mirror of https://github.com/wolfSSL/wolfssl.git
JacobBarthelmeh
GitHub
commit
95137f91fa
|
|
@ -3,7 +3,7 @@
|
||||||
First, if you did not get the FIPS files with your archive, you must contact
|
First, if you did not get the FIPS files with your archive, you must contact
|
||||||
wolfSSL to obtain them.
|
wolfSSL to obtain them.
|
||||||
|
|
||||||
The IDE/WIN/wolfssl-fips.sln solution is for the original FIPS #2425 certificate.
|
The IDE/WIN/wolfssl-fips.sln solution is for the original FIPS #2425 certificate.
|
||||||
See IDE/WIN10/wolfssl-fips.sln for the FIPS v2 #3389 or later Visual Studio solution.
|
See IDE/WIN10/wolfssl-fips.sln for the FIPS v2 #3389 or later Visual Studio solution.
|
||||||
|
|
||||||
# Building the wolfssl-fips project
|
# Building the wolfssl-fips project
|
||||||
|
|
@ -30,11 +30,13 @@ The In Core Memory test calculates a checksum (HMAC-SHA256) of the wolfCrypt
|
||||||
FIPS library code and constant data and compares it with a known value in
|
FIPS library code and constant data and compares it with a known value in
|
||||||
the code.
|
the code.
|
||||||
|
|
||||||
The Randomized Base Address setting needs to be disabled on the 32-bit builds
|
The following wolfCrypt FIPS project linker settings are required for the DLL Win32 configuration:
|
||||||
but can be enabled on the 64-bit builds. In the 32-bit mode the addresses
|
1) The [Randomized Base Address setting (ASLR)](https://learn.microsoft.com/en-us/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=msvc-170)
|
||||||
being different throws off the in-core memory calculation. It looks like in
|
needs to be disabled on all builds as the feature throws off the in-core memory calculation causing the test to fail.
|
||||||
64-bit mode the library uses all offsets, so the core hash calculation
|
2) The [Incremental Link](https://learn.microsoft.com/en-us/cpp/build/reference/incremental-link-incrementally?view=msvc-170)
|
||||||
is the same every time.
|
option need turned off so function pointers go to actual code, not a jump instruction.
|
||||||
|
3) The [FixedBaseAddress](https://learn.microsoft.com/en-us/cpp/build/reference/fixed-fixed-base-address?view=msvc-170)
|
||||||
|
option to YES, which disables the support for ASLR.
|
||||||
|
|
||||||
The "verifyCore" check value in the source fips_test.c needs to be updated when
|
The "verifyCore" check value in the source fips_test.c needs to be updated when
|
||||||
building the code. The POS performs this check and the default failure callback
|
building the code. The POS performs this check and the default failure callback
|
||||||
|
|
@ -71,13 +73,13 @@ These settings are defined in IDE/WIN/user_settings.h.
|
||||||
|
|
||||||
# Notes on enabling DTLS including DTLS version 1.3
|
# Notes on enabling DTLS including DTLS version 1.3
|
||||||
|
|
||||||
The file IDE/WIN/user_settings_dtls.h contains the needed build options for
|
The file IDE/WIN/user_settings_dtls.h contains the needed build options for
|
||||||
enabling DTLS and DTLS version 1.3.
|
enabling DTLS and DTLS version 1.3.
|
||||||
|
|
||||||
To incorporate the build options:
|
To incorporate the build options:
|
||||||
|
|
||||||
* Rename IDE/WIN/user_settings.h to IDE/WIN/user_settings.h.bak
|
* Rename IDE/WIN/user_settings.h to IDE/WIN/user_settings.h.bak
|
||||||
* Rename IDE/WIN/user_settings_dtls.h to IDE/WIN/user_settings.h
|
* Rename IDE/WIN/user_settings_dtls.h to IDE/WIN/user_settings.h
|
||||||
|
|
||||||
Alternatively, copy the DTLS labeled section from IDE/WIN/user_settings_dtls.h
|
Alternatively, copy the DTLS labeled section from IDE/WIN/user_settings_dtls.h
|
||||||
in to IDE/WIN/user_settings.h.
|
in to IDE/WIN/user_settings.h.
|
||||||
|
|
@ -117,6 +117,18 @@
|
||||||
<OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
|
<OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
|
||||||
<IntDir>$(Configuration)\$(Platform)\obj\</IntDir>
|
<IntDir>$(Configuration)\$(Platform)\obj\</IntDir>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
|
||||||
|
<LinkIncremental>false</LinkIncremental>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
|
||||||
|
<LinkIncremental>false</LinkIncremental>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
|
||||||
|
<LinkIncremental>false</LinkIncremental>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
|
||||||
|
<LinkIncremental>false</LinkIncremental>
|
||||||
|
</PropertyGroup>
|
||||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||||
<ClCompile>
|
<ClCompile>
|
||||||
<Optimization>Disabled</Optimization>
|
<Optimization>Disabled</Optimization>
|
||||||
|
|
@ -146,6 +158,7 @@
|
||||||
<BaseAddress>0x5A000000</BaseAddress>
|
<BaseAddress>0x5A000000</BaseAddress>
|
||||||
<RandomizedBaseAddress>false</RandomizedBaseAddress>
|
<RandomizedBaseAddress>false</RandomizedBaseAddress>
|
||||||
<DataExecutionPrevention>false</DataExecutionPrevention>
|
<DataExecutionPrevention>false</DataExecutionPrevention>
|
||||||
|
<FixedBaseAddress>true</FixedBaseAddress>
|
||||||
</Link>
|
</Link>
|
||||||
</ItemDefinitionGroup>
|
</ItemDefinitionGroup>
|
||||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||||
|
|
@ -174,7 +187,7 @@
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
<Link>
|
<Link>
|
||||||
<AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
<AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||||
<RandomizedBaseAddress>true</RandomizedBaseAddress>
|
<RandomizedBaseAddress>false</RandomizedBaseAddress>
|
||||||
<DataExecutionPrevention>false</DataExecutionPrevention>
|
<DataExecutionPrevention>false</DataExecutionPrevention>
|
||||||
</Link>
|
</Link>
|
||||||
</ItemDefinitionGroup>
|
</ItemDefinitionGroup>
|
||||||
|
|
@ -206,6 +219,7 @@
|
||||||
<AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
<AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||||
<RandomizedBaseAddress>false</RandomizedBaseAddress>
|
<RandomizedBaseAddress>false</RandomizedBaseAddress>
|
||||||
<BaseAddress>0x5A000000</BaseAddress>
|
<BaseAddress>0x5A000000</BaseAddress>
|
||||||
|
<FixedBaseAddress>true</FixedBaseAddress>
|
||||||
</Link>
|
</Link>
|
||||||
</ItemDefinitionGroup>
|
</ItemDefinitionGroup>
|
||||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||||
|
|
@ -234,7 +248,7 @@
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
<Link>
|
<Link>
|
||||||
<AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
<AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||||
<RandomizedBaseAddress>true</RandomizedBaseAddress>
|
<RandomizedBaseAddress>false</RandomizedBaseAddress>
|
||||||
</Link>
|
</Link>
|
||||||
</ItemDefinitionGroup>
|
</ItemDefinitionGroup>
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
|
|
|
||||||
|
|
@ -29,8 +29,13 @@ The In Core Memory test calculates a checksum (HMAC-SHA256) of the wolfCrypt
|
||||||
FIPS library code and constant data and compares it with a known value in
|
FIPS library code and constant data and compares it with a known value in
|
||||||
the code.
|
the code.
|
||||||
|
|
||||||
The Randomized Base Address setting needs to be disabled on all builds as the
|
The following wolfCrypt FIPS project linker settings are required for the DLL Win32 configuration:
|
||||||
feature throws off the in-core memory calculation causing the test to fail.
|
1) The [Randomized Base Address setting (ASLR)](https://learn.microsoft.com/en-us/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=msvc-170)
|
||||||
|
needs to be disabled on all builds as the feature throws off the in-core memory calculation causing the test to fail.
|
||||||
|
2) The [Incremental Link](https://learn.microsoft.com/en-us/cpp/build/reference/incremental-link-incrementally?view=msvc-170)
|
||||||
|
option need turned off so function pointers go to actual code, not a jump instruction.
|
||||||
|
3) The [FixedBaseAddress](https://learn.microsoft.com/en-us/cpp/build/reference/fixed-fixed-base-address?view=msvc-170)
|
||||||
|
option to YES, which disables the support for ASLR.
|
||||||
|
|
||||||
The "verifyCore" check value in the source fips_test.c needs to be updated when
|
The "verifyCore" check value in the source fips_test.c needs to be updated when
|
||||||
building the code. The POS performs this check and the default failure callback
|
building the code. The POS performs this check and the default failure callback
|
||||||
|
|
@ -39,7 +44,6 @@ value and paste it back into your code in the verifyCore initializer then
|
||||||
rebuild the code. When statically linking, you may have to recalculate your
|
rebuild the code. When statically linking, you may have to recalculate your
|
||||||
check value when changing your application.
|
check value when changing your application.
|
||||||
|
|
||||||
|
|
||||||
# Build Options
|
# Build Options
|
||||||
|
|
||||||
The default build options should be the proper default set of options:
|
The default build options should be the proper default set of options:
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,16 @@
|
||||||
#ifndef _WIN_USER_SETTINGS_H_
|
#ifndef _WIN_USER_SETTINGS_H_
|
||||||
#define _WIN_USER_SETTINGS_H_
|
#define _WIN_USER_SETTINGS_H_
|
||||||
|
|
||||||
|
/* For FIPS 140-2 3389 build set to "#if 1" */
|
||||||
|
#if 0
|
||||||
|
#undef HAVE_FIPS
|
||||||
|
#define HAVE_FIPS
|
||||||
|
#undef HAVE_FIPS_VERSION
|
||||||
|
#define HAVE_FIPS_VERSION 2
|
||||||
|
#undef HAVE_FIPS_VERSION_MINOR
|
||||||
|
#define HAVE_FIPS_VERSION_MINOR 0
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Set the following to 1 for WCv5.0-RC12 build. */
|
/* Set the following to 1 for WCv5.0-RC12 build. */
|
||||||
#if 0
|
#if 0
|
||||||
#undef HAVE_FIPS
|
#undef HAVE_FIPS
|
||||||
|
|
@ -67,8 +77,10 @@
|
||||||
#define WOLFSSL_VALIDATE_FFC_IMPORT
|
#define WOLFSSL_VALIDATE_FFC_IMPORT
|
||||||
#define HAVE_FFDHE_Q
|
#define HAVE_FFDHE_Q
|
||||||
#define HAVE_PUBLIC_FFDHE
|
#define HAVE_PUBLIC_FFDHE
|
||||||
|
#ifdef _WIN64
|
||||||
#define WOLFSSL_AESNI
|
#define WOLFSSL_AESNI
|
||||||
#define HAVE_INTEL_RDSEED
|
#define HAVE_INTEL_RDSEED
|
||||||
|
#endif
|
||||||
#define FORCE_FAILURE_RDSEED
|
#define FORCE_FAILURE_RDSEED
|
||||||
#endif /* FIPS v2 */
|
#endif /* FIPS v2 */
|
||||||
#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
|
#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
|
||||||
|
|
|
||||||
|
|
@ -117,6 +117,18 @@
|
||||||
<OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
|
<OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
|
||||||
<IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
|
<IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
|
||||||
|
<LinkIncremental>false</LinkIncremental>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
|
||||||
|
<LinkIncremental>false</LinkIncremental>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
|
||||||
|
<LinkIncremental>false</LinkIncremental>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
|
||||||
|
<LinkIncremental>false</LinkIncremental>
|
||||||
|
</PropertyGroup>
|
||||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||||
<ClCompile>
|
<ClCompile>
|
||||||
<Optimization>Disabled</Optimization>
|
<Optimization>Disabled</Optimization>
|
||||||
|
|
@ -146,6 +158,7 @@
|
||||||
<BaseAddress>0x5A000000</BaseAddress>
|
<BaseAddress>0x5A000000</BaseAddress>
|
||||||
<RandomizedBaseAddress>false</RandomizedBaseAddress>
|
<RandomizedBaseAddress>false</RandomizedBaseAddress>
|
||||||
<DataExecutionPrevention>false</DataExecutionPrevention>
|
<DataExecutionPrevention>false</DataExecutionPrevention>
|
||||||
|
<FixedBaseAddress>true</FixedBaseAddress>
|
||||||
</Link>
|
</Link>
|
||||||
</ItemDefinitionGroup>
|
</ItemDefinitionGroup>
|
||||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||||
|
|
@ -206,6 +219,7 @@
|
||||||
<AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
<AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||||
<RandomizedBaseAddress>false</RandomizedBaseAddress>
|
<RandomizedBaseAddress>false</RandomizedBaseAddress>
|
||||||
<BaseAddress>0x5A000000</BaseAddress>
|
<BaseAddress>0x5A000000</BaseAddress>
|
||||||
|
<FixedBaseAddress>true</FixedBaseAddress>
|
||||||
</Link>
|
</Link>
|
||||||
</ItemDefinitionGroup>
|
</ItemDefinitionGroup>
|
||||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue