From b65d3fff56b8affe7ac745e76690040ec7391229 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 26 Nov 2024 19:38:10 -0600 Subject: [PATCH] fixes for OPENSSL_COEXIST with FIPS and with/without TEST_OPENSSL_COEXIST. --- wolfcrypt/test/test.c | 2 +- wolfssl/ssl.h | 9 +++++++++ wolfssl/wolfcrypt/settings.h | 5 +++++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index cfc618afa3..55909515f4 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -24986,7 +24986,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2) /* Expect failure with MD5 + HMAC when using FIPS 140-3. */ - if (HMAC(EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen, + if (wolfSSL_HMAC(wolfSSL_EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen, hash, 0) != NULL) #else if (wolfSSL_HMAC(wolfSSL_EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen, diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 22bb89f75f..8989f52044 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -117,6 +117,9 @@ #include #include #include + + #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + FIPS_VERSION3_GE(5,2,0)) #include #include #include @@ -163,6 +166,10 @@ #include #include #include + #if defined(HAVE_FIPS_VERSION) && FIPS_VERSION3_LT(7,0,0) + /* clear conflicting name */ + #undef RSA_PKCS1_PADDING_SIZE + #endif #include #include #include @@ -173,6 +180,8 @@ #include #include #include + #endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(5,2,0)) */ + #endif #elif (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 1a7cf1b8b5..2b415bd567 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -3660,6 +3660,11 @@ extern void uITRON4_free(void *p) ; #ifndef NO_OLD_WC_NAMES #define NO_OLD_WC_NAMES #endif + #if defined(HAVE_SELFTEST) || \ + (defined(HAVE_FIPS) && FIPS_VERSION3_LT(5,0,0)) + /* old FIPS needs this remapping. */ + #define Sha3 wc_Sha3 + #endif #endif #if defined(NO_OLD_WC_NAMES) || defined(OPENSSL_EXTRA)