Allow the X9.146 examples to build against fips-ready.

Author: anhu

X9.146/README.md

@@ -65,7 +65,7 @@ the call to `DoTls13Certificate()`, please search for the following messages to
 confirm that the alternative signature was verified:
 
 ```
-Alternative signature has been verified!
+Alt signature has been verified!
 Verified Peer's cert
 ```
 

X9.146/gen_dual_keysig_cert.c

@@ -50,6 +50,22 @@
 #define SUBJECT_EMAIL "server@YourDomain.com"
 #endif
 
+#ifdef HAVE_FIPS
+    #include <wolfssl/wolfcrypt/fips_test.h>
+
+    static void myFipsCb(int ok, int err, const char* hash)
+    {
+        printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
+        printf("message = %s\n", wc_GetErrorString(err));
+        printf("hash = %s\n", hash);
+
+        if (err == IN_CORE_FIPS_E) {
+            printf("In core integrity hash check failure, copy above hash\n");
+            printf("into verifyCore[] in fips_test.c and rebuild\n");
+        }
+    }
+#endif
+
 static int do_certgen(int argc, char** argv)
 {
     int ret = 0;
@@ -111,6 +127,18 @@ static int do_certgen(int argc, char** argv)
     wolfSSL_Debugging_ON();
 #endif
 
+#ifdef WC_RNG_SEED_CB
+ wc_SetSeed_Cb(wc_GenerateSeed);
+#endif
+
+#if defined(HAVE_FIPS)
+    wolfCrypt_SetCb_fips(myFipsCb);
+    #if FIPS_VERSION3_GE(6,0,0)
+        printf("FIPS module version in use: %s\n",
+               wolfCrypt_GetVersion_fips());
+    #endif
+#endif
+
     ret = wc_InitRng(&rng);
     if (ret != 0) goto exit;
     initRng = 1;

X9.146/gen_ecdsa_falcon_dual_keysig_cert.c

@@ -74,6 +74,22 @@ int readFileIntoBuffer(char *fname, byte *buf, int *sz)
     return ret;
 }
 
+#ifdef HAVE_FIPS
+    #include <wolfssl/wolfcrypt/fips_test.h>
+
+    static void myFipsCb(int ok, int err, const char* hash)
+    {
+        printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
+        printf("message = %s\n", wc_GetErrorString(err));
+        printf("hash = %s\n", hash);
+
+        if (err == IN_CORE_FIPS_E) {
+            printf("In core integrity hash check failure, copy above hash\n");
+            printf("into verifyCore[] in fips_test.c and rebuild\n");
+        }
+    }
+#endif
+
 static int do_certgen(int argc, char** argv)
 {
     int ret = 0;
@@ -141,6 +157,18 @@ static int do_certgen(int argc, char** argv)
     wolfSSL_Debugging_ON();
 #endif
 
+#ifdef WC_RNG_SEED_CB
+ wc_SetSeed_Cb(wc_GenerateSeed);
+#endif
+
+#if defined(HAVE_FIPS)
+    wolfCrypt_SetCb_fips(myFipsCb);
+    #if FIPS_VERSION3_GE(6,0,0)
+        printf("FIPS module version in use: %s\n",
+               wolfCrypt_GetVersion_fips());
+    #endif
+#endif
+
     if (argc != 2)
         usage(argv[0]);
 

X9.146/gen_ecdsa_mldsa_dual_keysig_cert.c

@@ -74,6 +74,22 @@ int readFileIntoBuffer(char *fname, byte *buf, int *sz)
     return ret;
 }
 
+#ifdef HAVE_FIPS
+    #include <wolfssl/wolfcrypt/fips_test.h>
+
+    static void myFipsCb(int ok, int err, const char* hash)
+    {
+        printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
+        printf("message = %s\n", wc_GetErrorString(err));
+        printf("hash = %s\n", hash);
+
+        if (err == IN_CORE_FIPS_E) {
+            printf("In core integrity hash check failure, copy above hash\n");
+            printf("into verifyCore[] in fips_test.c and rebuild\n");
+        }
+    }
+#endif
+
 static int do_certgen(int argc, char** argv)
 {
     int ret = 0;
@@ -144,6 +160,18 @@ static int do_certgen(int argc, char** argv)
     wolfSSL_Debugging_ON();
 #endif
 
+#ifdef WC_RNG_SEED_CB
+ wc_SetSeed_Cb(wc_GenerateSeed);
+#endif
+
+#if defined(HAVE_FIPS)
+    wolfCrypt_SetCb_fips(myFipsCb);
+    #if FIPS_VERSION3_GE(6,0,0)
+        printf("FIPS module version in use: %s\n",
+               wolfCrypt_GetVersion_fips());
+    #endif
+#endif
+
     if (argc != 2)
         usage(argv[0]);
 

X9.146/gen_rsa_falcon_dual_keysig_cert.c

@@ -67,6 +67,22 @@ int readFileIntoBuffer(char *fname, byte *buf, int *sz)
     return ret;
 }
 
+#ifdef HAVE_FIPS
+    #include <wolfssl/wolfcrypt/fips_test.h>
+
+    static void myFipsCb(int ok, int err, const char* hash)
+    {
+        printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
+        printf("message = %s\n", wc_GetErrorString(err));
+        printf("hash = %s\n", hash);
+
+        if (err == IN_CORE_FIPS_E) {
+            printf("In core integrity hash check failure, copy above hash\n");
+            printf("into verifyCore[] in fips_test.c and rebuild\n");
+        }
+    }
+#endif
+
 static int do_certgen(int argc, char** argv)
 {
     int ret = 0;
@@ -128,6 +144,18 @@ static int do_certgen(int argc, char** argv)
     wolfSSL_Debugging_ON();
 #endif
 
+#ifdef WC_RNG_SEED_CB
+ wc_SetSeed_Cb(wc_GenerateSeed);
+#endif
+
+#if defined(HAVE_FIPS)
+    wolfCrypt_SetCb_fips(myFipsCb);
+    #if FIPS_VERSION3_GE(6,0,0)
+        printf("FIPS module version in use: %s\n",
+               wolfCrypt_GetVersion_fips());
+    #endif
+#endif
+
     ret = wc_InitRng(&rng);
     if (ret != 0) goto exit;
     initRng = 1;

X9.146/gen_rsa_mldsa_dual_keysig_cert.c

@@ -67,6 +67,22 @@ int readFileIntoBuffer(char *fname, byte *buf, int *sz)
     return ret;
 }
 
+#ifdef HAVE_FIPS
+    #include <wolfssl/wolfcrypt/fips_test.h>
+
+    static void myFipsCb(int ok, int err, const char* hash)
+    {
+        printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
+        printf("message = %s\n", wc_GetErrorString(err));
+        printf("hash = %s\n", hash);
+
+        if (err == IN_CORE_FIPS_E) {
+            printf("In core integrity hash check failure, copy above hash\n");
+            printf("into verifyCore[] in fips_test.c and rebuild\n");
+        }
+    }
+#endif
+
 static int do_certgen(int argc, char** argv)
 {
     int ret = 0;
@@ -128,6 +144,18 @@ static int do_certgen(int argc, char** argv)
     wolfSSL_Debugging_ON();
 #endif
 
+#ifdef WC_RNG_SEED_CB
+ wc_SetSeed_Cb(wc_GenerateSeed);
+#endif
+
+#if defined(HAVE_FIPS)
+    wolfCrypt_SetCb_fips(myFipsCb);
+    #if FIPS_VERSION3_GE(6,0,0)
+        printf("FIPS module version in use: %s\n",
+               wolfCrypt_GetVersion_fips());
+    #endif
+#endif
+
     ret = wc_InitRng(&rng);
     if (ret != 0) goto exit;
     initRng = 1;