diff --git a/src/wp_des.c b/src/wp_des.c index 757b33ae..2d585fc1 100644 --- a/src/wp_des.c +++ b/src/wp_des.c @@ -31,7 +31,7 @@ #if defined(WP_HAVE_DES3CBC) - +#if !defined(HAVE_FIPS) || defined(WP_ALLOW_NON_FIPS) /** * Data structure for DES3 ciphers that are block based. */ @@ -283,7 +283,6 @@ static int wp_des3_block_init(wp_Des3BlockCtx *ctx, const unsigned char *key, if (!wolfssl_prov_is_running()) { ok = 0; } - if (ok && (iv != NULL) && (ctx->mode != EVP_CIPH_ECB_MODE) && (!wp_des3_init_iv(ctx, iv, ivLen))) { ok = 0; @@ -866,6 +865,33 @@ IMPLEMENT_DES3_BLOCK_DISPATCH(lcmode, kBits, ivBits) /** wp_des3cbc_functions_functions */ IMPLEMENT_DES3_BLOCK(cbc, CBC, 192, 64) +#else /* defined(HAVE_FIPS) && !defined(WP_ALLOW_NON_FIPS */ + +#define IMPLEMENT_DES3_BLOCK_NULL(mode) \ +const OSSL_DISPATCH wp_des3##mode##_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, (DFUNC)wp_des3_null }, \ + { OSSL_FUNC_CIPHER_FREECTX, (DFUNC)wp_des3_void }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (DFUNC)wp_des3_null }, \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (DFUNC)wp_des3_null }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (DFUNC)wp_des3_null }, \ + { OSSL_FUNC_CIPHER_UPDATE, (DFUNC)wp_des3_null }, \ + { OSSL_FUNC_CIPHER_FINAL, (DFUNC)wp_des3_null }, \ + { OSSL_FUNC_CIPHER_CIPHER, (DFUNC)wp_des3_null }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, (DFUNC)wp_des3_null }, \ + { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, (DFUNC)wp_des3_null }, \ + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, (DFUNC)wp_des3_null }, \ + { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, (DFUNC)wp_des3_null }, \ + { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ + (DFUNC)wp_des3_null }, \ + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ + (DFUNC)wp_des3_null }, \ + { 0, NULL } \ +}; +static int wp_des3_null(void) { return 0; } +static void wp_des3_void(void) {} + +IMPLEMENT_DES3_BLOCK_NULL(cbc) -#endif /* WP_HAVE_AESCBC || WP_HAVE_AESECB */ +#endif +#endif /* WP_HAVE_DES3CBC */ diff --git a/src/wp_digests.c b/src/wp_digests.c index 2f35b553..1b6003ce 100644 --- a/src/wp_digests.c +++ b/src/wp_digests.c @@ -220,6 +220,24 @@ const OSSL_DISPATCH name##_functions[] = { \ { 0, NULL } \ }; +#if defined(HAVE_FIPS) && !defined(WP_ALLOW_NON_FIPS) +#define IMPLEMENT_DIGEST_NULL(name) \ +/** Dispatch table for digest algorithms. */ \ +const OSSL_DISPATCH name##_functions[] = { \ + { OSSL_FUNC_DIGEST_NEWCTX, (DFUNC)wp_digest_null }, \ + { OSSL_FUNC_DIGEST_INIT, (DFUNC)wp_digest_null }, \ + { OSSL_FUNC_DIGEST_UPDATE, (DFUNC)wp_digest_null }, \ + { OSSL_FUNC_DIGEST_FINAL, (DFUNC)wp_digest_null }, \ + { OSSL_FUNC_DIGEST_FREECTX, (DFUNC)wp_digest_void }, \ + { OSSL_FUNC_DIGEST_DUPCTX, (DFUNC)wp_digest_null }, \ + { OSSL_FUNC_DIGEST_GET_PARAMS, (DFUNC)wp_digest_null }, \ + { OSSL_FUNC_DIGEST_GETTABLE_PARAMS, (DFUNC)wp_digest_null }, \ + { 0, NULL } \ +}; + +static int wp_digest_null(void) { return 0; } +static void wp_digest_void(void) {} +#endif /** * Get parameters of a digest algorithm. @@ -292,18 +310,23 @@ static const OSSL_PARAM* wp_digest_gettable_params(void* provCtx) ******************************************************************************/ #ifdef WP_HAVE_MD5 +#if defined(HAVE_FIPS) && !defined(WP_ALLOW_NON_FIPS) +IMPLEMENT_DIGEST_NULL(wp_md5) +#else IMPLEMENT_DIGEST(wp_md5, wc_Md5, WC_MD5_BLOCK_SIZE, WC_MD5_DIGEST_SIZE, 0, wc_InitMd5_ex, wc_Md5Update, wc_Md5Final, wc_Md5Copy, wc_Md5Free) #endif +#endif /******************************************************************************* * SHA1-MD5 ******************************************************************************/ #ifdef WP_HAVE_MD5_SHA1 +#if !defined(HAVE_FIPS) || defined(WP_ALLOW_NON_FIPS) /** * Combined MD5 and SHA-1 digest. */ @@ -326,7 +349,6 @@ typedef struct wp_Md5Sha { static int wp_InitMd5Sha_ex(wp_Md5Sha* dgst, void* heap, int devId) { int rc; - rc = wc_InitMd5_ex(&dgst->md5, heap, devId); if (rc == 0) { rc = wc_InitSha_ex(&dgst->sha, heap, devId); @@ -411,12 +433,14 @@ static void wp_Md5ShaFree(wp_Md5Sha* d) wc_ShaFree(&d->sha); } } - IMPLEMENT_DIGEST(wp_md5_sha1, wp_Md5Sha, WC_MD5_BLOCK_SIZE, WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE, 0, wp_InitMd5Sha_ex, wp_Md5ShaUpdate, wp_Md5ShaFinal, wp_Md5ShaCopy, wp_Md5ShaFree) +#else /* defined(HAVE_FIPS) && !defined(WP_ALLOW_NON_FIPS) */ +IMPLEMENT_DIGEST_NULL(wp_md5_sha1) +#endif #endif /******************************************************************************* diff --git a/test/unit.c b/test/unit.c index 15fa2768..f1e1d17d 100644 --- a/test/unit.c +++ b/test/unit.c @@ -103,8 +103,10 @@ TEST_CASE test_case[] = { TEST_DECL(test_krb5kdf, NULL), #endif #ifdef WP_HAVE_DES3CBC - TEST_DECL(test_des3_cbc, NULL), - TEST_DECL(test_des3_cbc_stream, NULL), + #if !defined(HAVE_FIPS) || defined(WP_ALLOW_NON_FIPS) + TEST_DECL(test_des3_cbc, NULL), + TEST_DECL(test_des3_cbc_stream, NULL), + #endif #endif #ifdef WP_HAVE_AESECB TEST_DECL(test_aes128_ecb, NULL), @@ -293,7 +295,9 @@ TEST_CASE test_case[] = { #endif /* WP_HAVE_ECDSA */ #ifdef WP_HAVE_PBE - TEST_DECL(test_pbe, NULL), + #if !defined(HAVE_FIPS) || defined(WP_ALLOW_NON_FIPS) + TEST_DECL(test_pbe, NULL), + #endif #endif #if defined(WP_HAVE_ED25519) || defined(WP_HAVE_ED448)