Topic: Random test failed ! in wolfssl-fips-ready v5.5.0
- I built it successfully, but when i ran the test. It always failed. Please support to me. Thanks
You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → wolfCrypt → Random test failed ! in wolfssl-fips-ready v5.5.0
- I built it successfully, but when i ran the test. It always failed. Please support to me. Thanks
Hi karikjame2021,
This is most likely caused by an outdated FIPS hash, you will need to update your FIPS hash and rebuild. The easiest way to do this is to run the script "fips-hash.sh" in the root of your wolfSSL directory.
You will need to register our FIPS seed callback in your application with the following code:
#ifdef WC_RNG_SEED_CB
wc_SetSeed_Cb(wc_GenerateSeed);
#endif
Thanks,
Kareem
Hi karikjame2021,
In addition to the above, you will need to register a FIPS hash callback in your application. See below for how to register this. Note that our test suite already has its own FIPS hash callback.
#ifdef HAVE_FIPS
wolfCrypt_SetCb_fips(myFipsCb);
#endif
#ifdef HAVE_FIPS
#include <wolfssl/wolfcrypt/fips_test.h>
static void myFipsCb(int ok, int err, const char* hash)
{
printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
printf("message = %s\n", wc_GetErrorString(err));
printf("hash = %s\n", hash);
if (err == IN_CORE_FIPS_E) {
printf("In core integrity hash check failure, copy above hash\n");
printf("into verifyCore[] in fips_test.c and rebuild\n");
}
}
#endif
May I ask where you are located, and if this is for a commercial project? Feel free to reach out to us at support [AT] wolfssl [DOT] com if this is sensitive information.
Thanks,
Kareem
thanks for reply. I met it when run testsuite. I try to set new hash to fips_test.c and rebuild but no luckly. I want to try first before I can ask my company buy it
Is your FIPS hash unstable? Is it changing after you change it in fips_test.c and rebuild?
If so, make sure you are linking wolfCrypt FIPS in the right order, see our linker script here for an example: https://github.com/wolfSSL/wolfssl/blob … er_fips.ld Specifically, wolfcrypt_first.o needs to come first, then the FIPS objects, and lastly wolfcrypt_last.o.
"Is it changing after you change it in fips_test.c and rebuild?" => no change when I rebuilt .
"Is your FIPS hash unstable?" => what it mean ?
wolfSSL - Embedded SSL Library → wolfCrypt → Random test failed ! in wolfssl-fips-ready v5.5.0
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.068 seconds (93% PHP - 7% DB) with 11 queries