diff options
Diffstat (limited to 'client/wolfssl/IDE/WIN/README.txt')
| -rw-r--r-- | client/wolfssl/IDE/WIN/README.txt | 70 |
1 files changed, 0 insertions, 70 deletions
diff --git a/client/wolfssl/IDE/WIN/README.txt b/client/wolfssl/IDE/WIN/README.txt deleted file mode 100644 index c748bc5..0000000 --- a/client/wolfssl/IDE/WIN/README.txt +++ /dev/null @@ -1,70 +0,0 @@ -# Notes on the wolfssl-fips project - -First, if you did not get the FIPS files with your archive, you must contact -wolfSSL to obtain them. - - -# Building the wolfssl-fips project - -The wolfCrypt FIPS library for Windows is a part of the wolfSSL library. It -must be built as a static library, for the moment. - -The library project is built with Whole Program Optimization disabled. This is -required so that necessary components of the library are not optimized away. -There are two functions added to the library that are used as markers in -memory for the in-core memory check of the code. WPO consolidates them into a -single function. WPO also optimizes away the automatic FIPS entry function. - -Each of the source files inside the FIPS boundary defines their own code and -constant section. The code section names start with ".fipsA$" and the constant -section names start with ".fipsB$". Each subsection has a letter to organize -them in a specific order. This specific ordering puts marker functions and -constants on either end of the boundary so it can be hashed. - - -# In Core Memory Test - -The In Core Memory test calculates a checksum (HMAC-SHA256) of the wolfCrypt -FIPS library code and constant data and compares it with a known value in -the code. - -The Randomized Base Address setting needs to be disabled on the 32-bit builds -but can be enabled on the 64-bit builds. In the 32-bit mode the addresses -being different throws off the in-core memory calculation. It looks like in -64-bit mode the library uses all offsets, so the core hash calculation -is the same every time. - -The "verifyCore" check value in the source fips_test.c needs to be updated when -building the code. The POS performs this check and the default failure callback -will print out the calculated checksum. When developing your code, copy this -value and paste it back into your code in the verifyCore initializer then -rebuild the code. When statically linking, you may have to recalculate your -check value when changing your application. - - -# Build Options - -The default build options should be the proper default set of options: - - * HAVE_FIPS - * HAVE_THREAD_LS - * HAVE_AESGCM - * HAVE_HASHDRBG - * WOLFSSL_SHA384 - * WOLFSSL_SHA512 - * NO_HC128 - * NO_RC4 - * NO_RABBIT - * NO_DSA - * NO_MD4 - -The "NO" options explicitly disable algorithms that are not allowed in -FIPS mode. - -Additionally one may enable: - - * HAVE_ECC - * OPENSSL_EXTRA - * WOLFSSL_KEY_GEN - -These settings are defined in IDE/WIN/user_settings.h. |