From 7b57ef4912822233766d30152274dd2c04b49394 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 17 Dec 2024 12:21:47 -0600 Subject: [PATCH 1/2] configure.ac: fix faulty logic in FIPS v6 feature calculation re ENABLED_ARMASM_CRYPTO, originally added in 6e0a90190f. --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index c780ad028b..a988f3abf3 100644 --- a/configure.ac +++ b/configure.ac @@ -5482,7 +5482,7 @@ AS_CASE([$FIPS_VERSION], # for armasm on arm-v7 or earlier (see armasm setup above). AS_IF([test "$ENABLED_AESGCM_STREAM" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm_stream" != "no") && - ! (test "$ENABLED_ARMASM" = "yes" && test "$ENABLED_ARMASM_CRYPTO" = "no")], + (test "$ENABLED_ARMASM" = "no" || test "$ENABLED_ARMASM_CRYPTO" = "no")], [ENABLED_AESGCM_STREAM="yes"]) AS_IF([test "x$ENABLED_AESOFB" = "xno" && @@ -5501,7 +5501,7 @@ AS_CASE([$FIPS_VERSION], AS_IF([test "x$ENABLED_AESXTS_STREAM" = "xno" && (test "$FIPS_VERSION" != "dev" || test "$enable_aesxts_stream" != "no") && - ! (test "$ENABLED_ARMASM" = "yes" || test "$ENABLED_ARMASM_CRYPTO" = "no")], + (test "$ENABLED_ARMASM" = "no" || test "$ENABLED_ARMASM_CRYPTO" = "no")], [ENABLED_AESXTS_STREAM="yes"]) AS_IF([(test "$ENABLED_AESCCM" = "yes" && test "$HAVE_AESCCM_PORT" != "yes") || From f23a2f2f485a50097fa567aa33c5058c8c735e8f Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 17 Dec 2024 14:17:52 -0600 Subject: [PATCH 2/2] wolfcrypt/src/aes.c: add missing WOLFSSL_ARMASM gate clause around wolfCrypt_FIPS_aes_ro_sanity, necessitated by 514a92d6ee/#8293. --- wolfcrypt/src/aes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 3fa6b07126..154416dde5 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -124,7 +124,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #pragma warning(disable: 4127) #endif -#if FIPS_VERSION3_GE(6,0,0) +#if !defined(WOLFSSL_ARMASM) && FIPS_VERSION3_GE(6,0,0) const unsigned int wolfCrypt_FIPS_aes_ro_sanity[2] = { 0x1a2b3c4d, 0x00000002 }; int wolfCrypt_FIPS_AES_sanity(void)