1 Reply by sahl.john

(3 replies, posted in wolfSSL)

It appears that when running testsuite during "make check", it's hitting this error in wolfcrypt/src/ecc.c:

#ifdef ECC_TIMING_RESISTANT
       if (private_key->rng == NULL) {
            err = MISSING_RNG_E;
        }
#endif

I *am* running with timing resistance (I believe --enable-harden turns that on), but I don't understand what would cause the test to try to run w/o providing an RNG to the private_key struct...

Go to forum: wolfSSL

2 Topic by sahl.john

(3 replies, posted in wolfSSL)

I am trying to configure & install wolfssl-4.7.0-gplv3-fips-ready

Configure script seemed to run OK, I then did make, followed by "make check". Initial run of "make check" failed (expected) and then I updated verifyCore in fips_test.c as directed in test-suite.log

I then re-ran make and "make check". Check failed again with the error "ecc_test_curve_size 24 failed!: -9917"

There are subsequent "RNG required but not provided" errors in test-suite.log

I'm at a loss as to what's going on. Any ideas? configure script output is attached in case it's helpful to know what config options were used.

Go to forum: wolfSSL

3 Reply by sahl.john

(3 replies, posted in General Inquiries)

I know this is an old thread, but follow up question:

Once the shared secret is created, how do you encrypt/decrypt with the wolfssl api?

Go to forum: General Inquiries

4 Reply by sahl.john

(3 replies, posted in wolfSSL)

I get the same error message even with --enable-harden

I used these options for configure:

./configure --enable-fips=v2 --enable-harden --enable-keygen

But I get this when I build my application:

/usr/local/include/wolfssl/wolfcrypt/settings.h:2060:14: error: #warning "For timing resistance / side-channel attack prevention consider using harden options" [-Werror=cpp]
             #warning "For timing resistance / side-channel attack prevention consider using harden options"
              ^~~~~~~

Go to forum: wolfSSL