il y a 6 ans · 6fdbe02291
--- a/.gitignore
+++ b/.gitignore
@@ -38,7 +38,9 @@ tags
 
				 cyassl-config
			
 
				 wolfssl-config
			
 
				 cyassl.sublime*
			
 
				+fips.h
			
 
				 fips.c
			
 
				+fipsv2.c
			
 
				 fips_test.c
			
 
				 fips
			
 
				 src/async.c
			
--- a/autogen.sh
+++ b/autogen.sh
@@ -18,6 +18,8 @@ if test -e .git; then
 
				   # touch fips files for non fips distribution
			
 
				   touch ./ctaocrypt/src/fips.c
			
 
				   touch ./ctaocrypt/src/fips_test.c
			
 
				+  touch ./wolfcrypt/src/fipsv2.c
			
 
				+  touch ./wolfssl/wolfcrypt/fips.h
			
 
				 
			
 
				   # touch async crypt files
			
 
				   touch ./wolfcrypt/src/async.c
			
--- a/configure.ac
+++ b/configure.ac
@@ -1934,7 +1934,8 @@ then
 
				     AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
			
 
				     # Add the FIPS flag.
			
 
				     AS_IF([test "x$FIPS_VERSION" = "xv2"],
			
 
				-          [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2"])
			
 
				+          [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN"
			
 
				+           ENABLED_KEYGEN="yes"])
			
 
				 else
			
 
				     if test "x$ENABLED_FORTRESS" = "xyes"
			
 
				     then
			
--- a/src/include.am
+++ b/src/include.am
@@ -36,6 +36,10 @@ if BUILD_RSA
 
				 src_libwolfssl_la_SOURCES += ctaocrypt/src/rsa.c
			
 
				 endif
			
 
				 
			
 
				+if BUILD_ECC
			
 
				+src_libwolfssl_la_SOURCES += wolfcrypt/src/ecc.c
			
 
				+endif
			
 
				+
			
 
				 if BUILD_AES
			
 
				 src_libwolfssl_la_SOURCES += ctaocrypt/src/aes.c
			
 
				 endif
			
@@ -53,6 +57,7 @@ src_libwolfssl_la_SOURCES += ctaocrypt/src/sha512.c
 
				 endif
			
 
				 
			
 
				 src_libwolfssl_la_SOURCES += ctaocrypt/src/fips.c
			
 
				+src_libwolfssl_la_SOURCES += wolfcrypt/src/fipsv2.c
			
 
				 src_libwolfssl_la_SOURCES += ctaocrypt/src/fips_test.c
			
 
				 
			
 
				 # fips last file
			
@@ -218,9 +223,11 @@ if BUILD_SLOWMATH
 
				 src_libwolfssl_la_SOURCES += wolfcrypt/src/integer.c
			
 
				 endif
			
 
				 
			
 
				+if !BUILD_FIPS
			
 
				 if BUILD_ECC
			
 
				 src_libwolfssl_la_SOURCES += wolfcrypt/src/ecc.c
			
 
				 endif
			
 
				+endif
			
 
				 
			
 
				 if BUILD_CURVE25519
			
 
				 src_libwolfssl_la_SOURCES += wolfcrypt/src/curve25519.c
			
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -93,6 +93,16 @@ ECC Curve Sizes:
 
				 #endif
			
 
				 
			
 
				 
			
 
				+#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
			
 
				+    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
			
 
				+    #define FIPS_NO_WRAPPERS
			
 
				+
			
 
				+	#ifdef USE_WINDOWS_API
			
 
				+		#pragma code_seg(".fipsA$e2")
			
 
				+		#pragma const_seg(".fipsB$e2")
			
 
				+	#endif
			
 
				+#endif
			
 
				+
			
 
				 #include <wolfssl/wolfcrypt/ecc.h>
			
 
				 #include <wolfssl/wolfcrypt/asn.h>
			
 
				 #include <wolfssl/wolfcrypt/error-crypt.h>
			
@@ -3786,10 +3796,10 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
 
				   Free an ECC key from memory
			
 
				   key   The key you wish to free
			
 
				 */
			
 
				-void wc_ecc_free(ecc_key* key)
			
 
				+int wc_ecc_free(ecc_key* key)
			
 
				 {
			
 
				     if (key == NULL) {
			
 
				-        return;
			
 
				+        return 0;
			
 
				     }
			
 
				 
			
 
				 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
			
@@ -3808,6 +3818,7 @@ void wc_ecc_free(ecc_key* key)
 
				 
			
 
				     mp_forcezero(&key->k);
			
 
				 #endif /* WOLFSSL_ATECC508A */
			
 
				+	return 0;
			
 
				 }
			
 
				 
			
 
				 #ifdef ECC_SHAMIR
			
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@@ -27,6 +27,10 @@
 
				 
			
 
				 #ifdef HAVE_ECC
			
 
				 
			
 
				+#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
			
 
				+    #include <wolfssl/wolfcrypt/fips.h>
			
 
				+#endif /* HAVE_FIPS_VERSION >= 2 */
			
 
				+
			
 
				 #include <wolfssl/wolfcrypt/integer.h>
			
 
				 #include <wolfssl/wolfcrypt/random.h>
			
 
				 
			
@@ -172,6 +176,8 @@ typedef enum ecc_curve_id {
 
				 #endif
			
 
				 } ecc_curve_id;
			
 
				 
			
 
				+#if !defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)
			
 
				+
			
 
				 #ifdef HAVE_OID_ENCODING
			
 
				 typedef word16 ecc_oid_t;
			
 
				 #else
			
@@ -198,6 +204,7 @@ typedef struct ecc_set_type {
 
				     int         cofactor;
			
 
				 } ecc_set_type;
			
 
				 
			
 
				+#endif
			
 
				 
			
 
				 #ifdef ALT_ECC_SIZE
			
 
				 
			
@@ -258,6 +265,7 @@ typedef struct alt_fp_int {
 
				 #endif /* ALT_ECC_SIZE */
			
 
				 
			
 
				 
			
 
				+#if !defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)
			
 
				 /* A point on an ECC curve, stored in Jacbobian format such that (x,y,z) =>
			
 
				    (x/z^2, y/z^3, 1) when interpreted as affine */
			
 
				 typedef struct {
			
@@ -315,6 +323,7 @@ struct ecc_key {
 
				     typedef struct ecc_key ecc_key;
			
 
				     #define WC_ECCKEY_TYPE_DEFINED
			
 
				 #endif
			
 
				+#endif
			
 
				 
			
 
				 
			
 
				 /* ECC predefined curve sets  */
			
@@ -387,7 +396,7 @@ int wc_ecc_init(ecc_key* key);
 
				 WOLFSSL_API
			
 
				 int wc_ecc_init_ex(ecc_key* key, void* heap, int devId);
			
 
				 WOLFSSL_API
			
 
				-void wc_ecc_free(ecc_key* key);
			
 
				+int wc_ecc_free(ecc_key* key);
			
 
				 WOLFSSL_API
			
 
				 int wc_ecc_set_flags(ecc_key* key, word32 flags);
			
 
				 WOLFSSL_API
			
--- a/wolfssl/wolfcrypt/include.am
+++ b/wolfssl/wolfcrypt/include.am
@@ -20,6 +20,7 @@ nobase_include_HEADERS+= \
 
				                          wolfssl/wolfcrypt/fe_operations.h \
			
 
				                          wolfssl/wolfcrypt/ge_operations.h \
			
 
				                          wolfssl/wolfcrypt/error-crypt.h \
			
 
				+                         wolfssl/wolfcrypt/fips.h \
			
 
				                          wolfssl/wolfcrypt/fips_test.h \
			
 
				                          wolfssl/wolfcrypt/hash.h \
			
 
				                          wolfssl/wolfcrypt/hc128.h \