Skip to content

Commit b883766

Browse files
committed
Phase 3: Security and FIPS Compliance Audit
1 parent 815d48c commit b883766

19 files changed

Lines changed: 1177 additions & 103 deletions

File tree

configure.ac

Lines changed: 26 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -6255,13 +6255,7 @@ AS_CASE([$FIPS_VERSION],
62556255
-DWC_RSA_NO_PADDING \
62566256
-DECC_USER_CURVES \
62576257
-DHAVE_ECC384 \
6258-
-DHAVE_ECC521 \
6259-
-DWOLFSSL_VALIDATE_FFC_IMPORT \
6260-
-DHAVE_FFDHE_Q \
6261-
-DHAVE_FFDHE_3072 \
6262-
-DHAVE_FFDHE_4096 \
6263-
-DHAVE_FFDHE_6144 \
6264-
-DHAVE_FFDHE_8192"
6258+
-DHAVE_ECC521"
62656259
62666260
# KCAPI API does not support custom k for sign, don't force enable ECC key sizes and don't use seed callback
62676261
AS_IF([test "x$ENABLED_KCAPI_ECC" = "xno"],
@@ -6275,6 +6269,20 @@ AS_CASE([$FIPS_VERSION],
62756269
-DHAVE_ECC256"])
62766270
62776271
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192
6272+
6273+
# Classic DH and DSA are OUT OF SCOPE for the FIPS 140-3 v7 PQ module.
6274+
# (FIPS 186-5 retires DSA; v7 boundary keeps only ECDH/ECDSA + PQ KEM/DSA.)
6275+
# Hard-error if explicitly enabled; otherwise force off and add NO_DH/NO_DSA.
6276+
AS_IF([test "$enable_dh" = "yes"],
6277+
[AC_MSG_ERROR([--enable-dh is not supported with --enable-fips=$FIPS_VERSION. Classic finite-field DH is out of scope for the FIPS 140-3 v7 PQ module. Use --enable-fips=v6 if you need DH support.])],
6278+
[test "$ENABLED_DH" != "no"],
6279+
[ENABLED_DH="no"; enable_dh="no"; AM_CFLAGS="$AM_CFLAGS -DNO_DH"])
6280+
6281+
AS_IF([test "$enable_dsa" = "yes"],
6282+
[AC_MSG_ERROR([--enable-dsa is not supported with --enable-fips=$FIPS_VERSION. DSA is retired by FIPS 186-5 and is out of scope for the FIPS 140-3 v7 PQ module. Use --enable-fips=v6 if you need DSA support.])],
6283+
[test "$ENABLED_DSA" != "no"],
6284+
[ENABLED_DSA="no"; enable_dsa="no"; AM_CFLAGS="$AM_CFLAGS -DNO_DSA"])
6285+
62786286
# optimizations section
62796287
62806288
# protocol section
@@ -8829,8 +8837,17 @@ then
88298837
fi
88308838
if test "x$ENABLED_DH" = "xno"
88318839
then
8832-
ENABLED_DH="yes"
8833-
AM_CFLAGS="$AM_CFLAGS -DHAVE_DH"
8840+
# Classic DH is out of scope for the FIPS 140-3 v7 PQ module.
8841+
# JNI normally auto-enables DH for legacy TLS suites; with FIPS v7+
8842+
# we report and skip the auto-enable rather than silently turning DH
8843+
# back on (which would conflict with the boundary).
8844+
if test "$FIPS_VERSION" = "v7" || test "$FIPS_VERSION" = "ready" || test "$FIPS_VERSION" = "dev"
8845+
then
8846+
AC_MSG_NOTICE([JNI enabled but FIPS is $FIPS_VERSION, NOT turning on DH with this module])
8847+
else
8848+
ENABLED_DH="yes"
8849+
AM_CFLAGS="$AM_CFLAGS -DHAVE_DH"
8850+
fi
88348851
fi
88358852
if test "x$ENABLED_PSK" = "xno"
88368853
then

fips-hash.sh

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,11 @@ then
1313
fi
1414

1515
OUT=$(./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p')
16-
NEWHASH=$(echo "$OUT" | cut -c1-64)
16+
# FIPS v7.0.0+ uses HMAC-SHA-512 (128 hex chars); older FIPS versions
17+
# use HMAC-SHA-256 (64 hex chars). Take the whole captured hash; the
18+
# static_assert on sizeof(verifyCore) guards against wrong length at
19+
# compile time after this script runs.
20+
NEWHASH=$(echo "$OUT" | head -n1 | tr -d '[:space:]')
1721
if test -n "$NEWHASH"
1822
then
1923
cp wolfcrypt/src/fips_test.c wolfcrypt/src/fips_test.c.bak

tests/api/test_aes.c

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -693,7 +693,14 @@ static int test_wc_AesCbcEncryptDecrypt_WithKey(Aes* aes, byte* key,
693693
ExpectIntEQ(wc_AesCbcEncrypt(aes, cipher, vector, vector_len),
694694
0);
695695
ExpectBufEQ(cipher, vector_enc, vector_len);
696-
#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
696+
/* The BAD_LENGTH_E enforcement is in the non-FIPS aes.c implementation
697+
* (see WOLFSSL_AES_CBC_LENGTH_CHECKS guard there). FIPSv2 (cert3389)
698+
* routes through its own historical wc_AesCbcEncrypt_fips wrapper that
699+
* predates this check and silently returns 0 on unaligned input. Only
700+
* v5.x and newer FIPS modules carry the wrapper-level check. Skip the
701+
* assertion for FIPSv2 builds. */
702+
#if defined(WOLFSSL_AES_CBC_LENGTH_CHECKS) && \
703+
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,0))
697704
ExpectIntEQ(wc_AesCbcEncrypt(aes, cipher, vector, vector_len - 1),
698705
WC_NO_ERR_TRACE(BAD_LENGTH_E));
699706
#endif
@@ -703,7 +710,9 @@ static int test_wc_AesCbcEncryptDecrypt_WithKey(Aes* aes, byte* key,
703710
ExpectIntEQ(wc_AesCbcDecrypt(aes, decrypted, cipher,
704711
WC_AES_BLOCK_SIZE * 2), 0);
705712
ExpectBufEQ(decrypted, vector, vector_len);
706-
#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
713+
#if defined(WOLFSSL_AES_CBC_LENGTH_CHECKS) && \
714+
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,0))
715+
/* Same FIPSv2 vs v5+ rationale as the encrypt assertion above. */
707716
ExpectIntEQ(wc_AesCbcDecrypt(aes, decrypted, cipher,
708717
WC_AES_BLOCK_SIZE * 2 - 1), WC_NO_ERR_TRACE(BAD_LENGTH_E));
709718
#else

tests/api/test_evp_pkey.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1526,7 +1526,7 @@ static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType)
15261526
!defined(HAVE_SELFTEST)
15271527
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
15281528
{
1529-
ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
1529+
ExpectNotNull(rsa = RSA_generate_key(2048, 65537, NULL, NULL));
15301530
ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
15311531
}
15321532
#endif
@@ -2159,7 +2159,7 @@ int test_wolfSSL_EVP_PKEY_encrypt(void)
21592159
XMEMSET(outDec, 0, rsaKeySz);
21602160
}
21612161

2162-
ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
2162+
ExpectNotNull(rsa = RSA_generate_key(2048, 65537, NULL, NULL));
21632163
ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
21642164
ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
21652165
if (EXPECT_FAIL()) {

tests/api/test_ossl_rsa.c

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@ int test_wolfSSL_RSA(void)
6565

6666
RSA_free(rsa);
6767
rsa = NULL;
68-
ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
68+
ExpectNotNull(rsa = RSA_generate_key(2048, 65537, NULL, NULL));
6969
ExpectIntEQ(RSA_size(rsa), 256);
7070

7171
#if (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(6,0,0)) && !defined(HAVE_SELFTEST)
@@ -306,7 +306,7 @@ int test_wolfSSL_RSA(void)
306306
rsa = NULL;
307307

308308
#if !defined(USE_FAST_MATH) || (FP_MAX_BITS >= (3072*2))
309-
ExpectNotNull(rsa = RSA_generate_key(3072, 17, NULL, NULL));
309+
ExpectNotNull(rsa = RSA_generate_key(3072, 65537, NULL, NULL));
310310
ExpectIntEQ(RSA_size(rsa), 384);
311311
ExpectIntEQ(RSA_bits(rsa), 3072);
312312
RSA_free(rsa);
@@ -461,7 +461,7 @@ int test_wolfSSL_RSA_print(void)
461461

462462
RSA_free(rsa);
463463
rsa = NULL;
464-
ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
464+
ExpectNotNull(rsa = RSA_generate_key(2048, 65537, NULL, NULL));
465465

466466
ExpectIntEQ(RSA_print(bio, rsa, 0), 1);
467467
ExpectIntEQ(RSA_print(bio, rsa, 4), 1);
@@ -626,11 +626,11 @@ int test_wolfSSL_RSA_meth(void)
626626
RSA_METHOD *rsa_meth = NULL;
627627

628628
#ifdef WOLFSSL_KEY_GEN
629-
ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
629+
ExpectNotNull(rsa = RSA_generate_key(2048, 65537, NULL, NULL));
630630
RSA_free(rsa);
631631
rsa = NULL;
632632
#else
633-
ExpectNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
633+
ExpectNull(rsa = RSA_generate_key(2048, 65537, NULL, NULL));
634634
#endif
635635

636636
ExpectNotNull(RSA_get_default_method());

0 commit comments

Comments
 (0)