WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #451 from anhu/x9146_fips_ready 

Allow the X9.146 examples to build against fips-ready.
pull/458/head
Daniel Pouzzner 2024-08-31 00:41:43 -05:00 committed by GitHub
parent 4ee926bf83 38e80d18ea
commit 3e220d88ab
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 141 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
X9.146/README.md
View File

@ -65,7 +65,7 @@ the call to `DoTls13Certificate()`, please search for the following messages to
confirm that the alternative signature was verified: confirm that the alternative signature was verified:
``` ```
Alternative signature has been verified! Alt signature has been verified!
Verified Peer's cert Verified Peer's cert
``` ```

28
X9.146/gen_dual_keysig_cert.c
View File

@ -50,6 +50,22 @@
#define SUBJECT_EMAIL "server@YourDomain.com" #define SUBJECT_EMAIL "server@YourDomain.com"
#endif #endif
#ifdef HAVE_FIPS
#include <wolfssl/wolfcrypt/fips_test.h>
static void myFipsCb(int ok, int err, const char* hash)
{
printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
printf("message = %s\n", wc_GetErrorString(err));
printf("hash = %s\n", hash);
if (err == IN_CORE_FIPS_E) {
printf("In core integrity hash check failure, copy above hash\n");
printf("into verifyCore[] in fips_test.c and rebuild\n");
}
}
#endif
static int do_certgen(int argc, char** argv) static int do_certgen(int argc, char** argv)
{ {
int ret = 0; int ret = 0;
@ -111,6 +127,18 @@ static int do_certgen(int argc, char** argv)
wolfSSL_Debugging_ON(); wolfSSL_Debugging_ON();
#endif #endif
#ifdef WC_RNG_SEED_CB
wc_SetSeed_Cb(wc_GenerateSeed);
#endif
#if defined(HAVE_FIPS)
wolfCrypt_SetCb_fips(myFipsCb);
#if FIPS_VERSION3_GE(6,0,0)
printf("FIPS module version in use: %s\n",
wolfCrypt_GetVersion_fips());
#endif
#endif
ret = wc_InitRng(&rng); ret = wc_InitRng(&rng);
if (ret != 0) goto exit; if (ret != 0) goto exit;
initRng = 1; initRng = 1;

28
X9.146/gen_ecdsa_falcon_dual_keysig_cert.c
View File

@ -74,6 +74,22 @@ int readFileIntoBuffer(char *fname, byte *buf, int *sz)
return ret; return ret;
} }
#ifdef HAVE_FIPS
#include <wolfssl/wolfcrypt/fips_test.h>
static void myFipsCb(int ok, int err, const char* hash)
{
printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
printf("message = %s\n", wc_GetErrorString(err));
printf("hash = %s\n", hash);
if (err == IN_CORE_FIPS_E) {
printf("In core integrity hash check failure, copy above hash\n");
printf("into verifyCore[] in fips_test.c and rebuild\n");
}
}
#endif
static int do_certgen(int argc, char** argv) static int do_certgen(int argc, char** argv)
{ {
int ret = 0; int ret = 0;
@ -141,6 +157,18 @@ static int do_certgen(int argc, char** argv)
wolfSSL_Debugging_ON(); wolfSSL_Debugging_ON();
#endif #endif
#ifdef WC_RNG_SEED_CB
wc_SetSeed_Cb(wc_GenerateSeed);
#endif
#if defined(HAVE_FIPS)
wolfCrypt_SetCb_fips(myFipsCb);
#if FIPS_VERSION3_GE(6,0,0)
printf("FIPS module version in use: %s\n",
wolfCrypt_GetVersion_fips());
#endif
#endif
if (argc != 2) if (argc != 2)
usage(argv[0]); usage(argv[0]);

28
X9.146/gen_ecdsa_mldsa_dual_keysig_cert.c
View File

@ -74,6 +74,22 @@ int readFileIntoBuffer(char *fname, byte *buf, int *sz)
return ret; return ret;
} }
#ifdef HAVE_FIPS
#include <wolfssl/wolfcrypt/fips_test.h>
static void myFipsCb(int ok, int err, const char* hash)
{
printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
printf("message = %s\n", wc_GetErrorString(err));
printf("hash = %s\n", hash);
if (err == IN_CORE_FIPS_E) {
printf("In core integrity hash check failure, copy above hash\n");
printf("into verifyCore[] in fips_test.c and rebuild\n");
}
}
#endif
static int do_certgen(int argc, char** argv) static int do_certgen(int argc, char** argv)
{ {
int ret = 0; int ret = 0;
@ -144,6 +160,18 @@ static int do_certgen(int argc, char** argv)
wolfSSL_Debugging_ON(); wolfSSL_Debugging_ON();
#endif #endif
#ifdef WC_RNG_SEED_CB
wc_SetSeed_Cb(wc_GenerateSeed);
#endif
#if defined(HAVE_FIPS)
wolfCrypt_SetCb_fips(myFipsCb);
#if FIPS_VERSION3_GE(6,0,0)
printf("FIPS module version in use: %s\n",
wolfCrypt_GetVersion_fips());
#endif
#endif
if (argc != 2) if (argc != 2)
usage(argv[0]); usage(argv[0]);

28
X9.146/gen_rsa_falcon_dual_keysig_cert.c
View File

@ -67,6 +67,22 @@ int readFileIntoBuffer(char *fname, byte *buf, int *sz)
return ret; return ret;
} }
#ifdef HAVE_FIPS
#include <wolfssl/wolfcrypt/fips_test.h>
static void myFipsCb(int ok, int err, const char* hash)
{
printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
printf("message = %s\n", wc_GetErrorString(err));
printf("hash = %s\n", hash);
if (err == IN_CORE_FIPS_E) {
printf("In core integrity hash check failure, copy above hash\n");
printf("into verifyCore[] in fips_test.c and rebuild\n");
}
}
#endif
static int do_certgen(int argc, char** argv) static int do_certgen(int argc, char** argv)
{ {
int ret = 0; int ret = 0;
@ -128,6 +144,18 @@ static int do_certgen(int argc, char** argv)
wolfSSL_Debugging_ON(); wolfSSL_Debugging_ON();
#endif #endif
#ifdef WC_RNG_SEED_CB
wc_SetSeed_Cb(wc_GenerateSeed);
#endif
#if defined(HAVE_FIPS)
wolfCrypt_SetCb_fips(myFipsCb);
#if FIPS_VERSION3_GE(6,0,0)
printf("FIPS module version in use: %s\n",
wolfCrypt_GetVersion_fips());
#endif
#endif
ret = wc_InitRng(&rng); ret = wc_InitRng(&rng);
if (ret != 0) goto exit; if (ret != 0) goto exit;
initRng = 1; initRng = 1;

28
X9.146/gen_rsa_mldsa_dual_keysig_cert.c
View File

@ -67,6 +67,22 @@ int readFileIntoBuffer(char *fname, byte *buf, int *sz)
return ret; return ret;
} }
#ifdef HAVE_FIPS
#include <wolfssl/wolfcrypt/fips_test.h>
static void myFipsCb(int ok, int err, const char* hash)
{
printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
printf("message = %s\n", wc_GetErrorString(err));
printf("hash = %s\n", hash);
if (err == IN_CORE_FIPS_E) {
printf("In core integrity hash check failure, copy above hash\n");
printf("into verifyCore[] in fips_test.c and rebuild\n");
}
}
#endif
static int do_certgen(int argc, char** argv) static int do_certgen(int argc, char** argv)
{ {
int ret = 0; int ret = 0;
@ -128,6 +144,18 @@ static int do_certgen(int argc, char** argv)
wolfSSL_Debugging_ON(); wolfSSL_Debugging_ON();
#endif #endif
#ifdef WC_RNG_SEED_CB
wc_SetSeed_Cb(wc_GenerateSeed);
#endif
#if defined(HAVE_FIPS)
wolfCrypt_SetCb_fips(myFipsCb);
#if FIPS_VERSION3_GE(6,0,0)
printf("FIPS module version in use: %s\n",
wolfCrypt_GetVersion_fips());
#endif
#endif
ret = wc_InitRng(&rng); ret = wc_InitRng(&rng);
if (ret != 0) goto exit; if (ret != 0) goto exit;
initRng = 1; initRng = 1;