_API void wc_AesFree(Aes* aes);
779785
#ifndef WC_NO_CONSTRUCTORS
786+
#define WC_AES_NEW_API_AVAILABLE
780787
WOLFSSL_API Aes* wc_AesNew(void* heap, int devId, int *result_code);
781788
#ifdef WOLF_PRIVATE_KEY_ID
782789
WOLFSSL_API Aes* wc_AesNew_Id(unsigned char* id, int len, void* heap,

wolfssl/wolfcrypt/random.h

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -152,8 +152,11 @@
152152
#endif
153153
#endif
154154

155-
#ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */
155+
#ifndef WC_OS_SEED_TYPE_DEFINED
156156
typedef struct OS_Seed OS_Seed;
157+
#define WC_OS_SEED_TYPE_DEFINED
158+
#endif
159+
#ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */
157160
typedef struct WC_RNG WC_RNG;
158161
#ifdef WC_RNG_SEED_CB
159162
typedef int (*wc_RngSeed_Cb)(OS_Seed* os, byte* seed, word32 sz);

wolfssl/wolfcrypt/rsa.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -299,6 +299,7 @@ WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void* heap);
299299
WOLFSSL_API int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId);
300300
WOLFSSL_API int wc_FreeRsaKey(RsaKey* key);
301301
#ifndef WC_NO_CONSTRUCTORS
302+
#define WC_RSA_NEW_API_AVAILABLE
302303
WOLFSSL_API RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code);
303304
#ifdef WOLF_PRIVATE_KEY_ID
304305
WOLFSSL_API RsaKey* wc_NewRsaKey_Id(unsigned char* id, int len, void* heap,

wolfssl/wolfcrypt/settings.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -505,7 +505,7 @@
505505
/* old FIPS has only AES_BLOCK_SIZE. */
506506
#if !defined(NO_AES) && (defined(HAVE_SELFTEST) || \
507507
(defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)))
508-
#define WC_AES_BLOCK_SIZE AES_BLOCK_SIZE
508+
#define WC_AES_BLOCK_SIZE 16
509509
#endif /* !NO_AES && (HAVE_SELFTEST || FIPS_VERSION3_LT(6,0,0)) */
510510

511511
#ifdef WOLFSSL_HARDEN_TLS

0 commit comments

Comments
 (0)