/* PARSE_ERROR is an enum entry in wolfSSL - not used in this plugin */
#define PARSE_ERROR WOLFSSL_PARSE_ERROR
-/* Remap unused enums from the OpenSSL compatibility layer to avoid conflicts */
-#define ASN1_BOOLEAN REMAP_ASN1_BOOLEAN
-#define ASN1_OID REMAP_ASN1_OID
-#define ASN1_INTEGER REMAP_ASN1_INTEGER
-#define ASN1_BIT_STRING REMAP_ASN1_BIT_STRING
-#define ASN1_IA5STRING REMAP_ASN1_IA5STRING
-#define ASN1_OCTET_STRING REMAP_ASN1_OCTET_STRING
-#define ASN1_UTCTIME REMAP_ASN1_UTCTIME
-#define ASN1_GENERALIZEDTIME REMAP_ASN1_GENERALIZEDTIME
-
#ifndef WOLFSSL_USER_SETTINGS
#include <wolfssl/options.h>
#endif
-#include <wolfssl/ssl.h>
+
+/* Disable inclusion of the wolfSSL OpenSSL compatibility layer header (if
+ * configured) as it is not used by the plugin and causes conflicts */
+#define WOLFSSL_OPENSSL_H_
+
+#if defined(HAVE_FIPS) && \
+ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
+ #include <wolfssl/wolfcrypt/fips_test.h>
+#endif
/* Special type used to handle EdDSA keys depending on config options */
#if defined(HAVE_ED25519) || defined(HAVE_ED448)
#undef PARSE_ERROR
-#undef ASN1_BOOLEAN
-#undef ASN1_OID
-#undef ASN1_INTEGER
-#undef ASN1_BIT_STRING
-#undef ASN1_IA5STRING
-#undef ASN1_OCTET_STRING
-#undef ASN1_UTCTIME
-#undef ASN1_GENERALIZEDTIME
-
/* Eliminate macro conflicts */
#undef RNG
#include <utils/debug.h>
+#if defined(ECC_TIMING_RESISTANT) && \
+ (!defined(HAVE_FIPS) || \
+ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)))
+ #define USE_RNG_FOR_TIMING_RESISTANCE
+#endif
+
typedef struct private_wolfssl_ec_diffie_hellman_t private_wolfssl_ec_diffie_hellman_t;
/**
static bool compute_shared_key(private_wolfssl_ec_diffie_hellman_t *this)
{
word32 len;
-#ifdef ECC_TIMING_RESISTANT
+#ifdef USE_RNG_FOR_TIMING_RESISTANCE
WC_RNG rng;
if (wc_InitRng(&rng) != 0)
{
return FALSE;
}
+
if (wc_ecc_set_rng(&this->key, &rng) != 0)
{
wc_FreeRng(&rng);
{
DBG1(DBG_LIB, "ECDH shared secret computation failed");
chunk_clear(&this->shared_secret);
-#ifdef ECC_TIMING_RESISTANT
+#ifdef USE_RNG_FOR_TIMING_RESISTANCE
wc_FreeRng(&rng);
#endif
return FALSE;
}
this->shared_secret.len = len;
-#ifdef ECC_TIMING_RESISTANT
+#ifdef USE_RNG_FOR_TIMING_RESISTANCE
wc_FreeRng(&rng);
#endif
return TRUE;
* THE SOFTWARE.
*/
+#include "wolfssl_common.h"
+
#include <library.h>
#include <utils/debug.h>
-#include "wolfssl_common.h"
#include "wolfssl_plugin.h"
#include "wolfssl_aead.h"
#include "wolfssl_crypter.h"
#include "wolfssl_x_diffie_hellman.h"
#include "wolfssl_xof.h"
+#include <wolfssl/ssl.h>
+
#ifndef FIPS_MODE
#define FIPS_MODE 0
#endif
projects / thirdparty / strongswan.git / commitdiff
