You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: IDE/WIN/README.txt
+10-8Lines changed: 10 additions & 8 deletions
Original file line number
Diff line number
Diff line change
@@ -3,7 +3,7 @@
3
3
First, if you did not get the FIPS files with your archive, you must contact
4
4
wolfSSL to obtain them.
5
5
6
-
The IDE/WIN/wolfssl-fips.sln solution is for the original FIPS #2425 certificate.
6
+
The IDE/WIN/wolfssl-fips.sln solution is for the original FIPS #2425 certificate.
7
7
See IDE/WIN10/wolfssl-fips.sln for the FIPS v2 #3389 or later Visual Studio solution.
8
8
9
9
# Building the wolfssl-fips project
@@ -30,11 +30,13 @@ The In Core Memory test calculates a checksum (HMAC-SHA256) of the wolfCrypt
30
30
FIPS library code and constant data and compares it with a known value in
31
31
the code.
32
32
33
-
The Randomized Base Address setting needs to be disabled on the 32-bit builds
34
-
but can be enabled on the 64-bit builds. In the 32-bit mode the addresses
35
-
being different throws off the in-core memory calculation. It looks like in
36
-
64-bit mode the library uses all offsets, so the core hash calculation
37
-
is the same every time.
33
+
The following wolfCrypt FIPS project linker settings are required for the DLL Win32 configuration:
34
+
1) The [Randomized Base Address setting (ASLR)](https://learn.microsoft.com/en-us/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=msvc-170)
35
+
needs to be disabled on all builds as the feature throws off the in-core memory calculation causing the test to fail.
36
+
2) The [Incremental Link](https://learn.microsoft.com/en-us/cpp/build/reference/incremental-link-incrementally?view=msvc-170)
37
+
option need turned off so function pointers go to actual code, not a jump instruction.
38
+
3) The [FixedBaseAddress](https://learn.microsoft.com/en-us/cpp/build/reference/fixed-fixed-base-address?view=msvc-170)
39
+
option to YES, which disables the support for ASLR.
38
40
39
41
The "verifyCore" check value in the source fips_test.c needs to be updated when
40
42
building the code. The POS performs this check and the default failure callback
@@ -71,13 +73,13 @@ These settings are defined in IDE/WIN/user_settings.h.
71
73
72
74
# Notes on enabling DTLS including DTLS version 1.3
73
75
74
-
The file IDE/WIN/user_settings_dtls.h contains the needed build options for
76
+
The file IDE/WIN/user_settings_dtls.h contains the needed build options for
75
77
enabling DTLS and DTLS version 1.3.
76
78
77
79
To incorporate the build options:
78
80
79
81
* Rename IDE/WIN/user_settings.h to IDE/WIN/user_settings.h.bak
80
82
* Rename IDE/WIN/user_settings_dtls.h to IDE/WIN/user_settings.h
81
-
83
+
82
84
Alternatively, copy the DTLS labeled section from IDE/WIN/user_settings_dtls.h
Copy file name to clipboardExpand all lines: IDE/WIN10/README.txt
+7-3Lines changed: 7 additions & 3 deletions
Original file line number
Diff line number
Diff line change
@@ -29,8 +29,13 @@ The In Core Memory test calculates a checksum (HMAC-SHA256) of the wolfCrypt
29
29
FIPS library code and constant data and compares it with a known value in
30
30
the code.
31
31
32
-
The Randomized Base Address setting needs to be disabled on all builds as the
33
-
feature throws off the in-core memory calculation causing the test to fail.
32
+
The following wolfCrypt FIPS project linker settings are required for the DLL Win32 configuration:
33
+
1) The [Randomized Base Address setting (ASLR)](https://learn.microsoft.com/en-us/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=msvc-170)
34
+
needs to be disabled on all builds as the feature throws off the in-core memory calculation causing the test to fail.
35
+
2) The [Incremental Link](https://learn.microsoft.com/en-us/cpp/build/reference/incremental-link-incrementally?view=msvc-170)
36
+
option need turned off so function pointers go to actual code, not a jump instruction.
37
+
3) The [FixedBaseAddress](https://learn.microsoft.com/en-us/cpp/build/reference/fixed-fixed-base-address?view=msvc-170)
38
+
option to YES, which disables the support for ASLR.
34
39
35
40
The "verifyCore" check value in the source fips_test.c needs to be updated when
36
41
building the code. The POS performs this check and the default failure callback
@@ -39,7 +44,6 @@ value and paste it back into your code in the verifyCore initializer then
39
44
rebuild the code. When statically linking, you may have to recalculate your
40
45
check value when changing your application.
41
46
42
-
43
47
# Build Options
44
48
45
49
The default build options should be the proper default set of options:
0 commit comments