From 0d465cf42fb75fdc668b326e6a911b8d5998e6bd Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 4 Nov 2021 11:58:28 -0700
Subject: [PATCH 1/2] Add AES-OFB to FIPSv5 build as v5-RC10 (5,2)

---
 configure.ac              | 11 +++++++++++
 wolfssl/wolfcrypt/types.h |  2 +-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 67cdd3b69..dd8c3c16d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -248,6 +248,12 @@ AS_CASE([$ENABLED_FIPS],
         HAVE_FIPS_VERSION=2
         ENABLED_FIPS="yes"
     ],
+    [v5-RC10],[
+        FIPS_VERSION="v5-RC10"
+        HAVE_FIPS_VERSION=5
+        HAVE_FIPS_VERSION_MINOR=2
+        ENABLED_FIPS="yes"
+    ],
     [v5|v5-RC9|v5-REL],[
         FIPS_VERSION="v5-RC9"
         HAVE_FIPS_VERSION=5
@@ -3444,6 +3450,11 @@ AS_CASE([$FIPS_VERSION],
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
         AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_3072 -DHAVE_FFDHE_4096 -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192"
         DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192
+        if test $HAVE_FIPS_VERSION_MINOR -ge 2; then
+            if test "x$ENABLED_AESOFB" = "xno"; then
+                ENABLED_AESOFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB"
+            fi
+        fi
     ],
     ["v3"],[ # FIPS 140-2 Ready
         AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q -DWOLFSSL_ECDSA_SET_K"
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index 964aa2c65..957b43cb6 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -1271,7 +1271,7 @@ decouple library dependencies with standard string, memory and so on.
     #endif
 
 
-    #if FIPS_VERSION_EQ(5,1)
+    #if FIPS_VERSION_GE(5,1)
         #define WC_SPKRE_F(x,y) wolfCrypt_SetPrivateKeyReadEnable_fips((x),(y))
         #define PRIVATE_KEY_LOCK() WC_SPKRE_F(0,WC_KEYTYPE_ALL)
         #define PRIVATE_KEY_UNLOCK() WC_SPKRE_F(1,WC_KEYTYPE_ALL)

From 13871cf5478dbbc20461a16d899f2c3b4e496629 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Mon, 15 Nov 2021 10:02:53 -0800
Subject: [PATCH 2/2] Set RC10 to be the default v5 FIPS build.

---
 configure.ac | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index dd8c3c16d..df0594bee 100644
--- a/configure.ac
+++ b/configure.ac
@@ -248,13 +248,13 @@ AS_CASE([$ENABLED_FIPS],
         HAVE_FIPS_VERSION=2
         ENABLED_FIPS="yes"
     ],
-    [v5-RC10],[
+    [v5|v5-RC10],[
         FIPS_VERSION="v5-RC10"
         HAVE_FIPS_VERSION=5
         HAVE_FIPS_VERSION_MINOR=2
         ENABLED_FIPS="yes"
     ],
-    [v5|v5-RC9|v5-REL],[
+    [v5-RC9|v5-REL],[
         FIPS_VERSION="v5-RC9"
         HAVE_FIPS_VERSION=5
         HAVE_FIPS_VERSION_MINOR=1