Cleanup the gating for WOLFSSL_NO_AES_CFB_1_8.

wolfcrypt/src/evp.c

@@ -157,6 +157,7 @@ static const struct s_ent {
               (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */
 
     #ifdef WOLFSSL_AES_CFB
+    #ifndef WOLFSSL_NO_AES_CFB_1_8
     #ifdef WOLFSSL_AES_128
         static const char EVP_AES_128_CFB1[] = "AES-128-CFB1";
     #endif
@@ -176,6 +177,7 @@ static const struct s_ent {
     #ifdef WOLFSSL_AES_256
         static const char EVP_AES_256_CFB8[] = "AES-256-CFB8";
     #endif
+    #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
 
     #ifdef WOLFSSL_AES_128
         static const char EVP_AES_128_CFB128[] = "AES-128-CFB128";
@@ -639,7 +641,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
             break;
     #endif
     #if defined(WOLFSSL_AES_CFB)
-    #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
+    #if !defined(WOLFSSL_NO_AES_CFB_1_8)
         case WC_AES_128_CFB1_TYPE:
         case WC_AES_192_CFB1_TYPE:
         case WC_AES_256_CFB1_TYPE:
@@ -659,7 +661,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
             else
                 ret = wc_AesCfb8Decrypt(&ctx->cipher.aes, out, in, inl);
             break;
-    #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
+    #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
 
         case WC_AES_128_CFB128_TYPE:
         case WC_AES_192_CFB128_TYPE:
@@ -1942,6 +1944,7 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher)
     #endif
 #endif /* WOLFSSL_AES_XTS */
 #if defined(WOLFSSL_AES_CFB)
+#ifndef WOLFSSL_NO_AES_CFB_1_8
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB1))
         return WC_AES_128_CFB1_TYPE;
@@ -1966,6 +1969,7 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher)
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB8))
         return WC_AES_256_CFB8_TYPE;
     #endif
+#endif /* !WOLFSSL_NO_AES_CFB_1_8 */
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB128))
         return WC_AES_128_CFB128_TYPE;
@@ -4966,6 +4970,7 @@ static const struct cipher{
     #endif
 
     #ifdef WOLFSSL_AES_CFB
+    #ifndef WOLFSSL_NO_AES_CFB_1_8
     #ifdef WOLFSSL_AES_128
     {WC_AES_128_CFB1_TYPE, EVP_AES_128_CFB1, WC_NID_aes_128_cfb1},
     #endif
@@ -4985,6 +4990,7 @@ static const struct cipher{
     #ifdef WOLFSSL_AES_256
     {WC_AES_256_CFB8_TYPE, EVP_AES_256_CFB8, WC_NID_aes_256_cfb8},
     #endif
+    #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
 
     #ifdef WOLFSSL_AES_128
     {WC_AES_128_CFB128_TYPE, EVP_AES_128_CFB128, WC_NID_aes_128_cfb128},
@@ -4995,7 +5001,7 @@ static const struct cipher{
     #ifdef WOLFSSL_AES_256
     {WC_AES_256_CFB128_TYPE, EVP_AES_256_CFB128, WC_NID_aes_256_cfb128},
     #endif
-    #endif
+    #endif /* WOLFSSL_AES_CFB */
 
     #ifdef WOLFSSL_AES_OFB
     #ifdef WOLFSSL_AES_128
@@ -5622,7 +5628,7 @@ void wolfSSL_EVP_init(void)
     #endif /* HAVE_AES_CBC */
 
     #ifdef WOLFSSL_AES_CFB
-#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0))
+    #ifndef WOLFSSL_NO_AES_CFB_1_8
     #ifdef WOLFSSL_AES_128
     const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb1(void)
     {
@@ -5670,7 +5676,7 @@ void wolfSSL_EVP_init(void)
         return EVP_AES_256_CFB8;
     }
     #endif /* WOLFSSL_AES_256 */
-#endif /* !HAVE_SELFTEST && !HAVE_FIPS */
+    #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
 
     #ifdef WOLFSSL_AES_128
     const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb128(void)
@@ -7249,6 +7255,7 @@ void wolfSSL_EVP_init(void)
         #endif /* WOLFSSL_AES_256 */
     #endif /* HAVE_AES_ECB */
     #ifdef WOLFSSL_AES_CFB
+    #ifndef WOLFSSL_NO_AES_CFB_1_8
         #ifdef WOLFSSL_AES_128
         if (ctx->cipherType == WC_AES_128_CFB1_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB1))) {
@@ -7431,6 +7438,7 @@ void wolfSSL_EVP_init(void)
             }
         }
         #endif /* WOLFSSL_AES_256 */
+        #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
         #ifdef WOLFSSL_AES_128
         if (ctx->cipherType == WC_AES_128_CFB128_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB128))) {
@@ -8317,7 +8325,7 @@ void wolfSSL_EVP_init(void)
 #endif /* HAVE_AES_CBC */
 
 #ifdef WOLFSSL_AES_CFB
-#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
+#if !defined(WOLFSSL_NO_AES_CFB_1_8)
             case WC_AES_128_CFB1_TYPE:
             case WC_AES_192_CFB1_TYPE:
             case WC_AES_256_CFB1_TYPE:
@@ -8340,7 +8348,7 @@ void wolfSSL_EVP_init(void)
                 if (ret == 0)
                     ret = (int)len;
                 break;
-#endif /* !HAVE_SELFTEST && !HAVE_FIPS */
+#endif /* !WOLFSSL_NO_AES_CFB_1_8 */
             case WC_AES_128_CFB128_TYPE:
             case WC_AES_192_CFB128_TYPE:
             case WC_AES_256_CFB128_TYPE:

wolfcrypt/test/test.c

@@ -9926,9 +9926,7 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
         return ret;
     }
 
-#if !defined(HAVE_SELFTEST) && \
-    (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)) && \
-    !defined(WOLFSSL_NO_AES_CFB_1_8)
+#if !defined(WOLFSSL_NO_AES_CFB_1_8)
     static wc_test_ret_t aescfb1_test(void)
     {
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -10095,7 +10093,7 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    #ifndef WOLFCRYPT_ONLY
+    #if !defined(WOLFCRYPT_ONLY) && !defined(HAVE_FIPS)
         ret = EVP_test(wolfSSL_EVP_aes_128_cfb1(), key1, iv, msg1, sizeof(msg1),
                 cipher, sizeof(msg1));
         if (ret != 0) {
@@ -10128,7 +10126,7 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        #ifndef WOLFCRYPT_ONLY
+        #if !defined(WOLFCRYPT_ONLY) && !defined(HAVE_FIPS)
         ret = EVP_test(wolfSSL_EVP_aes_192_cfb1(), key2, iv2, msg2, sizeof(msg2),
                 cipher, sizeof(msg2));
         if (ret != 0) {
@@ -10162,7 +10160,7 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        #ifndef WOLFCRYPT_ONLY
+        #if !defined(WOLFCRYPT_ONLY) && !defined(HAVE_FIPS)
         ret = EVP_test(wolfSSL_EVP_aes_256_cfb1(), key3, iv3, msg3, sizeof(msg3),
                 cipher, sizeof(msg3));
         if (ret != 0) {
@@ -10306,7 +10304,8 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
 
 #ifdef WOLFSSL_AES_128
         /* 128 key tests */
-    #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
+    #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \
+        !defined(HAVE_FIPS)
         ret = EVP_test(wolfSSL_EVP_aes_128_cfb8(), key1, iv, msg1, sizeof(msg1),
                 cipher1, sizeof(cipher1));
         if (ret != 0) {
@@ -10352,7 +10351,8 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         if (XMEMCMP(cipher, cipher2, sizeof(msg2)) != 0)
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
+#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \
+        !defined(HAVE_FIPS)
         ret = EVP_test(wolfSSL_EVP_aes_192_cfb8(), key2, iv2, msg2, sizeof(msg2),
                 cipher2, sizeof(msg2));
         if (ret != 0) {
@@ -10375,7 +10375,8 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
         if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0)
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
+    #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \
+        !defined(HAVE_FIPS)
         ret = EVP_test(wolfSSL_EVP_aes_256_cfb8(), key3, iv3, msg3, sizeof(msg3),
                 cipher3, sizeof(msg3));
         if (ret != 0) {
@@ -10401,7 +10402,7 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
 
         return ret;
     }
-#endif /* !HAVE_SELFTEST && !HAVE_FIPS && !WOLFSSL_NO_AES_CFB_1_8 */
+#endif /* !WOLFSSL_NO_AES_CFB_1_8 */
 #endif /* WOLFSSL_AES_CFB */
 
 #ifndef HAVE_RENESAS_SYNC
@@ -14271,9 +14272,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cfb_test(void)
     ret = aescfb_test_0();
     if (ret != 0)
         return ret;
-#if !defined(HAVE_SELFTEST) && \
-    (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)) && \
-    !defined(WOLFSSL_NO_AES_CFB_1_8)
+#if !defined(WOLFSSL_NO_AES_CFB_1_8)
     ret = aescfb1_test();
     if (ret != 0)
         return ret;

wolfssl/wolfcrypt/settings.h

@@ -3076,6 +3076,13 @@ extern void uITRON4_free(void *p) ;
     #endif
 #endif /* HAVE_ED448 */
 
+/* FIPS does not support CFB1 or CFB8 */
+#if !defined(WOLFSSL_NO_AES_CFB_1_8) && \
+    (defined(HAVE_SELFTEST) || \
+        (defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)))
+    #define WOLFSSL_NO_AES_CFB_1_8
+#endif
+
 /* AES Config */
 #ifndef NO_AES
     /* By default enable all AES key sizes, decryption and CBC */