Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions src/wp_tls_capa.c
Original file line number Diff line number Diff line change
Expand Up @@ -135,8 +135,10 @@ static const wp_tls_group_consts wp_group_const_list[35] = {

/** List of parameters for TLS groups. */
static const OSSL_PARAM wp_param_group_list[][11] = {
#if defined(WP_HAVE_EC_P192) && !defined(HAVE_FIPS)

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟠 [High] HAVE_FIPS_VERSION builds can still advertise P-192
🚫 BLOCK bug

The PR gates the P-192 TLS-GROUP entries with !defined(HAVE_FIPS), and the new regression test uses the same condition. Existing FIPS handling in this repo treats defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION) as enabling FIPS P-192 restrictions, for example include/wolfprovider/wp_fips.h includes WP_FIPS_CHECK_P192 in the default mask under either macro, and existing ECC tests expect P-192 private operations to fail under either macro. In a wolfSSL FIPS build that defines HAVE_FIPS_VERSION without HAVE_FIPS, WP_HAVE_EC_P192 may still be true, so this PR would continue advertising secp192r1 and P-192 while wolfProvider's FIPS checks reject P-192 private operations. The new test would also expect advertisement in that configuration, so it would not catch the regression.

Recommendation: Update both the capability table guard and the test expectation to exclude HAVE_FIPS_VERSION builds as well as HAVE_FIPS builds. Use the same FIPS predicate as the P-192 runtime checks and existing ECC tests, and mirror it in the regression test:

#if defined(WP_HAVE_EC_P192) && !defined(HAVE_FIPS) &&
!defined(HAVE_FIPS_VERSION)
WP_TLS_GROUP_ENTRY_EC( "secp192r1" , "prime192v1" , 0 ),
WP_TLS_GROUP_ENTRY_EC( "P-192" , "prime192v1" , 0 ),
#endif

WP_TLS_GROUP_ENTRY_EC( "secp192r1" , "prime192v1" , 0 ),
WP_TLS_GROUP_ENTRY_EC( "P-192" , "prime192v1" , 0 ),
#endif
WP_TLS_GROUP_ENTRY_EC( "secp224r1" , "secp224r1" , 1 ),
WP_TLS_GROUP_ENTRY_EC( "P-224" , "secp224r1" , 1 ),
WP_TLS_GROUP_ENTRY_EC( "secp256r1" , "prime256v1" , 2 ),
Expand Down
84 changes: 84 additions & 0 deletions test/test_ecc.c
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@

#include <wolfssl/wolfcrypt/hash.h>

#include <wolfprovider/wp_wolfprov.h>

/* Mirror the fallback used in src/wp_ecdsa_sig.c for wolfSSL < v5.9.1. */
#ifndef WC_MIN_DIGEST_SIZE
#define WC_MIN_DIGEST_SIZE 20
Expand Down Expand Up @@ -2845,4 +2847,86 @@ int test_ec_fromdata_oversize(void *data)
}
#endif /* WP_HAVE_EC_P256 */

/* Collected while walking the advertised TLS-GROUP capability list. */
typedef struct wp_group_scan {
int total; /* Number of groups advertised. */
int foundP192; /* "P-192" was advertised. */
int foundSecp192r1; /* "secp192r1" was advertised. */
} wp_group_scan;

/* Record whether the weak P-192 group is advertised. */
static int wp_group_name_cb(const OSSL_PARAM params[], void *arg)
{
wp_group_scan *scan = (wp_group_scan*)arg;
const OSSL_PARAM *p;
const char *name = NULL;

p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_NAME);
if ((p != NULL) && OSSL_PARAM_get_utf8_string_ptr(p, &name) &&
(name != NULL)) {
scan->total++;
if (strcmp(name, "P-192") == 0) {
scan->foundP192 = 1;
}
else if (strcmp(name, "secp192r1") == 0) {
scan->foundSecp192r1 = 1;
}
}

return 1;
}

/*
* P-192 provides only 80 bits of security and is not FIPS approved. Advertise
* it as a TLS group only in non-FIPS builds (!HAVE_FIPS) where the curve is
* compiled and usable (WP_HAVE_EC_P192).
*/
int test_ec_tls_group_p192(void *data)
{
int err = 0;
OSSL_PROVIDER *prov = NULL;
wp_group_scan scan;

(void)data;

memset(&scan, 0, sizeof(scan));

prov = OSSL_PROVIDER_load(wpLibCtx, wolfprovider_id);
if (prov == NULL) {
PRINT_ERR_MSG("Failed to load wolfProvider");
err = 1;
}

if (err == 0) {
if (OSSL_PROVIDER_get_capabilities(prov, "TLS-GROUP",
wp_group_name_cb, &scan) != 1) {
PRINT_ERR_MSG("get_capabilities(TLS-GROUP) failed");
err = 1;
}
}

if (err == 0 && scan.total == 0) {
PRINT_ERR_MSG("No TLS groups advertised");
err = 1;
}

#if defined(WP_HAVE_EC_P192) && !defined(HAVE_FIPS)
if (err == 0 && (scan.foundP192 == 0 || scan.foundSecp192r1 == 0)) {
PRINT_ERR_MSG("P-192 should be advertised when the curve is usable");
err = 1;
}
#else
if (err == 0 && (scan.foundP192 != 0 || scan.foundSecp192r1 != 0)) {
PRINT_ERR_MSG("P-192 must not be advertised (80-bit / non-FIPS only)");
err = 1;
}
#endif

if (prov != NULL) {
OSSL_PROVIDER_unload(prov);
}

return err;
}

#endif /* WP_HAVE_ECC */
4 changes: 4 additions & 0 deletions test/unit.c
Original file line number Diff line number Diff line change
Expand Up @@ -466,6 +466,10 @@ TEST_CASE test_case[] = {
TEST_DECL(test_ec_load_cert, NULL),
#endif /* WP_HAVE_ECDSA */

#ifdef WP_HAVE_ECC
TEST_DECL(test_ec_tls_group_p192, NULL),
#endif /* WP_HAVE_ECC */

#ifdef WP_HAVE_PBE
#if !defined(HAVE_FIPS) || defined(WP_ALLOW_NON_FIPS)
TEST_DECL(test_pbe, NULL),
Expand Down
1 change: 1 addition & 0 deletions test/unit.h
Original file line number Diff line number Diff line change
Expand Up @@ -458,6 +458,7 @@ int test_ec_decode(void* data);
int test_ec_import(void* data);
int test_ec_auto_derive_pubkey(void* data);
int test_ec_null_init(void* data);
int test_ec_tls_group_p192(void* data);
#ifdef WP_HAVE_EC_P256
int test_ec_print_public(void* data);
int test_ec_fromdata_oversize(void* data);
Expand Down
Loading