Remove FIPS-check for v1

Andras Fekete · Andras Fekete · commit a0668bd9aba7 · 2023-08-01T15:46:40.000-04:00
diff --git a/fips-check.sh b/fips-check.sh
@@ -18,19 +18,8 @@
 
 Usage() {
     cat <<usageText
-Usage: $0 [flavor [keep]]
+Usage: $0 flavor [keep]
 Flavor is one of:
-    linux (default)
-    ios
-    android
-    windows
-    freertos
-    openrtos-3.9.2
-    linux-ecc
-    netbsd-selftest
-    marvell-linux-selftest
-    sgx
-    netos-7.6
     linuxv2 (FIPSv2, use for Win10)
     stm32l4-v2 (FIPSv2, use for STM32L4)
     wolfrand
@@ -47,55 +36,6 @@ usageText
 
 MAKE='make'
 
-LINUX_FIPS_VERSION=v3.2.6
-LINUX_FIPS_REPO=git@github.com:wolfSSL/fips.git
-LINUX_CRYPT_VERSION=v3.2.6
-LINUX_CRYPT_REPO=git@github.com:cyassl/cyassl.git
-
-LINUX_ECC_FIPS_VERSION=v3.10.3
-LINUX_ECC_FIPS_REPO=git@github.com:wolfSSL/fips.git
-LINUX_ECC_CRYPT_VERSION=v3.2.6
-LINUX_ECC_CRYPT_REPO=git@github.com:cyassl/cyassl.git
-
-IOS_FIPS_VERSION=v3.4.8a
-IOS_FIPS_REPO=git@github.com:wolfSSL/fips.git
-IOS_CRYPT_VERSION=v3.4.8.fips
-IOS_CRYPT_REPO=git@github.com:cyassl/cyassl.git
-
-ANDROID_FIPS_VERSION=v3.5.0
-ANDROID_FIPS_REPO=git@github.com:wolfSSL/fips.git
-ANDROID_CRYPT_VERSION=v3.5.0
-ANDROID_CRYPT_REPO=git@github.com:cyassl/cyassl.git
-
-WINDOWS_FIPS_VERSION=v3.6.6
-WINDOWS_FIPS_REPO=git@github.com:wolfSSL/fips.git
-WINDOWS_CRYPT_VERSION=v3.6.6
-WINDOWS_CRYPT_REPO=git@github.com:cyassl/cyassl.git
-
-FREERTOS_FIPS_VERSION=v3.6.1-FreeRTOS
-FREERTOS_FIPS_REPO=git@github.com:wolfSSL/fips.git
-FREERTOS_CRYPT_VERSION=v3.6.1
-FREERTOS_CRYPT_REPO=git@github.com:cyassl/cyassl.git
-
-OPENRTOS_3_9_2_FIPS_VERSION=v3.9.2-OpenRTOS
-OPENRTOS_3_9_2_FIPS_REPO=git@github.com:wolfSSL/fips.git
-OPENRTOS_3_9_2_CRYPT_VERSION=v3.6.1
-OPENRTOS_3_9_2_CRYPT_REPO=git@github.com:cyassl/cyassl.git
-
-#NOTE: Does not include the SGX examples yet, update version once fipsv2 is
-#      finished and merge conflicts can be resolved. This will be tagged as
-#      v3.12.4.sgx-examples
-#SGX_FIPS_VERSION=v3.12.4.sgx-examples
-SGX_FIPS_VERSION=v3.6.6
-SGX_FIPS_REPO=git@github.com:wolfSSL/fips.git
-SGX_CRYPT_VERSION=v3.12.4
-SGX_CRYPT_REPO=git@github.com:cyassl/cyassl.git
-
-NETOS_7_6_FIPS_VERSION=v3.12.6
-NETOS_7_6_FIPS_REPO=git@github.com:wolfSSL/fips.git
-NETOS_7_6_CRYPT_VERSION=v3.12.4
-NETOS_7_6_CRYPT_REPO=git@github.com:cyassl/cyassl.git
-
 # non-FIPS, CAVP only but pull in selftest
 # will reset above variables below in flavor switch
 NETBSD_FIPS_VERSION=v3.14.2b
@@ -117,61 +57,18 @@ STM32L4_V2_CRYPT_VERSION=WCv4.0.1-stable
 FIPS_SRCS=( fips.c fips_test.c )
 WC_MODS=( aes des3 sha sha256 sha512 rsa hmac random aes_asm )
 TEST_DIR=XXX-fips-test
-CRYPT_INC_PATH=cyassl/ctaocrypt
-CRYPT_SRC_PATH=ctaocrypt/src
+CRYPT_INC_PATH=undef
+CRYPT_SRC_PATH=undef
 RNG_VERSION=v3.6.0
-FIPS_OPTION=v1
+FIPS_OPTION=undef
 CAVP_SELFTEST_ONLY="no"
 GIT="git -c advice.detachedHead=false"
 
-if [ "$1" == "" ]; then FLAVOR="linux"; else FLAVOR="$1"; fi
+if [ "$1" == "" ]; then FLAVOR="undef"; else FLAVOR="$1"; fi
 
 if [ "$2" == "keep" ]; then KEEP="yes"; else KEEP="no"; fi
 
 case "$FLAVOR" in
-ios)
-  FIPS_VERSION=$IOS_FIPS_VERSION
-  FIPS_REPO=$IOS_FIPS_REPO
-  CRYPT_VERSION=$IOS_CRYPT_VERSION
-  CRYPT_REPO=$IOS_CRYPT_REPO
-  ;;
-android)
-  FIPS_VERSION=$ANDROID_FIPS_VERSION
-  FIPS_REPO=$ANDROID_FIPS_REPO
-  CRYPT_VERSION=$ANDROID_CRYPT_VERSION
-  CRYPT_REPO=$ANDROID_CRYPT_REPO
-  ;;
-windows)
-  FIPS_VERSION=$WINDOWS_FIPS_VERSION
-  FIPS_REPO=$WINDOWS_FIPS_REPO
-  CRYPT_VERSION=$WINDOWS_CRYPT_VERSION
-  CRYPT_REPO=$WINDOWS_CRYPT_REPO
-  ;;
-freertos)
-  FIPS_VERSION=$FREERTOS_FIPS_VERSION
-  FIPS_REPO=$FREERTOS_FIPS_REPO
-  CRYPT_VERSION=$FREERTOS_CRYPT_VERSION
-  CRYPT_REPO=$FREERTOS_CRYPT_REPO
-  ;;
-openrtos-3.9.2)
-  FIPS_VERSION=$OPENRTOS_3_9_2_FIPS_VERSION
-  FIPS_REPO=$OPENRTOS_3_9_2_FIPS_REPO
-  CRYPT_VERSION=$OPENRTOS_3_9_2_CRYPT_VERSION
-  CRYPT_REPO=$OPENRTOS_3_9_2_CRYPT_REPO
-  FIPS_CONFLICTS=( aes hmac random sha256 )
-  ;;
-linux)
-  FIPS_VERSION=$LINUX_FIPS_VERSION
-  FIPS_REPO=$LINUX_FIPS_REPO
-  CRYPT_VERSION=$LINUX_CRYPT_VERSION
-  CRYPT_REPO=$LINUX_CRYPT_REPO
-  ;;
-linux-ecc)
-  FIPS_VERSION=$LINUX_ECC_FIPS_VERSION
-  FIPS_REPO=$LINUX_ECC_FIPS_REPO
-  CRYPT_VERSION=$LINUX_ECC_CRYPT_VERSION
-  CRYPT_REPO=$LINUX_ECC_CRYPT_REPO
-  ;;
 linuxv2 | fipsv2-OE-ready)
   FIPS_VERSION=WCv4-stable
   FIPS_REPO=git@github.com:wolfssl/fips.git
@@ -184,42 +81,6 @@ linuxv2 | fipsv2-OE-ready)
   FIPS_INCS=( fips.h )
   FIPS_OPTION=v2
   ;;
-netbsd-selftest)
-  FIPS_VERSION=$NETBSD_FIPS_VERSION
-  FIPS_REPO=$NETBSD_FIPS_REPO
-  CRYPT_VERSION=$NETBSD_CRYPT_VERSION
-  CRYPT_REPO=$NETBSD_CRYPT_REPO
-  FIPS_SRCS=( selftest.c )
-  WC_MODS=( dh ecc rsa dsa aes sha sha256 sha512 hmac random )
-  CRYPT_INC_PATH=wolfssl/wolfcrypt
-  CRYPT_SRC_PATH=wolfcrypt/src
-  CAVP_SELFTEST_ONLY="yes"
-  ;;
-marvell-linux-selftest)
-  FIPS_VERSION=$MARVELL_LINUX_FIPS_VERSION
-  FIPS_REPO=$MARVELL_LINUX_FIPS_REPO
-  CRYPT_VERSION=$MARVELL_LINUX_CRYPT_VERSION
-  CRYPT_REPO=$MARVELL_LINUX_CRYPT_REPO
-  FIPS_SRCS=( selftest.c )
-  WC_MODS=( dh ecc rsa dsa aes sha sha256 sha512 hmac random )
-  CRYPT_INC_PATH=wolfssl/wolfcrypt
-  CRYPT_SRC_PATH=wolfcrypt/src
-  CAVP_SELFTEST_ONLY="yes"
-  CAVP_SELFTEST_OPTION=v2
-  ;;
-sgx)
-  FIPS_VERSION=$SGX_FIPS_VERSION
-  FIPS_REPO=$SGX_FIPS_REPO
-  CRYPT_VERSION=$SGX_CRYPT_VERSION
-  CRYPT_REPO=$SGX_CRYPT_REPO
-  ;;
-netos-7.6)
-  FIPS_VERSION=$NETOS_7_6_FIPS_VERSION
-  FIPS_REPO=$NETOS_7_6_FIPS_REPO
-  CRYPT_VERSION=$NETOS_7_6_CRYPT_VERSION
-  CRYPT_REPO=$NETOS_7_6_CRYPT_REPO
-  ;;
-
 linuxv5)
   FIPS_REPO="git@github.com:wolfSSL/fips.git"
   FIPS_VERSION="WCv5.0-RC12"
@@ -316,34 +177,6 @@ case "$FIPS_OPTION" in
     echo "Don't need to copy in tagged wolfCrypt files for FIPS Ready."
     ;;
 
-v1)
-    # make a clone of the last FIPS release tag
-    if ! $GIT clone --depth 1 -b "$CRYPT_VERSION" "$CRYPT_REPO" old-tree; then
-        echo "fips-check: Couldn't checkout the FIPS release."
-        exit 1
-    fi
-
-    for MOD in "${WC_MODS[@]}"
-    do
-        cp "old-tree/$CRYPT_SRC_PATH/${MOD}.c" "$CRYPT_SRC_PATH"
-        cp "old-tree/$CRYPT_INC_PATH/${MOD}.h" "$CRYPT_INC_PATH"
-    done
-
-    # We are using random.c from a separate release.
-    # This is forcefully overwriting any other checkout of the cyassl sources.
-    # Removing this as default behavior for SGX and netos projects.
-    if [ "$CAVP_SELFTEST_ONLY" == "no" ] && [ "$FLAVOR" != "sgx" ] && \
-       [ "$FLAVOR" != "netos-7.6" ];
-    then
-        pushd old-tree || exit 2
-        $GIT fetch origin "$RNG_VERSION" || exit $?
-        $GIT checkout FETCH_HEAD || exit $?
-        popd || exit 2
-        cp "old-tree/$CRYPT_SRC_PATH/random.c" "$CRYPT_SRC_PATH"
-        cp "old-tree/$CRYPT_INC_PATH/random.h" "$CRYPT_INC_PATH"
-    fi
-    ;;
-
 v2|rand|v5*)
     $GIT branch --no-track "my$CRYPT_VERSION" "$CRYPT_VERSION" || exit $?
     # Checkout the fips versions of the wolfCrypt files from the repo.
