Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
c13e69e
Implement FIPS shimming for wc_AesGcmEncrypt():
douzzer Jul 14, 2026
afd5c79
linuxkm/lkcapi_aes_glue.c: in the inner streaming loops for AES-GCM a…
douzzer Jul 14, 2026
8ef84e5
wolfcrypt/src/aes.c: revert atomic refactor of checkedAESNI, haveAESN…
douzzer Jul 14, 2026
87807c7
wolfssl/wolfcrypt/wc_compat.h, wolfssl/wolfcrypt/fips_test.h, .wolfss…
douzzer Jul 15, 2026
3625f92
wolfcrypt/src/ed25519.c, tests/api/test_ed25519.c:
douzzer Jul 15, 2026
664a1e3
configure.ac: add --enable-all-quantum-crypto "Enable all quantum-res…
douzzer Jul 15, 2026
2f77790
wolfcrypt/src/ed25519.c: whitespace fix (from AI review).
douzzer Jul 15, 2026
734d992
wolfssl/wolfcrypt/error-crypt.h: #include <wolfssl/wolfcrypt/wc_port.…
douzzer Jul 15, 2026
73c2bd3
wolfssl/wolfcrypt/wc_compat.h: FIPS v2 compatibility.
douzzer Jul 16, 2026
5cff312
wolfssl/wolfcrypt/wc_compat.h: in non-streaming wc_AesGcmEncrypt_comp…
douzzer Jul 16, 2026
66bf2db
configure.ac: don't include CShake or KMAC in enable-all-crypto when …
douzzer Jul 18, 2026
5af34a0
wolfssl/wolfcrypt/settings.h: add assert that WC_FIPS_AESGCM_ONE_SHOT…
douzzer Jul 18, 2026
bbda43a
wolfcrypt/src/kdf.c, wolfssl/wolfcrypt/kdf.h: use "hash_type", not "h…
douzzer Jul 18, 2026
f6bc2ec
configure.ac: fix DH dependencies for FIPS v7 (implicit --disable-dh).
douzzer Jul 18, 2026
c4875c9
linuxkm/linuxkm-fips-hash-wrapper.sh: fix dependency on SHA-2 coreKey.
douzzer Jul 18, 2026
b8850e3
wolfcrypt/src/sha3.c, wolfssl/wolfcrypt/sha3.h, wolfssl/wolfcrypt/err…
douzzer Jul 19, 2026
b05470c
configure.ac: more FIPS v7/ready/dev DH purging: omit HAVE_FFDHE_* too.
douzzer Jul 19, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .wolfssl_known_macro_extras
Original file line number Diff line number Diff line change
Expand Up @@ -218,6 +218,7 @@ CRYP_HEADERWIDTHUNIT_BYTE
CRYP_KEYIVCONFIG_ONCE
CRYP_KEYSIZE_192B
CSM_UNSUPPORTED_ALGS
CTAO_CRYPT_AES_H
CTYPE_USER
CURVED448_SMALL
CUSTOM_ENTROPY_TIMEHIRES
Expand Down Expand Up @@ -719,6 +720,7 @@ WC_ASYNC_THREAD_BIND
WC_BLINDING_NO_RNG_ACKNOWLEDGE_WEAKNESS
WC_CACHE_RESISTANT_BASE64_TABLE
WC_DISABLE_RADIX_ZERO_PAD
WC_FIPS_AESGCM_ONE_SHOT_EXT_IV_ALLOWED
WC_FLAG_DONT_USE_AESNI
WC_FORCE_LINUXKM_FORTIFY_SOURCE
WC_HASH_CUSTOM_MAX_BLOCK_SIZE
Expand Down Expand Up @@ -1067,12 +1069,15 @@ WOLFSSL_ZEPHYR
WOLF_ALLOW_BUILTIN
WOLF_CRYPTO_CB_CMD
WOLF_CRYPTO_DEV
WOLF_CRYPT_FIPS_H
WOLF_NO_TRAILING_ENUM_COMMAS
WindowsCE
XGETPASSWD
XMSS_CALL_PRF_KEYGEN
XPAR_VERSAL_CIPS_0_PSPMC_0_PSV_CORTEXA72_0_TIMESTAMP_CLK_FREQ
XSECURE_CACHE_DISABLE
fipsCastStatus_get
wc_Des3_SetKey
_ABI64
_ABIO64
_ARCH_PPC64
Expand Down
71 changes: 53 additions & 18 deletions configure.ac
Original file line number Diff line number Diff line change
Expand Up @@ -1564,9 +1564,9 @@ fi
# have dedicated streaming assembly (AES_GCM_*_RISCV64). (Previously disabled
# here.)

# All wolfCrypt features:
# All wolfCrypt features except quantum-resistant asymmetric:
AC_ARG_ENABLE([all-crypto],
[AS_HELP_STRING([--enable-all-crypto],[Enable all wolfcrypt algorithms (default: disabled)])],
[AS_HELP_STRING([--enable-all-crypto],[Enable all wolfcrypt algorithms except quantum-resistant asymmetric (default: disabled)])],
[ ENABLED_ALL_CRYPT=$enableval ],
[ ENABLED_ALL_CRYPT=no ]
)
Expand Down Expand Up @@ -1620,7 +1620,6 @@ then
test "$enable_md2" = "" && enable_md2=yes
test "$enable_md4" = "" && enable_md4=yes
test "$enable_md5" = "" && enable_md5=yes
test "$enable_anon" = "" && enable_anon=yes
test "$enable_ssh" = "" && test "$enable_hmac" != "no" && enable_ssh=yes
test "$enable_rng_bank" = "" && enable_rng_bank=yes

Expand Down Expand Up @@ -1667,29 +1666,39 @@ then
test "$enable_pkcallbacks" = "" && enable_pkcallbacks=yes
fi

if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -lt 7
then
# Enable DH const table speedups (eliminates `-lm` math lib dependency)
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072"
# "Anonymous suite requires DH."
test "$enable_anon" = "" && enable_anon=yes
fi

if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6
then
test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
test "$enable_aesxts" = "" && enable_aesxts=yes
test "$enable_aesxts_stream" = "" && test "$enable_aesxts" = "yes" && enable_aesxts_stream=yes
test "$enable_shake128" = "" && enable_shake128=yes
test "$enable_shake256" = "" && enable_shake256=yes
test "$enable_cshake" = "" && enable_cshake=yes
test "$enable_kmac" = "" && enable_kmac=yes
test "$enable_compkey" = "" && enable_compkey=yes
# AFALG lacks AES-ECB
test "$enable_srtp_kdf" = "" && test "$enable_afalg" != "yes" && enable_srtp_kdf=yes
fi

if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 7
then
test "$enable_cshake" = "" && enable_cshake=yes
test "$enable_kmac" = "" && enable_kmac=yes
fi

if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -lt 5; then
test "$enable_des3" = "" && enable_des3=yes
test "$enable_des3" != "no" && AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"
fi

AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES"

# Enable DH const table speedups (eliminates `-lm` math lib dependency)
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072"
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096

# Enable all parsing features for ASN */
Expand All @@ -1708,6 +1717,21 @@ then
AM_CFLAGS="$AM_CFLAGS -DWC_KDF_NIST_SP_800_56C"
fi

# All native quantum-resistant asymmetric algorithms:
AC_ARG_ENABLE([all-quantum-crypto],
[AS_HELP_STRING([--enable-all-quantum-crypto],[Enable all quantum-resistant asymmetric algorithms (default: disabled)])],
[ ENABLED_ALL_QUANTUM_CRYPT=$enableval ],
[ ENABLED_ALL_QUANTUM_CRYPT=no ]
)
if test "$ENABLED_ALL_QUANTUM_CRYPT" = "yes"
then
test "$enable_mlkem" = "" && enable_mlkem=yes
test "$enable_mldsa" = "" && enable_mldsa=yes
test "$enable_xmss" = "" && enable_xmss=yes
test "$enable_lms" = "" && enable_lms=yes
test "$enable_slhdsa" = "" && enable_slhdsa='yes,sha2'
fi

# kernel-appropriate settings, also in enable-all-crypto above:
if test "$KERNEL_MODE_DEFAULTS" = "yes" && test "$ENABLED_ALL_CRYPT" != "yes"
then
Expand Down Expand Up @@ -1742,8 +1766,11 @@ then
test "$enable_shake256" = "" && test "$enable_sha3" = "yes" && enable_shake256=yes
test "$enable_compkey" = "" && enable_compkey=yes
fi
# Enable DH const table speedups (eliminates `-lm` math lib dependency)
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072"
if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -lt 7
then
# Enable DH const table speedups (eliminates `-lm` math lib dependency)
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072"
fi
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_EXTRA"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT"
Expand Down Expand Up @@ -6148,13 +6175,21 @@ then
fi


if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -lt 7
then
ENABLED_DH_DEFAULT=yes
else
ENABLED_DH_DEFAULT=no
fi

# DH
AC_ARG_ENABLE([dh],
[AS_HELP_STRING([--enable-dh],[Enable DH (default: enabled). Set to "nonblock" to enable non-blocking DH key agreement via SP small mod_exp_nb])],
[ ENABLED_DH=$enableval ],
[ ENABLED_DH=yes ]
[ ENABLED_DH=$ENABLED_DH_DEFAULT ]
)

# note, this will be forced back off for FIPS v7+ below.
if test "$ENABLED_OPENSSH" = "yes" && test "$ENABLED_DH" = "no"
then
ENABLED_DH="yes"
Expand Down Expand Up @@ -6195,8 +6230,9 @@ AC_ARG_ENABLE([anon],
[ ENABLED_ANON=no ]
)

if test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_NGINX" = "xyes" || \
test "x$ENABLED_HAPROXY" = "xyes" || test "$ENABLED_RSYSLOG" = "yes"
if (test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_NGINX" = "xyes" || \
test "x$ENABLED_HAPROXY" = "xyes" || test "$ENABLED_RSYSLOG" = "yes") && \
(test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -lt 7)
then
ENABLED_ANON=yes
fi
Expand Down Expand Up @@ -6744,12 +6780,7 @@ AS_CASE([$FIPS_VERSION],
-DECC_USER_CURVES \
-DHAVE_ECC384 \
-DHAVE_ECC521 \
-DWOLFSSL_VALIDATE_FFC_IMPORT \
-DHAVE_FFDHE_Q \
-DHAVE_FFDHE_3072 \
-DHAVE_FFDHE_4096 \
-DHAVE_FFDHE_6144 \
-DHAVE_FFDHE_8192"
-DWOLFSSL_VALIDATE_FFC_IMPORT"

# KCAPI API does not support custom k for sign, don't force enable ECC key sizes and don't use seed callback
AS_IF([test "x$ENABLED_KCAPI_ECC" = "xno"],
Expand Down Expand Up @@ -6798,6 +6829,10 @@ AS_CASE([$FIPS_VERSION],
(test "$FIPS_VERSION" != "dev" || test "$enable_rsapss" != "no")],
[ENABLED_RSAPSS="yes"; AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])

AS_IF([test "$ENABLED_DH" != "no" &&
(test "$FIPS_VERSION" != "dev" || test "$enable_dh" != "yes")],
[enable_dh="no"; ENABLED_DH="no"; AM_CFLAGS="$AM_CFLAGS -DNO_DH"])

AS_IF([test "$ENABLED_ECC" != "yes" &&
(test "$FIPS_VERSION" != "dev" || test "$enable_ecc" != "no")],
[ENABLED_ECC="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
Expand Down
7 changes: 4 additions & 3 deletions linuxkm/linuxkm-fips-hash-wrapper.sh
Original file line number Diff line number Diff line change
Expand Up @@ -50,13 +50,14 @@ if [[ ! -v COREKEY ]]; then
LIBWOLFSSL=./libwolfssl-user-build/src/.libs/libwolfssl.so
fi
read -a coreKey_a < <("${READELF-readelf}" --symbols --wide "$LIBWOLFSSL" | grep --max-count=1 -E -e '[[:space:]]coreKey$') || exit $?
if [[ ${#coreKey_a[@]} != 8 || "${coreKey_a[2]}" != "65" ]]; then
if [[ ${#coreKey_a[@]} != 8 || ("${coreKey_a[2]}" != "65" && "${coreKey_a[2]}" != "257") ]]; then
echo "unexpected readelf output: \"${coreKey_a[*]}\" (${#coreKey_a[@]})" >&2
exit 1
fi
corekey_length=$(( ${coreKey_a[2]} - 1))
coreKey_offset=$((0x${coreKey_a[1]}))
COREKEY=$(dd if="$LIBWOLFSSL" bs=64 iflag=skip_bytes,count_bytes skip="$coreKey_offset" count=64 status=none) || exit $?
if [[ "$COREKEY" =~ ^[0-9A-Fa-f]{64}$ ]]; then
COREKEY=$(dd if="$LIBWOLFSSL" bs="$corekey_length" iflag=skip_bytes,count_bytes skip="$coreKey_offset" count="$corekey_length" status=none) || exit $?
if [[ "${#COREKEY}" == "$corekey_length" && "$COREKEY" =~ ^[0-9A-Fa-f]+$ ]]; then
:
else
echo "unexpected value for coreKey \"${COREKEY}\"." >&2
Expand Down
30 changes: 30 additions & 0 deletions linuxkm/lkcapi_aes_glue.c
Original file line number Diff line number Diff line change
Expand Up @@ -1121,6 +1121,16 @@ static int km_AesGcmSetAuthsize_Rfc4106(struct crypto_aead *tfm, unsigned int au

#ifdef WOLFSSL_AESGCM_STREAM

/* Don't incur the FIPS check overhead inside the loop -- the Final() call will
* check and error if the module entered degraded state during the loop.
*/
#if defined(HAVE_FIPS) && !defined(FIPS_NO_WRAPPERS)
#undef wc_AesGcmDecryptUpdate
#undef wc_AesGcmEncryptUpdate
typeof(wc_AesGcmDecryptUpdate_fips) wc_AesGcmDecryptUpdate;
Comment thread
douzzer marked this conversation as resolved.
typeof(wc_AesGcmEncryptUpdate_fips) wc_AesGcmEncryptUpdate;
#endif

static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
{
struct crypto_aead * tfm = NULL;
Expand Down Expand Up @@ -1340,6 +1350,11 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
return err;
}

#if defined(HAVE_FIPS) && !defined(FIPS_NO_WRAPPERS)
#define wc_AesGcmDecryptUpdate wc_AesGcmDecryptUpdate_fips
#define wc_AesGcmEncryptUpdate wc_AesGcmEncryptUpdate_fips
#endif

#else /* !WOLFSSL_AESGCM_STREAM */

static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
Expand Down Expand Up @@ -2205,6 +2220,16 @@ static int km_AesXtsSetKey(struct crypto_skcipher *tfm, const u8 *in_key,

/* see /usr/src/linux/drivers/md/dm-crypt.c */

/* Don't incur the FIPS check overhead inside the loop -- the Final() call will
* check and error if the module entered degraded state during the loop.
*/
#if defined(HAVE_FIPS) && !defined(FIPS_NO_WRAPPERS)
#undef wc_AesXtsDecryptUpdate
#undef wc_AesXtsEncryptUpdate
typeof(wc_AesXtsDecryptUpdate_fips) wc_AesXtsDecryptUpdate;
typeof(wc_AesXtsEncryptUpdate_fips) wc_AesXtsEncryptUpdate;
#endif

static int km_AesXtsEncrypt(struct skcipher_request *req)
{
int err;
Expand Down Expand Up @@ -2507,6 +2532,11 @@ static int km_AesXtsDecrypt(struct skcipher_request *req)
return err;
}

#if defined(HAVE_FIPS) && !defined(FIPS_NO_WRAPPERS)
#define wc_AesXtsDecryptUpdate wc_AesXtsDecryptUpdate_fips
#define wc_AesXtsEncryptUpdate wc_AesXtsEncryptUpdate_fips
#endif

static struct skcipher_alg xtsAesAlg = {
.base.cra_name = WOLFKM_AESXTS_NAME,
.base.cra_driver_name = WOLFKM_AESXTS_DRIVER,
Expand Down
10 changes: 6 additions & 4 deletions src/internal.c
Original file line number Diff line number Diff line change
Expand Up @@ -28447,6 +28447,8 @@ static const char* wolfSSL_ERR_reason_error_string_OpenSSL(unsigned long e)
}
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER || HAVE_MEMCACHED */

wc_static_assert((int)WC_LAST_E <= (int)WOLFSSL_LAST_E);

const char* wolfSSL_ERR_reason_error_string(unsigned long e)
{
#ifdef NO_ERROR_STRINGS
Expand Down Expand Up @@ -42275,8 +42277,8 @@ static int TicketEncDec(byte* key, int keyLen, byte* iv, byte* aad, int aadSz,
* @return MEMORY_E when dynamic memory allocation fails.
* @return Other value when encryption/decryption fails.
*/
static int TicketEncDec(byte* key, int keyLen, byte* iv, byte* aad, int aadSz,
byte* in, int inLen, byte* out, int* outLen, byte* tag,
static int TicketEncDec(const byte* key, int keyLen, const byte* iv, const byte* aad, int aadSz,
const byte* in, int inLen, byte* out, int* outLen, byte* tag,
void* heap, int enc)
{
int ret;
Expand All @@ -42293,7 +42295,7 @@ static int TicketEncDec(byte* key, int keyLen, byte* iv, byte* aad, int aadSz,
ret = wc_AesGcmSetKey(aes, key, keyLen);
}
if (ret == 0) {
ret = wc_AesGcmEncrypt(aes, in, out, inLen, iv, GCM_NONCE_MID_SZ,
ret = wc_AesGcmEncrypt(aes, out, in, inLen, iv, GCM_NONCE_MID_SZ,
tag, WC_AES_BLOCK_SIZE, aad, aadSz);
}
wc_AesFree(aes);
Expand All @@ -42304,7 +42306,7 @@ static int TicketEncDec(byte* key, int keyLen, byte* iv, byte* aad, int aadSz,
ret = wc_AesGcmSetKey(aes, key, keyLen);
}
if (ret == 0) {
ret = wc_AesGcmDecrypt(aes, in, out, inLen, iv, GCM_NONCE_MID_SZ,
ret = wc_AesGcmDecrypt(aes, out, in, inLen, iv, GCM_NONCE_MID_SZ,
tag, WC_AES_BLOCK_SIZE, aad, aadSz);
}
wc_AesFree(aes);
Expand Down
3 changes: 2 additions & 1 deletion tests/api/test_aes.c
Original file line number Diff line number Diff line change
Expand Up @@ -3399,7 +3399,8 @@ int test_wc_AesGcmEncryptDecrypt(void)
* bound on the IV length. */
#if (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \
!defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
!defined(WOLFSSL_AES_GCM_FIXED_IV_AAD) && \
!defined(WC_TEST_AES_GCM_ENCRYPT_NO_NONSTD_IV)
ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV,
sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
0);
Expand Down
8 changes: 8 additions & 0 deletions tests/api/test_ed25519.c
Original file line number Diff line number Diff line change
Expand Up @@ -979,6 +979,7 @@ int test_wc_ed25519_sign_verify_ctx_ph(void)
&verify_ok, &key, ctx, sizeof(ctx)), 0);
ExpectIntEQ(verify_ok, 1);

#if !defined(HAVE_FIPS) || FIPS_VERSION3_GT(6,0,0)
/* Ed25519ph length check true side: wrong-size "hash" input. */
sigLen = sizeof(sig);
ExpectIntEQ(wc_ed25519_sign_msg_ex(hash, sizeof(hash) - 1, sig, &sigLen,
Expand All @@ -988,6 +989,7 @@ int test_wc_ed25519_sign_verify_ctx_ph(void)
ExpectIntEQ(wc_ed25519_verify_msg_ex(sig, sizeof(sig), hash,
sizeof(hash) - 1, &verify_ok, &key, (byte)Ed25519ph, ctx,
sizeof(ctx)), WC_NO_ERR_TRACE(BAD_LENGTH_E));
#endif

/* context==NULL && contextLen!=0 compound: TRUE side, direct low-level
* calls (the ctx/ph wrappers above always pass a real, non-NULL
Expand Down Expand Up @@ -1054,8 +1056,10 @@ int test_wc_ed25519_verify_streaming(void)
/* init: NULL args. */
ExpectIntEQ(wc_ed25519_verify_msg_init(NULL, sigLen, &key, (byte)Ed25519,
NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GT(6,0,0)
ExpectIntEQ(wc_ed25519_verify_msg_init(sig, sigLen, NULL, (byte)Ed25519,
NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
#endif
/* init: sigLen wrong. */
ExpectIntEQ(wc_ed25519_verify_msg_init(sig, sigLen - 1, &key,
(byte)Ed25519, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
Expand All @@ -1069,8 +1073,10 @@ int test_wc_ed25519_verify_streaming(void)
/* update: NULL msgSegment, then NULL key (independent operand). */
ExpectIntEQ(wc_ed25519_verify_msg_update(NULL, 4, &key),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GT(6,0,0)
ExpectIntEQ(wc_ed25519_verify_msg_update(msg, 4, NULL),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
#endif

/* init: context==NULL/contextLen!=0 compound, explicit both-sides
* pairing within this function (type left as plain Ed25519 so the
Expand All @@ -1092,8 +1098,10 @@ int test_wc_ed25519_verify_streaming(void)
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(wc_ed25519_verify_msg_final(sig, sigLen, NULL, &key),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GT(6,0,0)
ExpectIntEQ(wc_ed25519_verify_msg_final(sig, sigLen, &verify_ok, NULL),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
#endif
/* final: sigLen wrong. */
ExpectIntEQ(wc_ed25519_verify_msg_final(sig, sigLen - 1, &verify_ok,
&key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
Expand Down
1 change: 1 addition & 0 deletions wolfcrypt/benchmark/benchmark.c
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/version.h>
#include <wolfssl/wolfcrypt/wc_compat.h>

#ifdef WOLFSSL_LINUXKM
/* remap current_time() -- collides with a function in kernel linux/fs.h */
Expand Down
Loading
Loading