Hardcode OID

include/wolfprovider/internal.h

@@ -38,6 +38,17 @@
 
 #include "wp_params.h"
 
+#ifndef AES_BLOCK_SIZE
+    #include <openssl/aes.h>
+    #ifndef AES_BLOCK_SIZE
+        #ifdef WC_NO_COMPAT_AES_BLOCK_SIZE
+            #define AES_BLOCK_SIZE WC_AES_BLOCK_SIZE
+        #else
+            #error AES_BLOCK_SIZE not defined when it should be
+        #endif
+    #endif
+#endif
+
 #ifndef WP_INTERNAL_H
 #define WP_INTERNAL_H
 

scripts/utils-wolfssl.sh

@@ -22,7 +22,7 @@ SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 source ${SCRIPT_DIR}/utils-general.sh
 
 WOLFSSL_GIT=${WOLFSSL_GIT:-"https://github.com/wolfSSL/wolfssl.git"}
-WOLFSSL_TAG=${WOLFSSL_TAG:-"v5.7.2-stable"}
+WOLFSSL_TAG=${WOLFSSL_TAG:-"v5.7.4-stable"}
 WOLFSSL_SOURCE_DIR=${SCRIPT_DIR}/../wolfssl-source
 WOLFSSL_INSTALL_DIR=${SCRIPT_DIR}/../wolfssl-install
 WOLFSSL_ISFIPS=${WOLFSSL_ISFIPS:-0}
@@ -78,10 +78,10 @@ install_wolfssl() {
         fi
         if [ "$WOLFSSL_ISFIPS" = "1" ]; then
             printf "with FIPS ... "
-            CONF_ARGS+=" --enable-fips=ready"
+            CONF_ARGS+=" --enable-fips=v5"
             if [ ! -e "XXX-fips-test" ]; then
                 # Sometimes the system OpenSSL is different than the one we're using. So for the 'git' commands, we'll just use whatever the system comes with
-                LD_LIBRARY_PATH="" ./fips-check.sh keep nomakecheck fips-ready >>$LOG_FILE 2>&1
+                LD_LIBRARY_PATH="" ./fips-check.sh keep nomakecheck linuxv5 >>$LOG_FILE 2>&1
                 if [ $? != 0 ]; then
                     printf "ERROR checking out FIPS\n"
                     rm -rf ${WOLFSSL_INSTALL_DIR}

src/wp_digests.c

@@ -583,7 +583,7 @@ static int name##_final(CTX* ctx, unsigned char* out, size_t* outLen,          \
         ok = 0;                                                                \
     }                                                                          \
     if (ok) {                                                                  \
-        int rc = fin(&ctx->obj, out, ctx->outLen);                             \
+        int rc = fin(&ctx->obj, out, (word32)ctx->outLen);                     \
         if (rc != 0) {                                                         \
             ok = 0;                                                            \
         }                                                                      \

src/wp_ecx_exch.c

@@ -230,7 +230,7 @@ static int wp_x25519_derive(wp_EcxCtx* ctx, unsigned char* secret,
     }
     else if (ok) {
         int rc;
-        word32 len = secSize;
+        word32 len = (word32)secSize;
         int i;
 
         rc = wc_curve25519_shared_secret(wp_ecx_get_key(ctx->key),
@@ -316,7 +316,7 @@ static int wp_x448_derive(wp_EcxCtx* ctx, unsigned char* secret,
     }
     else if (ok) {
         int rc;
-        word32 len = secSize;
+        word32 len = (word32)secSize;
 
         rc = wc_curve448_shared_secret(wp_ecx_get_key(ctx->key),
             wp_ecx_get_key(ctx->peer), secret, &len);

src/wp_ecx_kmgmt.c

@@ -404,7 +404,7 @@ static int wp_ecx_set_params(wp_Ecx* ecx, const OSSL_PARAM params[])
         ok = 0;
     }
     if (ok && (data != NULL)) {
-        int rc = (*ecx->data->importPub)(data, len, (void*)&ecx->key,
+        int rc = (*ecx->data->importPub)(data, (word32)len, (void*)&ecx->key,
             ECX_LITTLE_ENDIAN);
         if (rc != 0) {
             ok = 0;
@@ -479,7 +479,7 @@ static int wp_ecx_get_params_enc_pub_key(wp_Ecx* ecx, OSSL_PARAM params[],
 
     p = OSSL_PARAM_locate(params, key);
     if (p != NULL) {
-        word32 outLen = p->return_size;
+        word32 outLen = (word32)p->return_size;
 
         if (p->data == NULL) {
             outLen = ecx->data->len;
@@ -513,7 +513,7 @@ static int wp_ecx_get_params_priv_key(wp_Ecx* ecx, OSSL_PARAM params[])
 
     p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PRIV_KEY);
     if (p != NULL) {
-        word32 outLen = p->return_size;
+        word32 outLen = (word32)p->return_size;
 
         if (p->data == NULL) {
             outLen = ecx->data->len;
@@ -869,7 +869,7 @@ static int wp_ecx_import(wp_Ecx* ecx, int selection, const OSSL_PARAM params[])
         if (ok && (privData != NULL)) {
             ecx->unclamped[0] = privData[0];
             ecx->unclamped[1] = privData[len - 1];
-            rc = (*ecx->data->importPriv)(privData, len, (void*)&ecx->key,
+            rc = (*ecx->data->importPriv)(privData, (word32)len, (void*)&ecx->key,
                 ECX_LITTLE_ENDIAN);
             if (rc != 0) {
                 ok = 0;
@@ -886,7 +886,7 @@ static int wp_ecx_import(wp_Ecx* ecx, int selection, const OSSL_PARAM params[])
             ok = 0;
         }
         if (ok && (pubData != NULL)) {
-            rc = (*ecx->data->importPub)(pubData, len, (void*)&ecx->key,
+            rc = (*ecx->data->importPub)(pubData, (word32)len, (void*)&ecx->key,
                 ECX_LITTLE_ENDIAN);
             if (rc != 0) {
                 ok = 0;
@@ -2034,7 +2034,7 @@ static int wp_ecx_encode(wp_EcxEncDecCtx* ctx, OSSL_CORE_BIO *cBio,
         keyLen = derLen;
     }
     else if (ok && (ctx->encoding == WP_FORMAT_PEM)) {
-        rc = wc_DerToPemEx(derData, derLen, NULL, 0, cipherInfo, pemType);
+        rc = wc_DerToPemEx(derData, (word32)derLen, NULL, 0, cipherInfo, pemType);
         if (rc <= 0) {
             ok = 0;
         }
@@ -2046,7 +2046,7 @@ static int wp_ecx_encode(wp_EcxEncDecCtx* ctx, OSSL_CORE_BIO *cBio,
             }
         }
         if (ok) {
-            rc = wc_DerToPemEx(derData, derLen, pemData, pemLen, cipherInfo,
+            rc = wc_DerToPemEx(derData, (word32)derLen, pemData, (word32)pemLen, cipherInfo,
                 pemType);
             if (rc <= 0) {
                 ok = 0;
@@ -2058,7 +2058,7 @@ static int wp_ecx_encode(wp_EcxEncDecCtx* ctx, OSSL_CORE_BIO *cBio,
         }
     }
     if (ok) {
-        rc = BIO_write(out, keyData, keyLen);
+        rc = BIO_write(out, keyData, (int)keyLen);
         if (rc <= 0) {
             ok = 0;
         }

src/wp_ecx_sig.c

@@ -362,7 +362,7 @@ static int wp_ed25519_digest_sign(wp_EcxSigCtx *ctx, unsigned char *sig,
         if (sigSize == (size_t)-1) {
             sigSize = *sigLen;
         }
-        len = sigSize;
+        len = (word32)sigSize;
 
         if (!ed25519->pubKeySet) {
             unsigned char pubKey[ED25519_PUB_KEY_SIZE];
@@ -379,7 +379,7 @@ static int wp_ed25519_digest_sign(wp_EcxSigCtx *ctx, unsigned char *sig,
             }
         }
         if (ok) {
-            rc = wc_ed25519_sign_msg(tbs, tbsLen, sig, &len, ed25519);
+            rc = wc_ed25519_sign_msg(tbs, (word32)tbsLen, sig, &len, ed25519);
             if (rc != 0) {
                 ok = 0;
             }
@@ -434,8 +434,8 @@ static int wp_ed25519_digest_verify(wp_EcxSigCtx *ctx, unsigned char *sig,
     }
     if (ok) {
         int res;
-        int rc = wc_ed25519_verify_msg(sig, sigLen, tbs, tbsLen, &res,
-            wp_ecx_get_key(ctx->ecx));
+        int rc = wc_ed25519_verify_msg(sig, (word32)sigLen, tbs, (word32)tbsLen,
+                &res, wp_ecx_get_key(ctx->ecx));
         if (rc != 0) {
             ok = 0;
         }
@@ -504,7 +504,7 @@ static int wp_ed448_digest_sign(wp_EcxSigCtx *ctx, unsigned char *sig,
         if (sigSize == (size_t)-1) {
             sigSize = *sigLen;
         }
-        len = sigSize;
+        len = (word32)sigSize;
 
         if (!ed448->pubKeySet) {
             unsigned char pubKey[ED448_PUB_KEY_SIZE];
@@ -521,7 +521,7 @@ static int wp_ed448_digest_sign(wp_EcxSigCtx *ctx, unsigned char *sig,
             }
         }
         if (ok) {
-            rc = wc_ed448_sign_msg(tbs, tbsLen, sig, &len,
+            rc = wc_ed448_sign_msg(tbs, (word32)tbsLen, sig, &len,
                 (ed448_key*)wp_ecx_get_key(ctx->ecx), NULL, 0);
             if (rc != 0) {
                 ok = 0;
@@ -582,8 +582,8 @@ static int wp_ed448_digest_verify(wp_EcxSigCtx *ctx, unsigned char *sig,
     }
     if (ok) {
         int res;
-        int rc = wc_ed448_verify_msg(sig, sigLen, tbs, tbsLen, &res,
-            wp_ecx_get_key(ctx->ecx), NULL, 0);
+        int rc = wc_ed448_verify_msg(sig, (word32)sigLen, tbs, (word32)tbsLen,
+                &res, wp_ecx_get_key(ctx->ecx), NULL, 0);
         if (rc != 0) {
             ok = 0;
         }

src/wp_rsa_sig.c

@@ -1247,7 +1247,13 @@ static int wp_rsa_get_alg_id(wp_RsaSigCtx* ctx, OSSL_PARAM* p)
     /* TODO: implement */
     (void)ctx;
     (void)p;
-    return 0;
+    const byte sha256WithRSAEncryptionOid[] = {0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x04, 0x10};
+    int ok = 1;
+
+    if (ok && (!OSSL_PARAM_set_octet_string(p, sha256WithRSAEncryptionOid, sizeof(sha256WithRSAEncryptionOid)))) {
+        ok = 0;
+    }
+    return ok;
 }
 
 /**

src/wp_wolfprov.c

@@ -1123,6 +1123,34 @@ static const OSSL_DISPATCH wolfprov_dispatch_table[] = {
     { 0, NULL }
 };
 
+#ifdef HAVE_FIPS
+    #include <wolfssl/wolfcrypt/fips_test.h>
+
+    static void wp_fipsCb(int ok, int err, const char* hash)
+    {
+        (void)ok;
+        (void)err;
+        (void)hash;
+        WOLFPROVIDER_MSG(WE_LOG_PROVIDER,
+           "in my Fips callback, ok = %d, err = %d\n", ok, err);
+        WOLFPROVIDER_MSG(WE_LOG_PROVIDER,
+           "message = %s\n", wc_GetErrorString(err));
+        WOLFPROVIDER_MSG(WE_LOG_PROVIDER,
+           "hash = %s\n", hash);
+
+#ifdef WC_NO_ERR_TRACE
+        if (err == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) {
+#else
+        if (err == IN_CORE_FIPS_E) {
+#endif
+            WOLFPROVIDER_MSG(WE_LOG_PROVIDER,
+               "In core integrity hash check failure, copy above hash\n");
+            WOLFPROVIDER_MSG(WE_LOG_PROVIDER,
+               "into verifyCore[] in fips_test.c and rebuild\n");
+        }
+    }
+#endif
+
 /*
  * Initializes the wolfSSL provider.
  *
@@ -1144,6 +1172,10 @@ int wolfssl_provider_init(const OSSL_CORE_HANDLE* handle,
     wolfSSL_SetLoggingPrefix("wolfSSL");
 #endif
 
+#ifdef HAVE_FIPS
+    wolfCrypt_SetCb_fips(wp_fipsCb);
+#endif
+
     for (; in->function_id != 0; in++) {
         switch (in->function_id) {
             case OSSL_FUNC_CORE_GETTABLE_PARAMS: