Merge pull request #8328 from douzzer/20250102-fips-v6-update-to-5v7v6

20250102-fips-v6-update-to-5v7v6
wolfSSL · Jan 3, 2025 · 71b7d0c · 71b7d0c
2 parents 5a6e92c + bb482d1
commit 71b7d0c
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 6 deletions.
diff --git a/fips-check.sh b/fips-check.sh
@@ -237,9 +237,9 @@ linuxv5|linuxv5.2.1)
   )
   ;;
 v6.0.0)
-  WOLF_REPO_TAG='WCv6.0.0-RC1'
-  FIPS_REPO_TAG='WCv6.0.0-RC1'
-  ASM_PICKUPS_TAG='WCv6.0.0-RC2'
+  WOLF_REPO_TAG='WCv6.0.0-RC3'
+  FIPS_REPO_TAG='WCv6.0.0-RC3'
+  ASM_PICKUPS_TAG='WCv6.0.0-RC3'
   FIPS_OPTION='v6'
   FIPS_FILES=(
     "wolfcrypt/src/fips.c:${FIPS_REPO_TAG}"
@@ -261,6 +261,8 @@ v6.0.0)
     "wolfcrypt/src/port/arm/armv8-32-curve25519.S:${WOLF_REPO_TAG}"
     "wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c:${ASM_PICKUPS_TAG}"
     "wolfcrypt/src/port/arm/armv8-32-sha256-asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/armv8-32-sha3-asm.S:${WOLF_REPO_TAG}"
     "wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c:${ASM_PICKUPS_TAG}"
     "wolfcrypt/src/port/arm/armv8-32-sha512-asm.S:${WOLF_REPO_TAG}"
     "wolfcrypt/src/port/arm/armv8-aes.c:${ASM_PICKUPS_TAG}"
@@ -306,6 +308,8 @@ v6.0.0)
     "wolfcrypt/src/port/arm/thumb2-curve25519.S:${WOLF_REPO_TAG}"
     "wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c:${WOLF_REPO_TAG}"
     "wolfcrypt/src/port/arm/thumb2-sha256-asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/thumb2-sha3-asm.S:${WOLF_REPO_TAG}"
     "wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c:${WOLF_REPO_TAG}"
     "wolfcrypt/src/port/arm/thumb2-sha512-asm.S:${WOLF_REPO_TAG}"
     "wolfssl/wolfcrypt/aes.h:${WOLF_REPO_TAG}"
@@ -326,6 +330,9 @@ v6.0.0)
     "wolfssl/wolfcrypt/sha256.h:${WOLF_REPO_TAG}"
     "wolfssl/wolfcrypt/sha3.h:${WOLF_REPO_TAG}"
     "wolfssl/wolfcrypt/sha512.h:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/riscv/riscv-64-sha256.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/riscv/riscv-64-sha3.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/riscv/riscv-64-sha512.c:${WOLF_REPO_TAG}"
   )
   ;;
 fips-ready|fips-dev)

diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
@@ -166,7 +166,7 @@
         #include <openssl/rc5.h>
         #include <openssl/ripemd.h>
         #include <openssl/rsa.h>
-        #if defined(HAVE_FIPS_VERSION) && FIPS_VERSION3_LT(7,0,0)
+        #if defined(HAVE_FIPS_VERSION) && FIPS_VERSION3_LT(6,0,0)
             /* clear conflicting name */
             #undef RSA_PKCS1_PADDING_SIZE
         #endif

diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
@@ -438,9 +438,9 @@
 
 /* old FIPS has only AES_BLOCK_SIZE. */
 #if !defined(NO_AES) && (defined(HAVE_SELFTEST) || \
-     (defined(HAVE_FIPS) && FIPS_VERSION3_LT(7,0,0)))
+     (defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)))
     #define WC_AES_BLOCK_SIZE AES_BLOCK_SIZE
-#endif /* !NO_AES && (HAVE_SELFTEST || FIPS_VERSION3_LT(7,0,0)) */
+#endif /* !NO_AES && (HAVE_SELFTEST || FIPS_VERSION3_LT(6,0,0)) */
 
 #ifdef WOLFSSL_HARDEN_TLS
     #if WOLFSSL_HARDEN_TLS != 112 && WOLFSSL_HARDEN_TLS != 128