wolfSSL · ColtonWilley · Jan 29, 2026 · Jan 16, 2026 · Jan 19, 2026 · Jan 20, 2026
diff --git a/include/wolfprovider/internal.h b/include/wolfprovider/internal.h
@@ -162,7 +162,51 @@ int wp_provctx_lock_rng(WOLFPROV_CTX* provCtx);
 void wp_provctx_unlock_rng(WOLFPROV_CTX* provCtx);
 
 #ifdef HAVE_FIPS
-wolfSSL_Mutex *wp_get_cast_mutex(void);
+/* CAST self-test algorithm categories */
+#define WP_CAST_ALGO_AES    0
+#define WP_CAST_ALGO_HMAC   1
+#define WP_CAST_ALGO_DRBG   2
+#define WP_CAST_ALGO_RSA    3
+#define WP_CAST_ALGO_ECDSA  4
+#define WP_CAST_ALGO_ECDH   5
+#define WP_CAST_ALGO_DH     6
+#define WP_CAST_ALGO_COUNT  7
+
+wolfSSL_Mutex *wp_get_cast_mutex(int algo);
+int wp_get_cast_init(int algo);
+void wp_set_cast_init(int algo, int init);
+int wp_init_cast(int algo);
+
+/**
+ * Check FIPS CAST for algorithm. Returns 0 on failure.
+ * Use at function entry points that return int (1=success, 0=failure).
+ */
+#define WP_CHECK_FIPS_ALGO(algo) \
+    do { \
+        if (wp_init_cast(algo) != 1) { \
+            WOLFPROV_ERROR_MSG(WP_LOG_COMP_PROVIDER, \
+                "FIPS CAST initialization failed"); \
+            return 0; \
+        } \
+    } while (0)
+
+/**
+ * Check FIPS CAST for algorithm. Returns NULL on failure.
+ * Use at function entry points that return pointers (NULL=failure).
+ */
+#define WP_CHECK_FIPS_ALGO_PTR(algo) \
+    do { \
+        if (wp_init_cast(algo) != 1) { \
+            WOLFPROV_ERROR_MSG(WP_LOG_COMP_PROVIDER, \
+                "FIPS CAST initialization failed"); \
+            return NULL; \
+        } \
+    } while (0)
+
+#else
+/* Non-FIPS: no-op */
+#define WP_CHECK_FIPS_ALGO(algo) do { } while (0)
+#define WP_CHECK_FIPS_ALGO_PTR(algo) do { } while (0)
 #endif
 #endif
 

diff --git a/include/wolfprovider/settings.h b/include/wolfprovider/settings.h
@@ -76,6 +76,9 @@
     #define WP_HAVE_GMAC
 #endif
 
+#ifndef NO_AES
+    #define WP_HAVE_AES
+#endif
 #ifdef HAVE_AES_ECB
     #define WP_HAVE_AESECB
 #endif

diff --git a/src/wp_aes_aead.c b/src/wp_aes_aead.c
@@ -1022,6 +1022,9 @@ static int wp_aesgcm_einit(wp_AeadCtx* ctx, const unsigned char *key,
     if (!wolfssl_prov_is_running()) {
         ok = 0;
     }
+    if (ok) {
+        WP_CHECK_FIPS_ALGO(WP_CAST_ALGO_AES);
+    }
 #ifdef WOLFSSL_AESGCM_STREAM
     if (ok) {
         int rc;
@@ -1108,6 +1111,9 @@ static int wp_aesgcm_dinit(wp_AeadCtx *ctx, const unsigned char *key,
     if (!wolfssl_prov_is_running()) {
         ok = 0;
     }
+    if (ok) {
+        WP_CHECK_FIPS_ALGO(WP_CAST_ALGO_AES);
+    }
 #ifdef WOLFSSL_AESGCM_STREAM
     if (ok && key != NULL) {
         int rc = wc_AesGcmDecryptInit(aes, key, (word32)keyLen, iv, (word32)ivLen);
@@ -1754,6 +1760,9 @@ static int wp_aesccm_init(wp_AeadCtx* ctx, const unsigned char *key,
     if (!wolfssl_prov_is_running()) {
         ok = 0;
     }
+    if (ok) {
+        WP_CHECK_FIPS_ALGO(WP_CAST_ALGO_AES);
+    }
     if (ok && (key != NULL)) {
         rc = wc_AesCcmSetKey(&ctx->aes, key, (word32)keyLen);
         if (rc != 0) {

diff --git a/src/wp_aes_block.c b/src/wp_aes_block.c
@@ -328,7 +328,9 @@ static int wp_aes_block_init(wp_AesBlockCtx *ctx, const unsigned char *key,
             ok = 0;
         }
         if (ok) {
-            int rc = wc_AesSetKey(&ctx->aes, key, (word32)ctx->keyLen, ctx->iv,
+            int rc;
+            WP_CHECK_FIPS_ALGO(WP_CAST_ALGO_AES);
+            rc = wc_AesSetKey(&ctx->aes, key, (word32)ctx->keyLen, ctx->iv,
                 enc ? AES_ENCRYPTION : AES_DECRYPTION);
             if (rc != 0) {
                 WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_AesSetKey", rc);

diff --git a/src/wp_aes_stream.c b/src/wp_aes_stream.c
@@ -314,12 +314,14 @@ static int wp_aes_stream_init(wp_AesStreamCtx *ctx, const unsigned char *key,
             ok = 0;
         }
         if (ok) {
+            int rc;
 #if defined(WP_HAVE_AESCTS)
             if (ctx->mode == EVP_CIPH_CBC_MODE && !enc) {
                 dir = AES_DECRYPTION;
             }
 #endif
-            int rc = wc_AesSetKey(&ctx->aes, key, (word32)ctx->keyLen, iv,
+            WP_CHECK_FIPS_ALGO(WP_CAST_ALGO_AES);
+            rc = wc_AesSetKey(&ctx->aes, key, (word32)ctx->keyLen, iv,
                 dir);
             if (rc != 0) {
                 WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_AesSetKey", rc);

diff --git a/src/wp_aes_wrap.c b/src/wp_aes_wrap.c
@@ -266,7 +266,9 @@ static int wp_aes_wrap_init(wp_AesWrapCtx *ctx, const unsigned char *key,
         }
         if (ok) {
         #if LIBWOLFSSL_VERSION_HEX >= 0x05000000
-            int rc = wc_AesSetKey(&ctx->aes, key, (word32)ctx->keyLen, iv,
+            int rc;
+            WP_CHECK_FIPS_ALGO(WP_CAST_ALGO_AES);
+            rc = wc_AesSetKey(&ctx->aes, key, (word32)ctx->keyLen, iv,
                 wrap ? AES_ENCRYPTION : AES_DECRYPTION);
             if (rc != 0) {
                 WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_AesSetKey", rc);

diff --git a/src/wp_dh_kmgmt.c b/src/wp_dh_kmgmt.c
@@ -1156,6 +1156,9 @@ static int wp_dh_import(wp_Dh* dh, int selection, const OSSL_PARAM params[])
     if (!wolfssl_prov_is_running()) {
         ok = 0;
     }
+    if (ok) {
+        WP_CHECK_FIPS_ALGO(WP_CAST_ALGO_DH);
+    }
     if (ok && (dh == NULL)) {
         ok = 0;
     }
@@ -1832,6 +1835,8 @@ static wp_Dh* wp_dh_gen(wp_DhGenCtx *ctx, OSSL_CALLBACK *cb, void *cbArg)
     (void)cb;
     (void)cbArg;
 
+    WP_CHECK_FIPS_ALGO_PTR(WP_CAST_ALGO_DH);
+
     /* Create a new DH key object to hold generated data. */
     dh = wp_dh_new(ctx->provCtx);
     if (dh != NULL) {
@@ -2064,6 +2069,8 @@ static int wp_dh_decode_spki(wp_Dh* dh, unsigned char* data, word32 len)
 
     WOLFPROV_ENTER_SILENT(WP_LOG_COMP_DH, WOLFPROV_FUNC_NAME);
 
+    WP_CHECK_FIPS_ALGO(WP_CAST_ALGO_DH);
+
     rc = wc_DhPublicKeyDecode(data, &idx, &dh->key, len);
     if (rc != 0) {
         ok = 0;
@@ -2127,6 +2134,8 @@ static int wp_dh_decode_pki(wp_Dh* dh, unsigned char* data, word32 len)
 
     WOLFPROV_ENTER_SILENT(WP_LOG_COMP_DH, WOLFPROV_FUNC_NAME);
 
+    WP_CHECK_FIPS_ALGO(WP_CAST_ALGO_DH);
+
     rc = wc_DhKeyDecode(data, &idx, &dh->key, len);
     if (rc != 0) {
         ok = 0;

diff --git a/src/wp_ecc_kmgmt.c b/src/wp_ecc_kmgmt.c
@@ -1767,6 +1767,9 @@ static wp_Ecc* wp_ecc_gen(wp_EccGenCtx *ctx, OSSL_CALLBACK *cb, void *cbArg)
     (void)cb;
     (void)cbArg;
 
+    WP_CHECK_FIPS_ALGO_PTR(WP_CAST_ALGO_ECDSA);
+    WP_CHECK_FIPS_ALGO_PTR(WP_CAST_ALGO_ECDH);
+
     if (ctx->curveName[0] != '\0') {
         ecc = wp_ecc_new(ctx->provCtx);
     }

diff --git a/src/wp_ecdh_exch.c b/src/wp_ecdh_exch.c
@@ -184,6 +184,9 @@ static int wp_ecdh_init(wp_EcdhCtx* ctx, wp_Ecc* ecc, const OSSL_PARAM params[])
     if (!wolfssl_prov_is_running()) {
         ok = 0;
     }
+    if (ok) {
+        WP_CHECK_FIPS_ALGO(WP_CAST_ALGO_ECDH);
+    }
     if (ok && (ctx->key != ecc)) {
         /* Free old key and up reference new key. */
         wp_ecc_free(ctx->key);

diff --git a/src/wp_ecdsa_sig.c b/src/wp_ecdsa_sig.c
@@ -190,7 +190,10 @@ static int wp_ecdsa_signverify_init(wp_EcdsaSigCtx *ctx, wp_Ecc* ecc,
     if (ctx == NULL || (ecc == NULL && ctx->ecc == NULL)) {
         ok = 0;
     }
-    else if (ecc != NULL) {
+    if (ok) {
+        WP_CHECK_FIPS_ALGO(WP_CAST_ALGO_ECDSA);
+    }
+    if (ok && (ecc != NULL)) {
         if (!wp_ecc_up_ref(ecc)) {
             ok = 0;
         }

diff --git a/src/wp_hmac.c b/src/wp_hmac.c
@@ -126,6 +126,8 @@ static int wp_hmac_set_key(wp_HmacCtx* macCtx, const unsigned char* key,
 
     WOLFPROV_ENTER(WP_LOG_COMP_MAC, "wp_hmac_set_key");
 
+    WP_CHECK_FIPS_ALGO(WP_CAST_ALGO_HMAC);
+
     if (macCtx->keyLen > 0) {
         OPENSSL_secure_clear_free(macCtx->key, macCtx->keyLen);
     }