20260403-WC_FIPS_186

.wolfssl_known_macro_extras

@@ -639,6 +639,9 @@ WC_DILITHIUM_FIXED_ARRAY
 WC_DISABLE_RADIX_ZERO_PAD
 WC_FLAG_DONT_USE_AESNI
 WC_FORCE_LINUXKM_FORTIFY_SOURCE
+WC_HASH_CUSTOM_MAX_BLOCK_SIZE
+WC_HASH_CUSTOM_MAX_DIGEST_SIZE
+WC_HASH_CUSTOM_MIN_DIGEST_SIZE
 WC_NO_ASYNC_SLEEP
 WC_NO_RNG_SIMPLE
 WC_NO_STATIC_ASSERT
@@ -651,9 +654,6 @@ WC_RSA_NONBLOCK
 WC_RSA_NONBLOCK_TIME
 WC_RSA_NO_FERMAT_CHECK
 WC_RWLOCK_OPS_INLINE
-WC_SHA384
-WC_SHA384_DIGEST_SIZE
-WC_SHA512
 WC_SKIP_INCLUDED_C_FILES
 WC_SSIZE_TYPE
 WC_STRICT_SIG

linuxkm/linuxkm_wc_port.h

@@ -29,6 +29,7 @@
     #endif
 
     #include <linux/version.h>
+    #include <linux/kconfig.h>
 
     #if LINUX_VERSION_CODE < KERNEL_VERSION(3, 16, 0)
         #error Unsupported kernel.
@@ -39,6 +40,25 @@
         #error CONFIG_CRYPTO_MANAGER_EXTRA_TESTS is incompatible with FIPS wolfCrypt AES-XTS -- please reconfigure the target kernel to disable CONFIG_CRYPTO_MANAGER_EXTRA_TESTS.
     #endif
 
+    /* The first vector set in /usr/src/linux/crypto/testmgr.h
+     * ecdsa_nist_p192_tv_template[], ecdsa_nist_p256_tv_template[], and
+     * ecdsa_nist_p384_tv_template[] use SHA-1 (even if CONFIG_CRYPTO_SHA1 is
+     * disabled), and kernel module signatures frequently use SHA-1 until quite
+     * recently (dependent on CONFIG_CRYPTO_SHA1).  If either is enabled, force
+     * downgrade to 186-4.
+     */
+    #if defined(WC_FIPS_186_5_PLUS) && \
+        (defined(CONFIG_CRYPTO_SHA1) || (defined(CONFIG_CRYPTO_MANAGER) && !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS))) && \
+        (defined(LINUXKM_LKCAPI_REGISTER_ALL) || defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) || defined(CONFIG_CRYPTO_ECDSA))
+        #undef WC_FIPS_186_5_PLUS
+        #ifdef WC_FIPS_186_5
+            #undef WC_FIPS_186_5
+        #else
+            #error Unknown and incompatible FIPS 186 is enabled.
+        #endif
+        #define WC_FIPS_186_4
+    #endif
+
     #ifdef HAVE_CONFIG_H
         #ifndef PACKAGE_NAME
             #error wc_port.h included before config.h
@@ -285,8 +305,6 @@
     _Pragma("GCC diagnostic ignored \"-Wformat-nonliteral\""); /* needed for kernel 4.9.282 */
     _Pragma("GCC diagnostic ignored \"-Wattributes\"");
 
-    #include <linux/kconfig.h>
-
     #ifdef CONFIG_KASAN
         #ifndef WC_SANITIZE_DISABLE
             #define WC_SANITIZE_DISABLE() kasan_disable_current()

src/internal.c

@@ -157,6 +157,7 @@
 #include <wolfssl/error-ssl.h>
 #include <wolfssl/wolfcrypt/asn.h>
 #include <wolfssl/wolfcrypt/dh.h>
+#include <wolfssl/wolfcrypt/hash.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -5720,6 +5721,12 @@ int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out,
     }
 #endif
 
+    /* Check hash length */
+    if ((outSz > WC_MAX_DIGEST_SIZE) ||
+        (outSz < WC_MIN_DIGEST_SIZE)) {
+        return BAD_LENGTH_E;
+    }
+
     (void)ssl;
     (void)keyBufInfo;
 

src/pk_ec.c

@@ -5264,6 +5264,14 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen,
         ret = WOLFSSL_FATAL_ERROR;
     }
 
+    /* Check hash length */
+    if ((ret == 1) &&
+        ((dLen > WC_MAX_DIGEST_SIZE) ||
+         (dLen < WC_MIN_DIGEST_SIZE))) {
+        WOLFSSL_MSG("wolfSSL_ECDSA_do_verify Bad digest size");
+        ret = WOLFSSL_FATAL_ERROR;
+    }
+
     /* Ensure internal EC key is set from external. */
     if ((ret == 1) && (key->inSet == 0)) {
         WOLFSSL_MSG("No EC key internal set, do it");
@@ -5388,6 +5396,14 @@ int wolfSSL_ECDSA_verify(int type, const unsigned char *digest, int digestSz,
         ret = 0;
     }
 
+    /* Check hash length */
+    if ((ret == 1) &&
+        ((digestSz > WC_MAX_DIGEST_SIZE) ||
+         (digestSz < WC_MIN_DIGEST_SIZE))) {
+        WOLFSSL_MSG("wolfSSL_ECDSA_verify Bad digest size");
+        ret = 0;
+    }
+
     /* Verify signature using digest and key. */
     if ((ret == 1) && (wc_ecc_verify_hash(sig, (word32)sigSz, digest,
             (word32)digestSz, &verify, (ecc_key*)key->internal) != 0)) {

tests/api.c

@@ -12284,9 +12284,9 @@ static int test_wc_CheckCertSigPubKey(void)
     ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, 0,
         RSAk), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
-    /* Wrong aglo. */
+    /* Wrong algo. */
     ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer,
-        keyDerSz, ECDSAk), WC_NO_ERR_TRACE(ASN_PARSE_E));
+        keyDerSz, ECDSAk), WC_NO_ERR_TRACE(ASN_SIG_OID_E));
 
     wc_FreeDecodedCert(&decoded);
     if (cert_der != NULL)

tests/api/api.h

@@ -37,10 +37,32 @@
     #define HEAP_HINT NULL
 #endif
 
+#include <wolfssl/wolfcrypt/hash.h>
 
-#define TEST_STRING    "Everyone gets Friday off."
-#define TEST_STRING_SZ 25
-
+#if defined(WC_FIPS_186_5_PLUS)
+    #define TEST_STRING "WC_FIPS_186_5_PLUS test test"
+    #define TEST_STRING_SZ 28
+#elif defined(WC_FIPS_186_4_PLUS) || defined(HAVE_SELFTEST)
+    #define TEST_STRING "WC_FIPS_186_4_PLUS test.."
+    #define TEST_STRING_SZ 25
+#elif WC_MIN_DIGEST_SIZE <= 25
+    #define TEST_STRING "Everyone gets Friday off."
+    #define TEST_STRING_SZ 25
+#elif WC_MIN_DIGEST_SIZE <= 28
+    #define TEST_STRING "Everyone works the weekends."
+    #define TEST_STRING_SZ 28
+#elif WC_MIN_DIGEST_SIZE <= 32
+    #define TEST_STRING "Everyone works through the night"
+    #define TEST_STRING_SZ 32
+#elif WC_MIN_DIGEST_SIZE <= 48
+    #define TEST_STRING "Everyone gets to summer in Tuscany with Chianti."
+    #define TEST_STRING_SZ 48
+#elif WC_MIN_DIGEST_SIZE <= 64
+    #define TEST_STRING "Everyone works from Christmas Eve, clear through New Year's Day."
+    #define TEST_STRING_SZ 64
+#else
+    #error WC_MIN_DIGEST_SIZE value not supported by unit test.
+#endif
 
 #ifndef ONEK_BUF
     #define ONEK_BUF 1024

tests/api/test_dsa.c

@@ -61,7 +61,7 @@ int test_wc_InitDsaKey(void)
 int test_wc_DsaSignVerify(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_DSA)
+#if !defined(NO_DSA) && !defined(WC_FIPS_186_5_PLUS)
     DsaKey key;
     WC_RNG rng;
     wc_Sha sha;
@@ -130,7 +130,8 @@ int test_wc_DsaSignVerify(void)
     DoExpectIntEQ(wc_FreeRng(&rng),0);
     wc_FreeDsaKey(&key);
     wc_ShaFree(&sha);
-#endif
+#endif /* !NO_DSA && !WC_FIPS_186_5_PLUS */
+
     return EXPECT_RESULT();
 } /* END test_wc_DsaSign */
 

tests/api/test_evp_pkey.c

@@ -742,7 +742,7 @@ int test_wolfSSL_EVP_PKEY_set1_get1_DSA(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_ALL) && !defined (NO_DSA) && !defined(HAVE_SELFTEST) && \
-    defined(WOLFSSL_KEY_GEN)
+    !defined(WC_FIPS_186_5_PLUS) && defined(WOLFSSL_KEY_GEN)
     DSA       *dsa  = NULL;
     DSA       *setDsa  = NULL;
     EVP_PKEY  *pkey = NULL;
@@ -829,7 +829,8 @@ int test_wolfSSL_EVP_PKEY_set1_get1_DSA(void)
     DSA_free(setDsa);
     EVP_PKEY_free(pkey);
     EVP_PKEY_free(set1Pkey);
-#endif /* OPENSSL_ALL && !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */
+#endif /* OPENSSL_ALL && !NO_DSA && !HAVE_SELFTEST && !WC_FIPS_186_5_PLUS */
+       /* && WOLFSSL_KEY_GEN */
     return EXPECT_RESULT();
 } /* END test_EVP_PKEY_set1_get1_DSA */
 
@@ -1606,7 +1607,8 @@ int test_wolfSSL_EVP_PKEY_sign_verify_dsa(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA)
-#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)
+#if !defined (NO_DSA) && !defined(WC_FIPS_186_5_PLUS) && \
+    !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)
     ExpectIntEQ(test_wolfSSL_EVP_PKEY_sign_verify(EVP_PKEY_DSA), TEST_SUCCESS);
 #endif
 #endif

tests/api/test_ossl_dsa.c

@@ -41,7 +41,8 @@
 int test_DSA_do_sign_verify(void)
 {
     EXPECT_DECLS;
-#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
+#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) && \
+     !defined(WC_FIPS_186_5_PLUS)
 #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
     !defined(NO_DSA)
     unsigned char digest[WC_SHA_DIGEST_SIZE];
@@ -88,7 +89,7 @@ int test_DSA_do_sign_verify(void)
     DSA_SIG_free(sig);
     DSA_free(dsa);
 #endif
-#endif /* !HAVE_SELFTEST && !HAVE_FIPS */
+#endif /* !HAVE_SELFTEST && !HAVE_FIPS && !WC_FIPS_186_5_PLUS */
     return EXPECT_RESULT();
 }
 
@@ -110,7 +111,7 @@ int test_wolfSSL_DSA_SIG(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FIPS) && defined(OPENSSL_ALL)
+    !defined(HAVE_FIPS) && !defined(WC_FIPS_186_5_PLUS) && defined(OPENSSL_ALL)
     DSA          *dsa      = NULL;
     DSA          *dsa2     = NULL;
     DSA_SIG      *sig      = NULL;

tests/api/test_pkcs7.c

@@ -727,7 +727,7 @@ int test_wc_PKCS7_EncodeSignedData(void)
         pkcs7->privateKey = key;
         pkcs7->privateKeySz = (word32)sizeof(key);
         pkcs7->encryptOID = encryptOid;
-    #ifdef NO_SHA
+    #if defined(NO_SHA) || defined(WC_FIPS_186_5_PLUS)
         pkcs7->hashOID = SHA256h;
     #else
         pkcs7->hashOID = SHAh;
@@ -1685,7 +1685,7 @@ int CreatePKCS7SignedData(unsigned char* output, int outputSz,
         else {
             pkcs7->encryptOID = ECDSAk;
         }
-    #ifdef NO_SHA
+    #if defined(NO_SHA) || defined(WC_FIPS_186_5_PLUS)
         pkcs7->hashOID = SHA256h;
     #else
         pkcs7->hashOID = SHAh;
@@ -1739,7 +1739,7 @@ int test_wc_PKCS7_VerifySignedData_RSA(void)
     word32 badOutSz = 0;
     byte   badContent[] = "This is different content than was signed";
     wc_HashAlg hash;
-#ifdef NO_SHA
+#if defined(NO_SHA) || defined(WC_FIPS_186_5_PLUS)
     enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
 #else
     enum wc_HashType hashType = WC_HASH_TYPE_SHA;
@@ -2120,7 +2120,7 @@ int test_wc_PKCS7_VerifySignedData_ECC(void)
     word32 z;
     int ret;
 #endif /* !NO_PKCS7_STREAM */
-#ifdef NO_SHA
+#if defined(NO_SHA) || defined(WC_FIPS_186_5_PLUS)
     enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
 #else
     enum wc_HashType hashType = WC_HASH_TYPE_SHA;