wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

update WIN IDE readme

Browse Source
This commit is contained in:
John Safranek
2015-07-23 15:27:46 -07:00
parent 5fe7a1b89a
commit 03a50c128a
1 changed files with 35 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
IDE/WIN/README.txt
View File

@@ -3,10 +3,11 @@
First, if you did not get the FIPS files with your archive, you must contact First, if you did not get the FIPS files with your archive, you must contact
wolfSSL to obtain them. wolfSSL to obtain them.
# Building the wolfssl-fips project # Building the wolfssl-fips project
The wolfCrypt FIPS library for Windows is a part of the wolfSSL library. It The wolfCrypt FIPS library for Windows is a part of the wolfSSL library. It
must be built as a static library. must be built as a static library, for the moment.
The library project is built with Whole Program Optimization disabled. This is The library project is built with Whole Program Optimization disabled. This is
required so that necessary components of the library are not optimized away. required so that necessary components of the library are not optimized away.
@@ -20,15 +21,18 @@ section names start with ".fipsB$". Each subsection has a letter to organize
them in a secific order. This specific ordering puts marker functions and them in a secific order. This specific ordering puts marker functions and
constants on either end of the boundary so it can be hashed. constants on either end of the boundary so it can be hashed.
# In Core Memory Test # In Core Memory Test
The In Core Memory test calculates a checksum (HMAC-SHA256) of the wolfCrypt The In Core Memory test calculates a checksum (HMAC-SHA256) of the wolfCrypt
FIPS library code and constant data and compares it with a known value in FIPS library code and constant data and compares it with a known value in
the code. the code.
The Randomized Base Address setting doesn't cause any problems because The Randomized Base Address setting needs to be disabled on the 32-bit builds
(I believe) that the addrsses in the executable are all offsets from the base but can be enabled on the 64-bit builds. In the 32-bit mode the addresses
rather than absolute addresses. being different throws off the in-core memory calculation. It looks like in
64-bit mode the library uses all offsets, so the core hash calculation
is the same every time.
The "verifyCore" check value in the source fips_test.c needs to be updated when The "verifyCore" check value in the source fips_test.c needs to be updated when
building the code. The POS performs this check and the default failure callback building the code. The POS performs this check and the default failure callback
@@ -36,3 +40,30 @@ will print out the calculated checksum. When developing your code, copy this
value and paste it back into your code in the verifyCore initializer then value and paste it back into your code in the verifyCore initializer then
rebuild the code. When statically linking, you may have to recalculate your rebuild the code. When statically linking, you may have to recalculate your
check value when changing your application. check value when changing your application.
# Build Options
The default build options should be the proper default set of options:
* HAVE_FIPS
* HAVE_THREAD_LS
* HAVE_AESGCM
* HAVE_HASHDRBG
* WOLFSSL_SHA384
* WOLFSSL_SHA512
* NO_HC128
* NO_RC4
* NO_RABBIT
* NO_DSA
* NO_MD4
The "NO" options explicitly disable algorithms that are not allowed in
FIPS mode.
Additionally one may enable:
* HAVE_ECC
* OPENSSL_EXTRA
* WOLFSSL_KEY_GEN