Skip to content

20260512-fips-gating-fixes#10473

Merged
Frauschi merged 1 commit into
wolfSSL:masterfrom
douzzer:20260512-fips-gating-fixes
May 13, 2026
Merged

20260512-fips-gating-fixes#10473
Frauschi merged 1 commit into
wolfSSL:masterfrom
douzzer:20260512-fips-gating-fixes

Conversation

@douzzer
Copy link
Copy Markdown
Contributor

@douzzer douzzer commented May 13, 2026

wolfcrypt/test/test.c:

  • in pbkdf2_test(), pwdbased_test(), and pkcs12_test(), add missing FIPS v7+ gates around stanzas that use wc_PBKDF_max_iterations_set() and wc_PBKDF_max_iterations_get() or depend on erroring for excessive PBKDF iterations (fixes Add upper limit to PBKDF iteration count #10050);

  • in ecc_test_buffers(), omit new corrupt HMAC tag test on FIPS <v6 (fixes 8f2a3f9).

tests/api/test_dtls.c: add FIPS v7+ gate to test_dtls13_frag_ch2_with_ch1_rtx().

wolfssl/wolfcrypt/memory.h: #include "../../linuxkm/linuxkm_memory.h" rather than "linuxkm/linuxkm_memory.h", following pattern in wc_port.h.

tested with

wolfssl-multi-test.sh ...
check-source-text
all-gcc-c99
all-crypto-openssl-extra-coexist-fips-v5-pilot
all-crypto-openssl-extra-coexist-fips-v6
all-crypto-openssl-extra-coexist-fips-dev
all-c89-clang-tidy
all-crypto-only-intelasm-fips-v5-linuxkm-next-insmod-optest
all-crypto-only-intelasm-fips-v6-linuxkm-next-insmod-optest
linuxkm-6.12-cryptonly-intelasm-fips-v6-dyn-hash-LKCAPI-insmod
linuxkm-next-fips-dev-insmod-wolfguard-compkey
linuxkm-fips-v5-vanilla-insmod-wolfguard-cust-kernel-3-compkey
linuxkm-fips-v6-insmod-wolfguard-cust-kernel-3
clang-tidy-all-intelasm
clang-tidy-all-async-quic
linuxkm-6.15-all-cryptonly-quantum-safe-intelasm-LKCAPI-insmod-crypto-fuzzer-kmemleak
linuxkm-6.15-all-cryptonly-quantum-safe-intelasm-LKCAPI-insmod-crypto-fuzzer-ksan

@douzzer
wolfcrypt/test/test.c:
e1c7385 
  * in pbkdf2_test(), pwdbased_test(), and pkcs12_test(), add missing FIPS v7+
    gates around stanzas that use wc_PBKDF_max_iterations_set() and
    wc_PBKDF_max_iterations_get() or depend on erroring for excessive PBKDF
    iterations (fixes wolfSSL#10050);

  * in ecc_test_buffers(), omit new corrupt HMAC tag test on FIPS <v6 (fixes
    8f2a3f9).

tests/api/test_dtls.c: add FIPS v7+ gate to test_dtls13_frag_ch2_with_ch1_rtx().

wolfssl/wolfcrypt/memory.h: #include "../../linuxkm/linuxkm_memory.h" rather than "linuxkm/linuxkm_memory.h", following pattern in wc_port.h.
wolfSSL-Fenrir-bot
wolfSSL-Fenrir-bot reviewed May 13, 2026
View reviewed changes
Copy link
Copy Markdown

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10473

No scan targets match the changed files in this PR. Review skipped.

@douzzer
Copy link
Copy Markdown
Contributor Author

douzzer commented May 13, 2026

retest this please
(unrelated failure in FIPS testing-140-2-head)

@douzzer
Copy link
Copy Markdown
Contributor Author

douzzer commented May 13, 2026

Note Arduino test failures are unrelated to this PR

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 13, 2026

MemBrowse Memory Report

No memory changes detected for:

@Frauschi Frauschi merged commit 12070eb into wolfSSL:master May 13, 2026
521 of 545 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left review comments

@Frauschi Frauschi Frauschi approved these changes

@wolfSSL-Bot wolfSSL-Bot Awaiting requested review from wolfSSL-Bot

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@douzzer @Frauschi @wolfSSL-Fenrir-bot @wolfSSL-Bot