mirror of https://github.com/wolfSSL/wolfssl.git
configure.ac and wolfssl/wolfcrypt/types.h: don't change wc_HashType for FIPS <= v2 (reverts commit 56843fbefd as it affected that definition); add -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256 to FIPS v2 and v3.
Daniel Pouzzner
parent
aa6ca43e91
commit
1c27654300
|
|
@ -3404,7 +3404,7 @@ AS_CASE([$FIPS_VERSION],
|
|||
# Shake256 is a SHA-3 algorithm not in our FIPS algorithm list
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"
|
||||
ENABLED_SHAKE256=no
|
||||
# SHA512-224 and SHA512-256 are a SHA-2 algorithms not in our FIPS algorithm list
|
||||
# SHA512-224 and SHA512-256 are SHA-2 algorithms not in our FIPS algorithm list
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
|
||||
AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
|
||||
[ENABLED_AESCCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
|
||||
|
|
@ -3441,6 +3441,9 @@ AS_CASE([$FIPS_VERSION],
|
|||
ENABLED_DES3="yes"
|
||||
# Shake256 is a SHA-3 algorithm not in our FIPS algorithm list
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"
|
||||
ENABLED_SHAKE256=no
|
||||
# SHA512-224 and SHA512-256 are SHA-2 algorithms not in our FIPS algorithm list
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
|
||||
AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
|
||||
[ENABLED_AESCCM="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
|
||||
|
|
@ -3476,6 +3479,9 @@ AS_CASE([$FIPS_VERSION],
|
|||
ENABLED_DES3="yes"
|
||||
# Shake256 is a SHA-3 algorithm not in our FIPS algorithm list
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"
|
||||
ENABLED_SHAKE256=no
|
||||
# SHA512-224 and SHA512-256 are SHA-2 algorithms not in our FIPS algorithm list
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
|
||||
AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
|
||||
[ENABLED_AESCCM="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
|
||||
|
|
@ -3503,6 +3509,7 @@ AS_CASE([$FIPS_VERSION],
|
|||
[ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
|
||||
AS_IF([test "x$ENABLED_AESGCM" = "xno"],
|
||||
[ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
|
||||
echo "$AM_CFLAGS" >/dev/stderr
|
||||
],
|
||||
["rand"],[
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_FIPS_RAND -DHAVE_FIPS -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR"
|
||||
|
|
|
|||
|
|
@ -873,8 +873,9 @@ decouple library dependencies with standard string, memory and so on.
|
|||
|
||||
/* hash types */
|
||||
enum wc_HashType {
|
||||
#if defined(HAVE_SELFTEST) || defined(HAVE_FIPS) && \
|
||||
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION <= 2))
|
||||
#if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && \
|
||||
((! defined(HAVE_FIPS_VERSION)) || \
|
||||
defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION <= 2)))
|
||||
/* In selftest build, WC_* types are not mapped to WC_HASH_TYPE types.
|
||||
* Values here are based on old selftest hmac.h enum, with additions.
|
||||
* These values are fixed for backwards FIPS compatibility */
|
||||
|
|
@ -894,12 +895,6 @@ decouple library dependencies with standard string, memory and so on.
|
|||
WC_HASH_TYPE_SHA3_512 = 13,
|
||||
WC_HASH_TYPE_BLAKE2B = 14,
|
||||
WC_HASH_TYPE_BLAKE2S = 19,
|
||||
WC_HASH_TYPE_SHA512_224 = 20,
|
||||
WC_HASH_TYPE_SHA512_256 = 21,
|
||||
WC_HASH_TYPE_SHAKE128 = 22,
|
||||
WC_HASH_TYPE_SHAKE256 = 23,
|
||||
|
||||
WC_HASH_TYPE_MAX = WC_HASH_TYPE_SHAKE256
|
||||
#else
|
||||
WC_HASH_TYPE_NONE = 0,
|
||||
WC_HASH_TYPE_MD2 = 1,
|
||||
|
|
|
|||
Loading…
Reference in New Issue