From patchwork Fri Apr 29 14:18:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Juliusz Sosinowicz X-Patchwork-Id: 1624367 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=fmqy6yTU; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4KqZNv3KYWz9s0r for ; Sat, 30 Apr 2022 00:19:11 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=UPn24/qm50lQN1/yQSxi/2mlWRn1gEhrD8PuEZaI/u4=; b=fmqy6yTUCuibNH /rRBYOidVLU5rDoHtiopMzd7NR7xJLjoqFd/xwfKkr4XenoZiDdQ+yvKxC3ITupbKtt7Jsw7hFSog DEpWBpOjidmVlwQh+2HuyHBIaGt4H51xlOJ6qqtMqwsV/l3iEG537jN3XiO+IxoBYce65WZQkmDoE ZpFaalF7WtOnILufoSMU0BSEGo/d+uR0luIIoQSo0WyEs8XbqhU/ABPGTrOi6Oyewf674BQ3eFH3X d6X6UrhrYEOKGSy0UmBRyf3AiFxWNtzaSQiuiDgUOcsSCmF3OgC8i1qsSDYiRUlXBURmUzlYucPo/ WvjCXB5DNt7ZfDvFwH5g==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nkRRs-00BWzQ-15; Fri, 29 Apr 2022 14:18:20 +0000 Received: from p3plsmtpa06-01.prod.phx3.secureserver.net ([173.201.192.102]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nkRRp-00BWyR-5g for hostap@lists.infradead.org; Fri, 29 Apr 2022 14:18:18 +0000 Received: from localhost.localdomain ([188.212.135.187]) by :SMTPAUTH: with ESMTPSA id kRRknfOiRySwOkRRlnjY05; Fri, 29 Apr 2022 07:18:14 -0700 X-CMAE-Analysis: v=2.4 cv=EpgXEQQA c=1 sm=1 tr=0 ts=626bf3a6 a=hBd5MtljtBjdjwZMofp0Cg==:117 a=hBd5MtljtBjdjwZMofp0Cg==:17 a=VTTltBjBAAAA:8 a=4x8zo6BQRENxQRwFNTsA:9 a=on_vo79ac8RWgsiwd8Ea:22 X-SECURESERVER-ACCT: juliusz@wolfssl.com From: Juliusz Sosinowicz To: hostap@lists.infradead.org Cc: Juliusz Sosinowicz Subject: [PATCH] wolfSSL: Fixes for FIPS builds Date: Fri, 29 Apr 2022 16:18:00 +0200 Message-Id: <20220429141759.67751-1-juliusz@wolfssl.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-CMAE-Envelope: MS4xfLFmjMu/TW4afqJp30vq8/6crNEBncinHoh4GcYaNlh3AiPaDia5OqtNhZAP22qJBg09CKAmGS596dfUWuzSHIIzd3+qF4z+gdheEunlIirsDYKs3ssa CUXmyjy60h2HEfxbXkZDN7CoVq+IqP8/HVgRR8UlUo237Zux+5yMHKc9S37DYgsc3y8Se9DdZZXeP3JXQ/PxSY9qH5n98DdehBg+3q/LWZWFyFPmVaWL26P8 1Ta17HWnI0Jqm9FEt1oLIw== X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220429_071817_270883_C1800D06 X-CRM114-Status: GOOD ( 15.63 ) X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: - Register a callback with wolfCrypt_SetCb_fips to inform the user of errors in the wolfCrypt FIPS module - Some API is not available when using FIPS. We need to allocate memory and initialize the str [...] Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [173.201.192.102 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [173.201.192.102 listed in wl.mailspike.net] 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org - Register a callback with wolfCrypt_SetCb_fips to inform the user of errors in the wolfCrypt FIPS module - Some API is not available when using FIPS. We need to allocate memory and initialize the structs directly. Signed-off-by: Juliusz Sosinowicz --- src/crypto/crypto_wolfssl.c | 30 +++++++++++++++++++++++++++++- src/crypto/tls_wolfssl.c | 28 +++++++++++++++++++++++++++- 2 files changed, 56 insertions(+), 2 deletions(-) diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c index 336e59a0c6..7a5b410694 100644 --- a/src/crypto/crypto_wolfssl.c +++ b/src/crypto/crypto_wolfssl.c @@ -1736,7 +1736,7 @@ struct crypto_ecdh * crypto_ecdh_init(int group) if (ret < 0) goto fail; -#ifdef ECC_TIMING_RESISTANT +#if defined(ECC_TIMING_RESISTANT) && !defined(CONFIG_FIPS) ret = wc_ecc_set_rng(&ecdh->ec->key, &ecdh->rng); if (ret < 0) goto fail; @@ -1858,7 +1858,11 @@ static struct crypto_ec_key* crypto_ec_key_init(void) wpa_printf(MSG_DEBUG, "wolfSSL: crypto_ec_key_init starting"); key = os_zalloc(sizeof(struct crypto_ec_key)); if (key) { +#ifndef CONFIG_FIPS key->eckey = wc_ecc_key_new(NULL); +#else + key->eckey = os_zalloc(sizeof(ecc_key)); +#endif /* Omit key->rng initialization because it seeds itself and thus * consumes entropy that may never be used. Lazy initialize when * necessary. */ @@ -1867,6 +1871,13 @@ static struct crypto_ec_key* crypto_ec_key_init(void) crypto_ec_key_deinit(key); key = NULL; } +#ifdef CONFIG_FIPS + else if (wc_ecc_init_ex(key->eckey, NULL, INVALID_DEVID) != 0) { + wpa_printf(MSG_ERROR, "wolfSSL: wc_ecc_init_ex failed"); + crypto_ec_key_deinit(key); + key = NULL; + } +#endif } return key; } @@ -1875,8 +1886,15 @@ void crypto_ec_key_deinit(struct crypto_ec_key *key) { wpa_printf(MSG_DEBUG, "wolfSSL: crypto_ec_key_deinit starting"); if (key) { +#ifndef CONFIG_FIPS wc_rng_free(key->rng); wc_ecc_key_free(key->eckey); +#else + if (key->rng) + os_free(key->rng); + if (key->eckey) + os_free(key->eckey); +#endif os_free(key); } } @@ -2037,11 +2055,21 @@ struct wpabuf * crypto_ec_key_sign(struct crypto_ec_key *key, const u8 *data, if (!key->rng) { /* Lazy init key->rng */ +#ifndef CONFIG_FIPS key->rng = wc_rng_new(NULL, 0, NULL); +#else + key->rng = os_zalloc(sizeof(WC_RNG)); +#endif if (!key->rng) { wpa_printf(MSG_ERROR, "wolfSSL: wc_rng_new failed"); goto fail; } +#ifdef CONFIG_FIPS + if (wc_InitRng(key->rng) != 0) { + wpa_printf(MSG_ERROR, "wolfSSL: wc_InitRng failed"); + goto fail; + } +#endif } derLen = wc_ecc_sig_size(key->eckey); diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c index 04e1e0e810..91299befe9 100644 --- a/src/crypto/tls_wolfssl.c +++ b/src/crypto/tls_wolfssl.c @@ -26,6 +26,10 @@ #include #endif +#if defined(CONFIG_FIPS) +#include +#endif + #if !defined(CONFIG_FIPS) && \ (defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || \ defined(EAP_SERVER_FAST)) @@ -191,6 +195,21 @@ static void remove_session_cb(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *sess) wolfSSL_SESSION_set_ex_data(sess, tls_ex_idx_session, NULL); } +#if defined(CONFIG_FIPS) && defined(HAVE_FIPS) +static void wcFipsCb(int ok, int err, const char* hash) +{ + wpa_printf(MSG_ERROR, "wolfFIPS: wolfCrypt Fips error callback, ok = %d, " + "err = %d\n", ok, err); + wpa_printf(MSG_ERROR, "wolfFIPS: message = %s\n", wc_GetErrorString(err)); + wpa_printf(MSG_ERROR, "wolfFIPS: hash = %s\n", hash); + if (err == IN_CORE_FIPS_E) { + wpa_printf(MSG_ERROR, "wolfFIPS: In core integrity hash check failure, " + "copy above hash\n"); + wpa_printf(MSG_ERROR, "wolfFIPS: into verifyCore[] in fips_test.c and " + "rebuild\n"); + } +} +#endif #ifdef DEBUG_WOLFSSL static void wolfSSL_logging_cb(const int log_level, @@ -222,7 +241,9 @@ void * tls_init(const struct tls_config *conf) if (wolfSSL_Init() < 0) return NULL; - /* wolfSSL_Debugging_ON(); */ +#if defined(CONFIG_FIPS) && defined(HAVE_FIPS) + wolfCrypt_SetCb_fips(wcFipsCb); +#endif } tls_ref_count++; @@ -2059,9 +2080,14 @@ int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn, _out, skip + out_len); ret = 0; } else { +#ifndef CONFIG_FIPS ret = tls_prf_sha1_md5(master_key, master_key_len, "key expansion", seed, sizeof(seed), _out, skip + out_len); +#else + wpa_printf(MSG_ERROR, "wolfSSL: Can't use sha1_md5 in FIPS build"); + ret = -1; +#endif } forced_memzero(master_key, master_key_len);