26

(14 replies, posted in wolfSSL)

I was need to add -I/usr/include

and right now it failing


configure:42424: x86_64-w64-mingw32-gcc -c -DWOLFSSL_LOG_PRINTF -DWOLFSSL_PUBLIC_MP -DHAVE_EX_DATA -DFP_MAX_BITS=8192   -Wno-pragmas -Wall -Wextra -Wunknown-pragmas --param=ssp-buffer-size=1 -Waddress -Warray-bounds -Wbad-function-cast -Wchar-subscripts -Wcomment -Wfloat-equal -Wformat-security -Wformat=2 -Wmaybe-uninitialized -Wmissing-field-initializers -Wmissing-noreturn -Wmissing-prototypes -Wnested-externs -Wnormalized=id -Woverride-init -Wpointer-arith -Wpointer-sign -Wshadow -Wsign-compare -Wstrict-overflow=1 -Wstrict-prototypes -Wswitch-enum -Wundef -Wunused -Wunused-result -Wunused-variable -Wwrite-strings -fwrapv -DHAVE_CONFIG_H -I. -I. -I/usr/include conftest.c >&5
In file included from ./wolfssl/openssl/aes.h:32,
                 from conftest.c:63:
./wolfssl/wolfcrypt/settings.h:3086:10: error: #error "FFDHE parameters are too large for FP_MAX_BIT as set"
 3086 |         #error "FFDHE parameters are too large for FP_MAX_BIT as set"

27

(14 replies, posted in wolfSSL)

I added --enable-reproducible-build
And error is more clear right now.

configure: ---
configure: Running make clean...
configure: error: Header file inconsistency detected -- error including wolfssl/openssl/aes.h.
make: *** [Makefile:5403: config.status] Error 1
configure: ---
configure: Generating user options header...
checking for wolfssl/openssl/aes.h... cat: confdefs.h: No such file or directory
no
configure: error: Header file inconsistency detected -- error including wolfssl/openssl/aes.h.

config.log

configure:10110: checking for dlfcn.h
configure:10110: x86_64-w64-mingw32-gcc -c -DWOLFSSL_LOG_PRINTF -DWOLFSSL_PUBLIC_MP -DHAVE_EX_DATA -DFP_MAX_BITS=8192    conftest.c >&5
conftest.c:48:10: fatal error: dlfcn.h: No such file or directory
   48 | #include <dlfcn.h>
      |          ^~~~~~~~~
compilation terminated.
configure:10110: $? = 1
configure: failed program was:
| /* confdefs.h */
| #define PACKAGE_NAME "wolfssl"
| #define PACKAGE_TARNAME "wolfssl"
| #define PACKAGE_VERSION "5.7.4"
| #define PACKAGE_STRING "wolfssl 5.7.4"
| #define PACKAGE_BUGREPORT "https://github.com/wolfssl/wolfssl/issues"
| #define PACKAGE_URL "https://www.wolfssl.com"
| #define HAVE_STDIO_H 1
| #define HAVE_STDLIB_H 1
| #define HAVE_STRING_H 1
| #define HAVE_INTTYPES_H 1
| #define HAVE_STDINT_H 1
| #define HAVE_STRINGS_H 1
| #define HAVE_SYS_STAT_H 1
| #define HAVE_SYS_TYPES_H 1
| #define HAVE_UNISTD_H 1
| #define STDC_HEADERS 1
| /* end confdefs.h.  */
| #include <stddef.h>

28

(14 replies, posted in wolfSSL)

I added --enable-reproducible-build
And error is more clear right now.

configure: ---
configure: Running make clean...
configure: error: Header file inconsistency detected -- error including wolfssl/openssl/aes.h.
make: *** [Makefile:5403: config.status] Error 1
configure: ---
configure: Generating user options header...
checking for wolfssl/openssl/aes.h... cat: confdefs.h: No such file or directory
no
configure: error: Header file inconsistency detected -- error including wolfssl/openssl/aes.h.

29

(14 replies, posted in wolfSSL)

After I removed --enable-dtls option and tried run configure on fresh source it start failing with same error without make any changes in configure options.
I need suggestion how to make it consistent.


configure: Running make clean...
configure: ---
configure: Generating user options header...
checking for wolfssl/openssl/aes.h... no
configure: error: Header file inconsistency detected -- error including wolfssl/openssl/aes.h.

30

(14 replies, posted in wolfSSL)

I removed --enable-dtls and configure completes OK with --enable-fips=ready.
But make quits


---
./configure flags: --host=x86_64-w64-mingw32 --enable-keygen --enable-rsapss --enable-certgen --enable-certreq --enable-certext --enable-sessioncerts --enable-crl --enable-ocsp --enable-secure-renegotiation --enable-strongswan 'CFLAGS=-DWOLFSSL_LOG_PRINTF -DWOLFSSL_PUBLIC_MP -DHAVE_EX_DATA -DFP_MAX_BITS=8192' --enable-ed25519 --enable-curve25519 --enable-fips=ready --prefix=/home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready/wolfssl-fips-build --enable-ecc --disable-fpecc --disable-aligndata --disable-static --disable-jni --disable-crl-monitor --disable-examples host_alias=x86_64-w64-mingw32
---
Note: Make sure your application includes "wolfssl/options.h" before any other wolfSSL headers.
      You can define "WOLFSSL_USE_OPTIONS_H" in your application to include this automatically.


volga629@Desktop MSYS ~/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready
$ make -j4
make -j9  all-recursive
make[1]: Entering directory '/home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready'
make[1]: warning: -j9 forced in submake: resetting jobserver mode.
make[2]: Entering directory '/home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready'
make[2]: warning: -j9 forced in submake: resetting jobserver mode.
  CC       wolfcrypt/src/src_libwolfssl_la-fips.lo
  CC       wolfcrypt/src/src_libwolfssl_la-fips_test.lo
  CC       wolfcrypt/test/test.o
wolfcrypt/src/fips.c:33: warning: ignoring '#pragma code_seg ' [-Wunknown-pragmas]
   33 |     #pragma code_seg(".fipsA$o")
      |
wolfcrypt/src/fips.c:34: warning: ignoring '#pragma const_seg ' [-Wunknown-pragmas]
   34 |     #pragma const_seg(".fipsB$o")
      |
  CC       wolfcrypt/benchmark/benchmark.o
wolfcrypt/src/fips.c:138: warning: ignoring '#pragma section ' [-Wunknown-pragmas]
  138 |     #pragma section(".CRT$XCU",read)
      |
wolfcrypt/test/test.c:941:29: error: static declaration of 'wc_AesNew' follows non-static declaration
  941 | static WC_MAYBE_UNUSED Aes* wc_AesNew(void* heap, int thisDevId, int *result_code)
      |                             ^~~~~~~~~
In file included from wolfcrypt/test/test.c:275:
./wolfssl/wolfcrypt/aes.h:731:18: note: previous declaration of 'wc_AesNew' with type 'Aes *(void *, int,  int *)'
  731 | WOLFSSL_API Aes* wc_AesNew(void* heap, int devId, int *result_code);
      |                  ^~~~~~~~~
wolfcrypt/test/test.c:961:28: error: static declaration of 'wc_AesDelete' follows non-static declaration
  961 | static WC_MAYBE_UNUSED int wc_AesDelete(Aes *aes, Aes** aes_p)
      |                              CC       wolfcrypt/src/src_libwolfssl_la-wolfcrypt_first.lo
^~~~~~~~~~~~
wolfcrypt/src/fips_test.c:58: ./wolfssl/wolfcrypt/aes.h:732:17:warning:            note:                                           ' [                                          ]  CC       wolfcrypt/src/src_libwolfssl_la-hmac.lo

   58 | #pragma code_seg(".fipsA$p")
      |
int(Aes *, Aes **)'
  732 | WOLFSSL_API int wolfcrypt/src/fips_test.c:59: wc_AesDeletewarning: (Aes* aes, Aes** aes_p);
      |                 ignoring '^~~~~~~~~~~~#pragma const_seg
' [                             -Wunknown-pragmas ]
   59 | #pragma const_seg(".fipsB$p")
      |
error: static declaration of 'wc_NewRsaKey' follows non-static declaration
  974 | static WC_MAYBE_UNUSED RsaKey* wc_NewRsaKey(void* heap, int thisDevId, int *result_code)
      |                                ^~~~~~~~~~~~
In file included from wolfcrypt/test/test.c:273:
./wolfssl/wolfcrypt/rsa.h:299:21: note: previous declaration of '  CC       wolfcrypt/src/src_libwolfssl_la-random.lo
  CC       wolfcrypt/src/src_libwolfssl_la-sha256.lo
                                        wolfcrypt/src/fips_test.c:' with type '  In function '                             error:                      '
  299 | WOLFSSL_API RsaKey* '':
wc_NewRsaKey                                                         (void* heap, int devId, int *result_code);
      |                     ' undeclared here (not in a function)
  165 | static char base16_h     ^~~~~~~~~~~~                                   CC       wolfcrypt/src/src_libwolfssl_la-rsa.lo

*2+1]; /* calculated hash */
                                implicit declaration of function '                             ^~~~~~~~~~~~~~~~~~~~~~~~
'; did you mean '                                                 static declaration of ''? [ wc_DeleteRsaKey-Wimplicit-function-declarationwarning: ' follows non-static declaration
  994 | static WC_MAYBE_UNUSED int ]
 1288 |          wc_DeleteRsaKeywc_ecc_sign_set_kallocate(RsaKey* key, RsaKey** key_p)
      |                            (k, (word32)sizeof(k), ecc);
      |                                        ^~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~-Wattributes

      |         ]
  870 |                                  wc_ecc_sig_sizeINITIALIZER
(fipsEntry)
        note: wolfcrypt/src/fips_test.c:1288:9:^~~~~~~~~~~
                                     nested extern declaration of '                                         '
  300 | WOLFSSL_API int  ' [wolfcrypt/src/fips.c:932:13:                                (RsaKey* key, RsaKey** key_p);
      |                  ]
warning: ^~~~~~~~~~~~~~~no previous prototype for '
                                  At top level:
' [wolfcrypt/src/fips_test.c:1929:-Wmissing-prototypes ]
  932 | BOOL WINAPI warning: DllMainignoring '( HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved )
      |             #pragma warning ^~~~~~~' [
-Wunknown-pragmas]
 1929 |     #pragma warning(push)
      |
wolfcrypt/src/fips_test.c:1930: wolfcrypt/src/fips.c:warning:  In function 'ignoring 'wc_RsaSSL_Sign_fips#pragma warning ':
' [wolfcrypt/src/fips.c:3621:26:-Wunknown-pragmas ]
 1930 |     #pragma warning(disable:4054 4305 4311)
      |
error:                           '              WC_RSA_FIPS_SIG_MINwolfCrypt_FIPS_sanity' undeclared (first use in this function)
 3621 |     if (ret > 0 && ret < ':
WC_RSA_FIPS_SIG_MIN) {
      |                          wolfcrypt/src/fips_test.c:1993:9:^~~~~~~~~~~~~~~~~~~
warning: wolfcrypt/src/fips.c:3621:26:cast from pointer to integer of different size [ -Wpointer-to-int-castnote: ]
 1993 |     if (each undeclared identifier is reported only once for each function it appears in
(unsigned long)stxt > (unsigned long)chktxt ||
      |         ^
wolfcrypt/src/fips.c:wolfcrypt/src/fips_test.c:1993:31: In function ' wc_RsaPSS_Sign_fipswarning: ':
cast from pointer to integer of different size [-Wpointer-to-int-castwolfcrypt/src/fips.c:3686:26:]
 1993 |     if ((unsigned long)stxt >  (error: unsigned long)chktxt ||
      |                               '^WC_RSA_FIPS_SIG_MIN
' undeclared (first use in this function)
 3686 |     if (ret > 0 && ret < WC_RSA_FIPS_SIG_MINwolfcrypt/src/fips_test.c:1994:9:) {
      |                           ^~~~~~~~~~~~~~~~~~~warning:
cast from pointer to integer of different size [-Wpointer-to-int-castwolfcrypt/src/fips.c:]
 1994 |                       (wc_RsaPSS_SignEx_fipsunsigned long)etxt < (unsigned long)chktxt) {
      |         ':
^
wolfcrypt/src/fips.c:3717:26: wolfcrypt/src/fips_test.c:1994:31:error:   warning: WC_RSA_FIPS_SIG_MINcast from pointer to integer of different size [' undeclared (first use in this function)
 3717 |     if (ret > 0 && ret < -Wpointer-to-int-castWC_RSA_FIPS_SIG_MIN]
 1994 |         (unsigned long)etxt < ) {
      |                          (^~~~~~~~~~~~~~~~~~~unsigned long)chktxt) {
      |
^
wolfcrypt/src/fips_test.c:2005:9: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2005 |     if ((unsigned long)sro > (unsigned long)chkro ||
      |         ^
wolfcrypt/src/fips.c:wolfcrypt/src/fips_test.c:2005:30: In function ' wc_MakeRsaKey_fipswarning: ':
cast from pointer to integer of different size [wolfcrypt/src/fips.c:3933:16:-Wpointer-to-int-cast ]
 2005 |     if ((unsigned long)sro > error: ('unsigned long)chkro ||
      |                              WC_RSA_FIPS_GEN_MIN^' undeclared (first use in this function)
 3933 |     if (size <
WC_RSA_FIPS_GEN_MINwolfcrypt/src/fips_test.c:2006:9:)
      |                 ^~~~~~~~~~~~~~~~~~~warning:
cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2006 |         wolfcrypt/src/fips.c:( In function 'unsigned long)ero < (unsigned long)chkro) {
      |         wc_ecc_make_key_fips^':

wolfcrypt/src/fips.c:4092:19:wolfcrypt/src/fips_test.c:2006:30:  error: warning: '                                                WC_ECC_FIPS_GEN_MIN                     ' undeclared (first use in this function)
 4092 |     if (keysize < ]
 2006 |         (unsigned long)ero <                     )
      |                   unsigned long)chkro) {
      |

wolfcrypt/src/fips.c:              wolfcrypt/src/fips_test.c:wc_ecc_make_key_ex_fips In function '':
DoInCoreCheck':
wolfcrypt/src/fips.c:4110:19: wolfcrypt/src/fips_test.c:2025:19:error:   error: WC_ECC_FIPS_GEN_MIN ' undeclared (first use in this function)
 4110 |     if (keysize <                                                                                                     ) {
      |                                                         '?
 2025 |     byte     hash[
wolfcrypt/src/wolfcrypt_first.c:34: FIPS_IN_CORE_DIGEST_SIZEwarning: ignoring '#pragma code_seg ' [-Wunknown-pragmas]
   34 |     #pragma code_seg(".fipsA$a")
      |
wolfcrypt/src/wolfcrypt_first.c:35: warning: ignoring '#pragma const_seg ' [-Wunknown-pragmas]
   35 |     #pragma const_seg(".fipsB$a")
      |
];
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~wolfcrypt/src/fips.c:
      |                    In function 'FIPS_HMAC_DIGEST_SZwc_ecc_make_key_ex2_fips
':
wolfcrypt/src/fips_test.c:2025:19:wolfcrypt/src/fips.c:4238:19:  note: error: each undeclared identifier is reported only once for each function it appears in
'WC_ECC_FIPS_GEN_MINwolfcrypt/src/fips_test.c:2026:26:' undeclared (first use in this function)
 4238 |     if (keysize <  WC_ECC_FIPS_GEN_MINerror: )
      |                   '^~~~~~~~~~~~~~~~~~~FIPS_IN_CORE_KEY_SZ
' undeclared (first use in this function); did you mean 'FIPS_HMAC_KEY_SZ'?
 2026 |     byte     binCoreKey [                                                      ];
      |                                                                       ':

      |                          FIPS_HMAC_KEY_SZ
wolfcrypt/src/fips.c:1084:1:wolfcrypt/src/hmac.c:38:                                                              warning:                                                      ignoring '         -Wreturn-typeerror:                            ]
 1084 | '                    }                      -Wunknown-pragmas
      |    ' undeclared (first use in this function)
 2027 |     byte     binVerify  []
   38 |         #pragma code_seg(".fipsA$g")
      |
 -Wunknown-pragmas
wolfcrypt/src/hmac.c:39:]
   74 |         #pragma code_seg(".fipsA$l")
      |
];
                                  wolfcrypt/src/fips.c:
 ignoring '                                                            ':
                                 ignoring '' [                   wolfcrypt/src/fips.c:1091:1:-Wunknown-pragmaswarning: ' [ ]
   39 |         #pragma const_seg(".fipsB$g")
      |
                                                -Wunknown-pragmaswarning: -Wpointer-to-int-cast]
   75 |         #pragma const_seg(".fipsB$l")
      |
control reaches end of non-void function []
 2045 |     if (-Wreturn-type(]
 1091 | unsigned long) last <= (unsigned long) first)
      |          wolfcrypt/src/random.c:53:
      |
^warning: wolfcrypt/src/fips_test.c:2045:33:ignoring '
 #pragma code_seg warning: ' [                                                                       -Wunknown-pragmas -Wpointer-to-int-cast]
   53 |         #pragma code_seg(".fipsA$i")
      |
warning: ]
 2045 |     if ((unsigned long) last <=           wolfcrypt/src/random.c:54:                   unsigned long) first)
      |                                    warning: ^-Wunknown-pragmasignoring '
]
   43 |                #pragma code_seg(".fipsA$j")
      |
                                                   wolfcrypt/src/rsa.c:44:' [  -Wunknown-pragmaswarning: warning: ]
   54 |         #pragma const_seg(".fipsB$i")
      |
cast from pointer to integer of different size [ignoring '-Wpointer-to-int-castwolfcrypt/src/fips.c:#pragma const_seg ]
 2049 |     if ( At top level:
   (-Wunknown-pragmaswolfcrypt/src/fips.c:165:13:unsigned long) end <= (unsigned long) start)
      |         ]
   44 |                #pragma const_seg(".fipsB$j")
      |
 ^warning:
'                                              ' defined but not used [                                                                          ]
  165 | static char -Wpointer-to-int-cast           ]
 2049 |     if ((unsigned long) end <= [FIPS_IN_CORE_DIGEST_SIZE*2+1]; /* calculated hash */
      |              ^~~~~~~~~~~
unsigned long) start)
      |                                ^
  CC       wolfcrypt/src/src_libwolfssl_la-ecc.lo
wolfcrypt/src/fips_test.c:2054:44: make[2]: *** [Makefile:7328: wolfcrypt/src/src_libwolfssl_la-fips.lo] Error 1
make[2]: *** Waiting for unfinished jobs....
error:   CC       wolfcrypt/src/src_libwolfssl_la-aes.lo
'wolfCrypt_FIPS_AES_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2054 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_AES_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2055:43: error: 'wolfCrypt_FIPS_aes_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2055 |                               start, end, wolfCrypt_FIPS_aes_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2060:44: error: 'wolfCrypt_FIPS_CMAC_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2060 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_CMAC_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2061:43: error: 'wolfCrypt_FIPS_cmac_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2061 |                               start, end, wolfCrypt_FIPS_cmac_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2068:44: error: 'wolfCrypt_FIPS_DH_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2068 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_DH_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2069:43: error: 'wolfCrypt_FIPS_dh_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2069 |                               start, end, wolfCrypt_FIPS_dh_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2075:44: error: 'wolfCrypt_FIPS_ECC_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2075 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_ECC_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2076:43: error: 'wolfCrypt_FIPS_ecc_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2076 |                               start, end, wolfCrypt_FIPS_ecc_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2082:44: error: 'wolfCrypt_FIPS_ED25519_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2082 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_ED25519_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2083:43: error: 'wolfCrypt_FIPS_ed25519_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2083 |                               start, end, wolfCrypt_FIPS_ed25519_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2095:44: error: 'wolfCrypt_FIPS_HMAC_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2095 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_HMAC_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2096:43: error: 'wolfCrypt_FIPS_hmac_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2096 |                               start, end, wolfCrypt_FIPS_hmac_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2101:44: error: 'wolfCrypt_FIPS_KDF_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2101 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_KDF_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2102:43: error: 'wolfCrypt_FIPS_kdf_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2102 |                               start, end, wolfCrypt_FIPS_kdf_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2108:44: error: 'wolfCrypt_FIPS_PBKDF_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2108 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_PBKDF_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2109:43: error: 'wolfCrypt_FIPS_pbkdf_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2109 |                               start, end, wolfCrypt_FIPS_pbkdf_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/ecc.c:151: warning: ignoring '#pragma code_seg ' [-Wunknown-pragmas]
  151 |         #pragma code_seg(".fipsA$f")
      |
wolfcrypt/src/ecc.c:152: warning: ignoring '#pragma const_seg ' [-Wunknown-pragmas]
  152 |         #pragma const_seg(".fipsB$f")
      |
wolfcrypt/src/fips_test.c:2115:44: error: 'wolfCrypt_FIPS_DRBG_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2115 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_DRBG_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2116:43: error: 'wolfCrypt_FIPS_drbg_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2116 |                               start, end, wolfCrypt_FIPS_drbg_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2122:44: error: 'wolfCrypt_FIPS_RSA_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2122 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_RSA_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2123:43: error: 'wolfCrypt_FIPS_rsa_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2123 |                               start, end, wolfCrypt_FIPS_rsa_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2129:44: error: 'wolfCrypt_FIPS_SHA_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2129 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_SHA_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2130:43: error: 'wolfCrypt_FIPS_sha_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2130 |                               start, end, wolfCrypt_FIPS_sha_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2136:44: error: 'wolfCrypt_FIPS_SHA256_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2136 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_SHA256_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2137:43: error: 'wolfCrypt_FIPS_sha256_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2137 |                               start, end, wolfCrypt_FIPS_sha256_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2143:44: error: 'wolfCrypt_FIPS_SHA512_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2143 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_SHA512_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2144:43: error: 'wolfCrypt_FIPS_sha512_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2144 |                               start, end, wolfCrypt_FIPS_sha512_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanitymake[2]: *** [Makefile:7213: wolfcrypt/test/test.o] Error 1

wolfcrypt/src/ecc.c:1415:21: warning: no previous prototype for 'wc_ecc_get_sets' [-Wmissing-prototypes]
 1415 | const ecc_set_type *wc_ecc_get_sets(void) {
      |                     ^~~~~~~~~~~~~~~
wolfcrypt/src/ecc.c:1418:8: warning: no previous prototype for 'wc_ecc_get_sets_count' [-Wmissing-prototypes]
 1418 | size_t wc_ecc_get_sets_count(void) {
      |        ^~~~~~~~~~~~~~~~~~~~~
wolfcrypt/src/fips_test.c:2150:44: error: 'wolfCrypt_FIPS_SHA3_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2150 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_SHA3_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/aes.c:47: warning: ignoring '#pragma code_seg ' [-Wunknown-pragmas]
   47 |         #pragma code_seg(".fipsA$b")
      |
wolfcrypt/src/aes.c:48: warning: ignoring '#pragma const_seg ' [-Wunknown-pragmas]
   48 |         #pragma const_seg(".fipsB$b")
      |
wolfcrypt/src/fips_test.c:2151:43: error: 'wolfCrypt_FIPS_sha3_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2151 |                               start, end, wolfCrypt_FIPS_sha3_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2156:44: error: 'wolfCrypt_FIPS_FT_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2156 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_FT_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2157:43: error: 'wolfCrypt_FIPS_ft_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2157 |                               start, end, wolfCrypt_FIPS_ft_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2162:43: error: 'wolfCrypt_FIPS_f_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2162 |                               start, end, wolfCrypt_FIPS_f_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2168:15: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2168 |     code_sz = (unsigned long)last - (unsigned long)first;
      |               ^
wolfcrypt/src/fips_test.c:2168:37: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2168 |     code_sz = (unsigned long)last - (unsigned long)first;
      |                                     ^
wolfcrypt/src/fips_test.c:2169:15: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2169 |     data_sz = (unsigned long)end - (unsigned long)start;
      |               ^
wolfcrypt/src/fips_test.c:2169:36: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2169 |     data_sz = (unsigned long)end - (unsigned long)start;
      |                                    ^
wolfcrypt/src/fips_test.c:2189:37: error: 'FIPS_IN_CORE_HASH_TYPE' undeclared (first use in this function); did you mean 'FIPS_ECC_HASH_TYPE'?
 2189 |     ret = wc_HmacSetKey_fips(&hmac, FIPS_IN_CORE_HASH_TYPE,
      |                                     ^~~~~~~~~~~~~~~~~~~~~~
      |                                     FIPS_ECC_HASH_TYPE
wolfcrypt/src/fips_test.c:2199:19: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2199 |         data_sz = (unsigned long)verifyCore - (unsigned long)start;
      |                   ^
wolfcrypt/src/fips_test.c:2199:47: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2199 |         data_sz = (unsigned long)verifyCore - (unsigned long)start;
      |                                               ^
wolfcrypt/src/fips_test.c:2203:19: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2203 |         data_sz = (unsigned long)end - (unsigned long)start;
      |                   ^
wolfcrypt/src/fips_test.c:2203:40: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2203 |         data_sz = (unsigned long)end - (unsigned long)start;
      |                                        ^
wolfcrypt/src/fips_test.c:2027:14: warning: unused variable 'binVerify' [-Wunused-variable]
 2027 |     byte     binVerify  [FIPS_IN_CORE_VERIFY_SZ];
      |              ^~~~~~~~~
wolfcrypt/src/fips_test.c:2026:14: warning: unused variable 'binCoreKey' [-Wunused-variable]
 2026 |     byte     binCoreKey [FIPS_IN_CORE_KEY_SZ];
      |              ^~~~~~~~~~
wolfcrypt/src/fips_test.c:2025:14: warning: unused variable 'hash' [-Wunused-variable]
 2025 |     byte     hash[FIPS_IN_CORE_DIGEST_SIZE];
      |              ^~~~
wolfcrypt/src/fips_test.c: At top level:
wolfcrypt/src/fips_test.c:2234: warning: ignoring '#pragma warning ' [-Wunknown-pragmas]
 2234 |     #pragma warning(pop)
      |
make[2]: *** [Makefile:7335: wolfcrypt/src/src_libwolfssl_la-fips_test.lo] Error 1
make[2]: Leaving directory '/home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready'
make[1]: *** [Makefile:9026: all-recursive] Error 1
make[1]: Leaving directory '/home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready'
make: *** [Makefile:5376: all] Error 2

31

(14 replies, posted in wolfSSL)

Thank you for email reply.
I downloaded 


 wolfssl-5.7.4-gplv3-fips-ready.zip 
(SHA256: 07f3e0f7e3d3298e4007022258869eddd57053dc37bdccca6ba2f6790fe845f0)

wolfSSL FIPS Ready is our FIPS specific cryptography code base which you can enable and build into your application. This FIPS-READY version includes all of the code you need to be ready to move forward with the FIPS validation process. wolfSSL FIPS Ready supports a validated entropy source, all of the TLS 1.3 algorithms, and support for hardware encryption. Get ready for FIPS by using this download!

And this source is =ready is not working it produce error on configure

$  ./configure --host=x86_64-w64-mingw32 --enable-keygen --enable-rsapss --enable-dtls                  --enable-certgen --enable-certreq --enable-certext                      --enable-sessioncerts --enable-crl --enable-ocsp                        --enable-secure-renegotiation --enable-strongswan CFLAGS="-DWOLFSSL_STATIC_RSA -DWOLFSSL_LOG_PRINTF -DWOLFSSL_PUBLIC_MP -DHAVE_EX_DATA -DFP_MAX_BITS=8192"                    --enable-ed25519 --enable-curve25519 --enable-fips=ready  --prefix=$(pwd)/wolfssl-fips-build                   --enable-ecc                   --disable-fpecc                         --disable-aligndata                     --disable-static                        --disable-jni                   --disable-crl-monitor                   --disable-examples
configure: loading site script /etc/config.site
checking for x86_64-w64-mingw32-gcc... x86_64-w64-mingw32-gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.exe
checking for suffix of executables... .exe
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether the compiler supports GNU C... yes
checking whether x86_64-w64-mingw32-gcc accepts -g... yes
checking for x86_64-w64-mingw32-gcc option to enable C11 features... none needed
checking whether x86_64-w64-mingw32-gcc understands -c and -o together... yes
checking build system type... x86_64-pc-msys
checking host system type... x86_64-w64-mingw32
checking target system type... x86_64-w64-mingw32
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a race-free mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports the include directive... yes (GNU style)
checking whether make supports nested variables... yes
checking whether UID '1072886' is supported by ustar format... yes
checking whether GID '1049089' is supported by ustar format... yes
checking how to create a ustar tar archive... gnutar
checking dependency style of x86_64-w64-mingw32-gcc... gcc3
checking whether make supports nested variables... (cached) yes
checking how to print strings... printf
checking for a sed that does not truncate output... /usr/bin/sed
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for fgrep... /usr/bin/grep -F
checking for ld used by x86_64-w64-mingw32-gcc... C:/msys64/mingw64/x86_64-w64-mingw32/bin/ld.exe
checking if the linker (C:/msys64/mingw64/x86_64-w64-mingw32/bin/ld.exe) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... no
checking for x86_64-w64-mingw32-dumpbin... no
checking for x86_64-w64-mingw32-link... no
checking for dumpbin... no
checking for link... link -dump
checking the name lister (nm) interface... BSD nm
checking whether ln -s works... no, using cp -pR
checking the maximum length of command line arguments... 8192
checking how to convert x86_64-pc-msys file names to x86_64-w64-mingw32 format... func_convert_file_cygwin_to_w32
checking how to convert x86_64-pc-msys file names to toolchain format... func_convert_file_noop
checking for C:/msys64/mingw64/x86_64-w64-mingw32/bin/ld.exe option to reload object files... -r
checking for x86_64-w64-mingw32-file... no
checking for file... file
checking for x86_64-w64-mingw32-objdump... no
checking for objdump... objdump
checking how to recognize dependent libraries... file_magic ^x86 archive import|^x86 DLL
checking for x86_64-w64-mingw32-dlltool... no
checking for dlltool... dlltool
checking how to associate runtime and link libraries... func_cygming_dll_for_implib
checking for x86_64-w64-mingw32-ar... no
checking for ar... ar
checking for archiver @FILE support... @
checking for x86_64-w64-mingw32-strip... no
checking for strip... strip
checking for x86_64-w64-mingw32-ranlib... no
checking for ranlib... ranlib
checking command to parse nm output from x86_64-w64-mingw32-gcc object... ok
checking for sysroot... no
checking for a working dd... /usr/bin/dd
checking how to truncate binary pipes... /usr/bin/dd bs=4096 count=1
checking for x86_64-w64-mingw32-mt... no
checking for mt... no
checking if : is a manifest tool... no
checking for stdio.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for strings.h... yes
checking for sys/stat.h... yes
checking for sys/types.h... yes
checking for unistd.h... yes
checking for dlfcn.h... no
checking for x86_64-w64-mingw32-as... no
checking for as... as
checking for x86_64-w64-mingw32-dlltool... dlltool
checking for x86_64-w64-mingw32-objdump... objdump
checking for objdir... .libs
checking if x86_64-w64-mingw32-gcc supports -fno-rtti -fno-exceptions... no
checking for x86_64-w64-mingw32-gcc option to produce PIC... -DDLL_EXPORT -DPIC
checking if x86_64-w64-mingw32-gcc PIC flag -DDLL_EXPORT -DPIC works... yes
checking if x86_64-w64-mingw32-gcc static flag -static works... yes
checking if x86_64-w64-mingw32-gcc supports -c -o file.o... yes
checking if x86_64-w64-mingw32-gcc supports -c -o file.o... (cached) yes
checking whether the x86_64-w64-mingw32-gcc linker (C:/msys64/mingw64/x86_64-w64-mingw32/bin/ld.exe) supports shared libraries... yes
checking whether -lc should be explicitly linked in... yes
checking dynamic linker characteristics... Win32 ld.exe
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no
checking whether the -Werror option is usable... yes
checking for simple visibility declarations... yes
checking size of long long... 8
checking size of long... 4
checking size of time_t... 8
checking for __uint128_t... yes
checking for arpa/inet.h... no
checking for fcntl.h... yes
checking for limits.h... yes
checking for netdb.h... no
checking for netinet/in.h... no
checking for stddef.h... yes
checking for time.h... yes
checking for sys/ioctl.h... no
checking for sys/socket.h... no
checking for sys/time.h... yes
checking for errno.h... yes
checking for sys/un.h... no
checking for socket in -lnetwork... no
checking whether byte ordering is bigendian... no
checking for __atomic... yes
checking for stdatomic.h... yes
checking for gethostbyname... no
checking for getaddrinfo... no
checking for gettimeofday... yes
checking for gmtime_r... no
checking for gmtime_s... no
checking for inet_ntoa... no
checking for memset... yes
checking for socket... no
checking for strftime... yes
checking for atexit... yes
checking for x86_64-w64-mingw32-gcc options needed to detect all undeclared functions... none needed
checking whether gethostbyname is declared... no
checking whether getaddrinfo is declared... no
checking whether gettimeofday is declared... yes
checking whether gmtime_r is declared... no
checking whether gmtime_s is declared... yes
checking whether inet_ntoa is declared... no
checking whether memset is declared... yes
checking whether socket is declared... no
checking whether strftime is declared... yes
checking whether atexit is declared... yes
checking for size_t... yes
checking for uint8_t... yes
checking for uintptr_t... yes
checking dependency style of x86_64-w64-mingw32-gcc... gcc3
checking for thread local storage (TLS) class... _Thread_local
checking for debug... no
checking how to run the C preprocessor... x86_64-w64-mingw32-gcc -E
checking for egrep -e... (cached) /usr/bin/grep -E
checking whether x86_64-w64-mingw32-gcc is Clang... no
checking whether pthreads work with "-pthread" and "-lpthread"... yes
checking for joinable pthread attribute... PTHREAD_CREATE_JOINABLE
checking whether more special flags are required for pthreads... no
checking for PTHREAD_PRIO_INHERIT... yes
checking for openssl... yes
checking for cos in -lm... yes
checking for library containing gethostbyname... no
checking for library containing socket... no
checking for socket in -lsocket... no
checking for vcs system... none
checking for vcs checkout... no
checking whether the linker accepts -Werror... yes
checking whether the linker accepts -z relro -z now... no
checking whether the linker accepts -pie... yes
checking whether C compiler accepts -Werror... yes
checking whether C compiler accepts -Wno-pragmas... yes
checking whether C compiler accepts -Wall... yes
checking whether C compiler accepts -Wextra... yes
checking whether C compiler accepts -Wunknown-pragmas... yes
checking whether C compiler accepts -Wthis-test-should-fail... no
checking whether C compiler accepts --param=ssp-buffer-size=1... yes
checking whether C compiler accepts -Waddress... yes
checking whether C compiler accepts -Warray-bounds... yes
checking whether C compiler accepts -Wbad-function-cast... yes
checking whether C compiler accepts -Wchar-subscripts... yes
checking whether C compiler accepts -Wcomment... yes
checking whether C compiler accepts -Wfloat-equal... yes
checking whether C compiler accepts -Wformat-security... yes
checking whether C compiler accepts -Wformat=2... yes
checking whether C compiler accepts -Wmaybe-uninitialized... yes
checking whether C compiler accepts -Wmissing-field-initializers... yes
checking whether C compiler accepts -Wmissing-noreturn... yes
checking whether C compiler accepts -Wmissing-prototypes... yes
checking whether C compiler accepts -Wnested-externs... yes
checking whether C compiler accepts -Wnormalized=id... yes
checking whether C compiler accepts -Woverride-init... yes
checking whether C compiler accepts -Wpointer-arith... yes
checking whether C compiler accepts -Wpointer-sign... yes
checking whether C compiler accepts -Wshadow... yes
checking whether C compiler accepts -Wshorten-64-to-32... no
checking whether C compiler accepts -Wsign-compare... yes
checking whether C compiler accepts -Wstrict-overflow=1... yes
checking whether C compiler accepts -Wstrict-prototypes... yes
checking whether C compiler accepts -Wswitch-enum... yes
checking whether C compiler accepts -Wundef... yes
checking whether C compiler accepts -Wunused... yes
checking whether C compiler accepts -Wunused-result... yes
checking whether C compiler accepts -Wunused-variable... yes
checking whether C compiler accepts -Wwrite-strings... yes
checking whether C compiler accepts -fwrapv... yes
creating wolfssl-config - generic 5.7.4 for -lwolfssl -lpthread
checking the number of available CPUs... 8
configure: adding automake macro support
configure: creating aminclude.am
configure: added jobserver support to make for 9 jobs
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating stamp-h
config.status: creating Makefile
config.status: creating wolfssl/version.h
config.status: creating wolfssl/options.h
config.status: creating support/wolfssl.pc
config.status: creating debian/control
config.status: creating debian/changelog
config.status: creating rpm/spec
config.status: creating wolfcrypt/test/test_paths.h
config.status: creating scripts/unit.test
config.status: creating config.h
config.status: config.h is unchanged
config.status: executing depfiles commands
config.status: executing libtool commands
config.status: executing wolfssl/wolfcrypt/async.h commands
config.status: executing wolfssl/wolfcrypt/fips.h commands
config.status: executing wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h commands
config.status: executing wolfssl/wolfcrypt/port/intel/quickassist.h commands
config.status: executing wolfssl/wolfcrypt/port/intel/quickassist_mem.h commands
configure: ---
configure: Running make clean...
configure: ---
configure: Generating user options header...
checking for wolfssl/openssl/aes.h... no
configure: error: Header file inconsistency detected -- error including wolfssl/openssl/aes.h.

volga629@Desktop MSYS ~/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready
$

32

(14 replies, posted in wolfSSL)

--enable-fips=ready is not working only v2 option. Rest options are produce inconsistency  error

33

(14 replies, posted in wolfSSL)

Should I open report in GitHub ?
Seems like configure process completes OK
But make -j4 quits

Configuration summary for wolfssl version 5.7.4

   * Installation prefix:        /home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready/wolfssl-fips-build
   * System type:                w64-mingw32
   * Host CPU:                   x86_64
   * C Compiler:                 x86_64-w64-mingw32-gcc
   * C Flags:                    -DWOLFSSL_STATIC_RSA -DWOLFSSL_LOG_PRINTF -DWOLFSSL_PUBLIC_MP -DHAVE_EX_DATA -DFP_MAX_BITS=8192   -Wno-pragmas -Wall -Wextra -Wunknown-pragmas --param=ssp-buffer-size=1 -Waddress -Warray-bounds -Wbad-function-cast -Wchar-subscripts -Wcomment -Wfloat-equal -Wformat-security -Wformat=2 -Wmaybe-uninitialized -Wmissing-field-initializers -Wmissing-noreturn -Wmissing-prototypes -Wnested-externs -Wnormalized=id -Woverride-init -Wpointer-arith -Wpointer-sign -Wshadow -Wsign-compare -Wstrict-overflow=1 -Wstrict-prototypes -Wswitch-enum -Wundef -Wunused -Wunused-result -Wunused-variable -Wwrite-strings -fwrapv
   * C++ Compiler:
   * C++ Flags:
   * CPP Flags:
   * CCAS Flags:                 -DWOLFSSL_STATIC_RSA -DWOLFSSL_LOG_PRINTF -DWOLFSSL_PUBLIC_MP -DHAVE_EX_DATA -DFP_MAX_BITS=8192
   * LD Flags:                    -lws2_32
   * LIB Flags:                   -pie
   * Library Suffix:
   * Debug enabled:              no
   * Coverage enabled:
   * Warnings as failure:        no
   * make -j:                    9
   * VCS checkout:               no

   Features
   * Experimental settings:      Forbidden
   * FIPS:                       v2
   * Single threaded:            no
   * Filesystem:                 yes
   * OpenSSH Build:              no
   * OpenSSL Extra API:          yes
   * OpenSSL Coexist:            no
   * Old Names:                  yes
   * Max Strength Build:         no
   * Distro Build:               no
   * Reproducible Build:         yes
   * Side-channel Hardening:     yes
   * Single Precision Math:      no
   * SP implementation:          no
   * Fast Math:                  yes
   * Heap Math:                  no
   * Assembly Allowed:           yes
   * sniffer:                    no
   * snifftest:                  no
   * ARC4:                       no
   * AES:                        yes
   * AES-NI:                     no
   * AES-CBC:                    yes
   * AES-CBC length checks:      no
   * AES-GCM:                    yes
   * AES-GCM streaming:          no
   * AES-CCM:                    yes
   * AES-CTR:                    yes
   * AES-CFB:                    no
   * AES-OFB:                    no
   * AES-XTS:                    no
   * AES-XTS streaming:          no
   * AES-SIV:                    no
   * AES-EAX:                    no
   * AES Bitspliced:             no
   * AES Key Wrap:               no
   * ARIA:                       no
   * DES3:                       yes
   * DES3 TLS Suites:            no
   * Camellia:                   no
   * CUDA:                       no
   * SM4-ECB:                    no
   * SM4-CBC:                    no
   * SM4-CTR:                    no
   * SM4-GCM:                    no
   * SM4-CCM:                    no
   * NULL Cipher:                no
   * MD2:                        no
   * MD4:                        no
   * MD5:                        yes
   * RIPEMD:                     no
   * SHA:                        yes
   * SHA-224:                    yes
   * SHA-384:                    yes
   * SHA-512:                    yes
   * SHA3:                       yes
   * SHAKE128:                   no
   * SHAKE256:                   no
   * SM3:                        no
   * BLAKE2:                     no
   * BLAKE2S:                    no
   * SipHash:                    no
   * CMAC:                       yes
   * keygen:                     yes
   * acert:                      no
   * certgen:                    yes
   * certreq:                    yes
   * certext:                    yes
   * certgencache:               no
   * CHACHA:                     no
   * XCHACHA:                    no
   * Hash DRBG:                  yes
   * MmemUse Entropy:
   * (AKA: wolfEntropy):         no
   * PWDBASED:                   yes
   * Encrypted keys:             no
   * scrypt:                     no
   * wolfCrypt Only:             no
   * HKDF:                       yes
   * HPKE:                       no
   * X9.63 KDF:                  no
   * SRTP-KDF:                   no
   * PSK:                        no
   * Poly1305:                   no
   * LEANPSK:                    no
   * LEANTLS:                    no
   * RSA:                        yes
   * RSA-PSS:                    yes
   * DSA:                        no
   * DH:                         yes
   * DH Default Parameters:      yes
   * ECC:                        yes
   * ECC Custom Curves:          no
   * ECC Minimum Bits:           192
   * FPECC:                      no
   * ECC_ENCRYPT:                no
   * Brainpool:                  no
   * SM2:                        no
   * CURVE25519:                 yes
   * ED25519:                    yes
   * ED25519 streaming:          no
   * CURVE448:                   no
   * ED448:                      no
   * ED448 streaming:            no
   * LMS:                        no
   * LMS wolfSSL impl:
   * XMSS:                       no
   * XMSS wolfSSL impl:
   * KYBER:                      no
   * KYBER wolfSSL impl:         no
   * DILITHIUM:                  no
   * ECCSI                       no
   * SAKKE                       no
   * ASN:                        yes
   * Anonymous cipher:           no
   * CODING:                     yes
   * MEMORY:                     yes
   * I/O POOL:                   no
   * wolfSentry:                 no
   * LIGHTY:                     no
   * WPA Supplicant:             no
   * HAPROXY:                    no
   * STUNNEL:                    no
   * tcpdump:                    no
   * libssh2:                    no
   * ntp:                        no
   * rsyslog:                    no
   * Apache httpd:               no
   * NGINX:                      no
   * OpenResty:                  no
   * ASIO:                       no
   * LIBWEBSOCKETS:              no
   * Qt:                         no
   * Qt Unit Testing:            no
   * SIGNAL:                     no
   * chrony:                     no
   * strongSwan:                 yes
   * OpenLDAP:                   no
   * hitch:                      no
   * memcached:                  no
   * Mosquitto                   no
   * ERROR_STRINGS:              yes
   * DTLS:                       yes
   * DTLS v1.3:                  no
   * SCTP:                       no
   * SRTP:                       no
   * Indefinite Length:          no
   * Multicast:                  no
   * SSL v3.0 (Old):             no
   * TLS v1.0 (Old):             no
   * TLS v1.1 (Old):             no
   * TLS v1.2:                   yes
   * TLS v1.3:                   yes
   * RPK:                        no
   * Post-handshake Auth:        no
   * Early Data:                 no
   * QUIC:                       no
   * Send State in HRR Cookie:   undefined
   * OCSP:                       yes
   * OCSP Stapling:              no
   * OCSP Stapling v2:           no
   * CRL:                        yes
   * CRL-MONITOR:                no
   * Persistent session cache:   no
   * Persistent cert    cache:   no
   * Atomic User Record Layer:   no
   * Public Key Callbacks:       no
   * libxmss:                    no
   * liblms:                     no
   * liboqs:                     no
   * Whitewood netRandom:        no
   * Server Name Indication:     yes
   * ALPN:                       no
   * Maximum Fragment Length:    no
   * Trusted CA Indication:      no
   * Truncated HMAC:             no
   * Supported Elliptic Curves:  yes
   * FFDHE only in client:       no
   * Session Ticket:             no
   * Extended Master Secret:     yes
   * Renegotiation Indication:   no
   * Secure Renegotiation:       yes
   * Fallback SCSV:              no
   * Keying Material Exporter:   no
   * All TLS Extensions:         no
   * S/MIME:                     no
   * PKCS#7:                     no
   * PKCS#8:                     yes
   * PKCS#11:                    no
   * PKCS#12:                    yes
   * wolfSSH:                    no
   * wolfEngine:                 no
   * wolfTPM:                    no
   * wolfCLU:                    no
   * wolfSCEP:                   no
   * Secure Remote Password:     no
   * Small Stack:                no
   * Linux Kernel Module:        no
   * valgrind unit tests:        no
   * LIBZ:                       no
   * Examples:                   no
   * Crypt tests:                yes
   * Stack sizes in tests:       no
   * Heap stats in tests:        no
   * Asynchronous Crypto:        no
   * Asynchronous Crypto (sim):  no
   * Cavium Nitrox:              no
   * Cavium Octeon (Sync):       no
   * Intel Quick Assist:         no
   * ARM ASM:                    no
   * ARM ASM SHA512/SHA3 Crypto  no
   * ARM ASM SM3/SM4 Crypto      no
   * RISC-V ASM                  no
   * Write duplicate:            no
   * Xilinx Hardware Acc.:       no
   * Inline Code:                yes
   * Linux AF_ALG:               no
   * Linux KCAPI:                no
   * Linux devcrypto:            no
   * PK callbacks:               no
   * Crypto callbacks:           no
   * i.MX CAAM:                  no
   * IoT-Safe:                   no
   * IoT-Safe HWRNG:             no
   * NXP SE050:                  no
   * Maxim Integrated MAXQ10XX:  no
   * PSA:                        no
   * System CA certs:            yes
   * Dual alg cert support:      no
   * ERR Queues per Thread:      yes
   * rwlock:                     no
   * keylog export:              no
   * AutoSAR :                   no

---
./configure flags: --host=x86_64-w64-mingw32 --enable-keygen --enable-rsapss --enable-dtls --enable-certgen --enable-certreq --enable-certext --enable-sessioncerts --enable-crl --enable-ocsp --enable-secure-renegotiation --enable-strongswan 'CFLAGS=-DWOLFSSL_STATIC_RSA -DWOLFSSL_LOG_PRINTF -DWOLFSSL_PUBLIC_MP -DHAVE_EX_DATA -DFP_MAX_BITS=8192' --enable-ed25519 --enable-curve25519 --enable-fips=v2 --prefix=/home/slava.bendersky/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready/wolfssl-fips-build --enable-ecc --disable-fpecc --disable-aligndata --disable-static --disable-jni --disable-crl-monitor --disable-examples host_alias=x86_64-w64-mingw32
---
Note: Make sure your application includes "wolfssl/options.h" before any other wolfSSL headers.
      You can define "WOLFSSL_USE_OPTIONS_H" in your application to include this automatically.

slava.bendersky@VDT-SlavaB MSYS ~/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready
$ make -j4
make -j9  all-recursive
make[1]: Entering directory '/home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready'
make[1]: warning: -j9 forced in submake: resetting jobserver mode.
make[2]: Entering directory '/home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready'
make[2]: warning: -j9 forced in submake: resetting jobserver mode.
  CC       wolfcrypt/src/src_libwolfssl_la-fips.lo
  CC       wolfcrypt/src/src_libwolfssl_la-fips_test.lo
  CC       src/libwolfssl_la-crl.lo
  CC       src/libwolfssl_la-dtls.lo
  CC       wolfcrypt/test/test.o
wolfcrypt/src/fips.c:33: warning: ignoring '#pragma code_seg ' [-Wunknown-pragmas]
   33 |     #pragma code_seg(".fipsA$o")
      |
wolfcrypt/src/fips.c:34: warning: ignoring '#pragma const_seg ' [-Wunknown-pragmas]
   34 |     #pragma const_seg(".fipsB$o")
      |
wolfcrypt/test/test.c:941:29: wolfcrypt/src/fips.c:138:error:  static declaration of 'warning: wc_AesNewignoring '' follows non-static declaration
  941 | static WC_MAYBE_UNUSED Aes*                 wc_AesNewwolfcrypt/src/fips_test.c:58:' [(void* heap, int thisDevId, int *result_code)
      |                              -Wunknown-pragmas^~~~~~~~~warning: ]
  138 |     #pragma section(".CRT$XCU",read)
      |

ignoring 'In file included from                                              :
-Wunknown-pragmas./wolfssl/wolfcrypt/aes.h:731:18:]
   58 | #pragma code_seg(".fipsA$p")
      |
 note: wolfcrypt/src/fips_test.c:59:previous declaration of ' wc_AesNewwarning: ' with type 'ignoring 'Aes *(void *, int,  int *)#pragma const_seg '
  731 | WOLFSSL_API Aes* ' [wc_AesNew-Wunknown-pragmas(void* heap, int devId, int *result_code);
      |                  ]
   59 | #pragma const_seg(".fipsB$p")
      |
^~~~~~~~~
wolfcrypt/test/test.c:961:28: error: static declaration of 'wc_AesDelete' follows non-static declaration
  961 | static WC_MAYBE_UNUSED int wc_AesDelete(Aes *aes, Aes** aes_p)
      |                            ^~~~~~~~~~~~
./wolfssl/wolfcrypt/aes.h:732:17: note: previous declaration of 'wc_AesDelete' with type 'int(Aes *, Aes **)'
  732 | WOLFSSL_API int wc_AesDelete(Aes* aes, Aes** aes_p);
      |                 ^~~~~~~~~~~~
wolfcrypt/test/test.c:974:32: error: static declaration of 'wc_NewRsaKey' follows non-static declaration
  974 | static WC_MAYBE_UNUSED RsaKey* wc_NewRsaKey(void* heap, int thisDevId, int *result_code)
      |                                ^~~~~~~~~~~~
In file included from wolfcrypt/test/test.c:273:
./wolfssl/wolfcrypt/rsa.h:299:21: note: previous declaration of 'wc_NewRsaKey' with type 'RsaKey *(void *, int,  int *)'
  299 | WOLFSSL_API RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code);
      |                     ^~~~~~~~~~~~
wolfcrypt/test/test.c:994:28: error: static declaration of 'wc_DeleteRsaKey' follows non-static declaration
  994 | static WC_MAYBE_UNUSED int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p)
      |                            ^~~~~~~~~~~~~~~
./wolfssl/wolfcrypt/rsa.h:300:18: note: previous declaration of 'wc_DeleteRsaKey' with type 'int(RsaKey *, RsaKey **)'
  300 | WOLFSSL_API int  wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p);
      |                  wolfcrypt/src/fips_test.c:^~~~~~~~~~~~~~~ In function '
ECDSA_KnownAnswerTest':
wolfcrypt/src/fips_test.c:1288:9: warning: implicit declaration of function 'wc_ecc_sign_set_k'; did you mean 'wc_ecc_sig_size'? [-Wimplicit-function-declaration]
 1288 |         wc_ecc_sign_set_kwolfcrypt/src/fips.c:165:25:(k, (word32)sizeof(k), ecc);
      |
      |         '
' undeclared here (not in a function)
  165 | static char base16_hash[wolfcrypt/src/fips_test.c:1288:9:FIPS_IN_CORE_DIGEST_SIZE *2+1]; /* calculated hash */
      |                                  ^~~~~~~~~~~~~~~~~~~~~~~~
wc_ecc_sign_set_kwolfcrypt/src/fips.c:870:1:' [ -Wnested-externswarning: ]
'allocate' attribute directive ignored [-Wattributeswolfcrypt/src/fips_test.c:]
  870 |  At top level:
INITIALIZER                               (fipsEntry)
      |  ^~~~~~~~~~~warning:
ignoring '#pragma warning ' [-Wunknown-pragmas]
 1929 |     #pragma warning(push)
      |
wolfcrypt/src/fips_test.c:1930:wolfcrypt/src/fips.c:932:13:  warning: warning: ignoring '                           #pragma warning DllMain' [   -Wunknown-pragmas-Wmissing-prototypes]
 1930 |     #pragma warning(disable:4054 4305 4311)
      |
]
  932 | BOOL WINAPI                                                ( HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved )
      |                                  ^~~~~~~':

wolfcrypt/src/fips_test.c:1993:9: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 1993 |     if ((unsigned long)stxt > (unsigned long)chktxt ||
      |         ^
wolfcrypt/src/fips_test.c:1993:31: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 1993 |     if ((unsigned long)stxt > (unsigned long)chktxt ||
      |                               ^
wolfcrypt/src/fips_test.c:1994:9: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 1994 |         (unsigned long)etxt < (unsigned long)chktxt) {
      |         ^
wolfcrypt/src/fips_test.c:1994:31: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 1994 |         (unsigned long)etxt < (unsigned long)chktxt) {
      |                               ^
wolfcrypt/src/fips_test.c:2005:9: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2005 |     if ((unsigned long)sro > (unsigned long)chkro ||
      |         ^
wolfcrypt/src/fips_test.c:2005:30: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2005 |     if ((unsigned long)sro > (unsigned long)chkro ||
      |                              ^
wolfcrypt/src/fips_test.c:2006:9: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2006 |         (unsigned long)ero < (unsigned long)chkro) {
      |         ^
wolfcrypt/src/fips_test.c:2006:30: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2006 |         (unsigned long)ero < (unsigned long)chkro) {
      |                              ^
wolfcrypt/src/fips.c: In function 'wolfcrypt/src/fips_test.c:wc_RsaSSL_Sign_fips In function '':
DoInCoreCheck':
wolfcrypt/src/fips_test.c:2025:19:wolfcrypt/src/fips.c:3621:26:  error: 'FIPS_IN_CORE_DIGEST_SIZE' undeclared (first use in this function); did you mean '       FIPS_HMAC_DIGEST_SZ '?
 2025 |     byte     hash[WC_RSA_FIPS_SIG_MINFIPS_IN_CORE_DIGEST_SIZE' undeclared (first use in this function)
 3621 |     if (ret > 0 && ret < ];
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~WC_RSA_FIPS_SIG_MIN
      |                   ) {
      |                                             ^~~~~~~~~~~~~~~~~~~

wolfcrypt/src/fips_test.c:2025:19: wolfcrypt/src/fips.c:3621:26:note:  each undeclared identifier is reported only once for each function it appears in
note: each undeclared identifier is reported only once for each function it appears in
wolfcrypt/src/fips_test.c:2026:26: error: 'FIPS_IN_CORE_KEY_SZ' undeclared (first use in this function); did you mean 'FIPS_HMAC_KEY_SZ'?
 2026 |     byte     binCoreKey [FIPS_IN_CORE_KEY_SZ];
      |                          ^~~~~~~~~~~~~~~~~~~
      |                          FIPS_HMAC_KEY_SZ
wolfcrypt/src/fips.c: In function 'wc_RsaPSS_Sign_fips':
wolfcrypt/src/fips.c:3686:26: error: 'WC_RSA_FIPS_SIG_MIN' undeclared (first use in this function)
 3686 |     if (ret > 0 && ret < WC_RSA_FIPS_SIG_MIN) {
      |                          ^~~~~~~~~~~~~~~~~~~
wolfcrypt/src/fips_test.c:2027:26: error: 'FIPS_IN_CORE_VERIFY_SZ' undeclared (first use in this function)
 2027 |     byte     binVerify  [FIPS_IN_CORE_VERIFY_SZ];
      |                          ^~~~~~~~~~~~~~~~~~~~~~
wolfcrypt/src/fips_test.c:2045:9: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2045 |     if ((unsigned long) last <= (unsigned long) first)
      |         ^
wolfcrypt/src/fips_test.c:2045:33: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2045 |     if ((unsigned long) last <= (unsigned long) first)
      |                                 ^
wolfcrypt/src/fips_test.c:2049:9: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2049 |     if ((unsigned long) end <= (unsigned long) start)
      |         ^
wolfcrypt/src/fips_test.c:2049:32: warning: cast from pointer to integer of different size [wolfcrypt/src/fips.c:-Wpointer-to-int-cast In function ']
 2049 |     if ((unsigned long) end <=                       ':
unsigned long) start)
      |                                ^
wolfcrypt/src/fips.c:3717:26: error: 'WC_RSA_FIPS_SIG_MIN' undeclared (first use in this function)
 3717 |     if (ret > 0 && ret < WC_RSA_FIPS_SIG_MIN) {
      |                          ^~~~~~~~~~~~~~~~~~~
wolfcrypt/src/fips_test.c:2054:44:wolfcrypt/src/fips.c:  In function 'error: wc_MakeRsaKey_fips'':
wolfCrypt_FIPS_AES_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2054 |     if (wolfCrypt_FIPS_sanity(first, last, wolfcrypt/src/fips.c:3933:16:wolfCrypt_FIPS_AES_sanity ,
      |                                            error: ^~~~~~~~~~~~~~~~~~~~~~~~~'
      |                                            WC_RSA_FIPS_GEN_MINwolfCrypt_FIPS_sanity' undeclared (first use in this function)
 3933 |     if (size <
WC_RSA_FIPS_GEN_MIN)
      |                ^~~~~~~~~~~~~~~~~~~
wolfcrypt/src/fips.c: In function 'wc_ecc_make_key_fips':
wolfcrypt/src/fips.c:4092:19: error: 'WC_ECC_FIPS_GEN_MIN' undeclared (first use in this function)
 4092 |     if (keysize < WC_ECC_FIPS_GEN_MIN)
      |                   ^~~~~~~~~~~~~~~~~~~
wolfcrypt/src/fips_test.c:2055:43: error: 'wolfCrypt_FIPS_aes_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2055 |                               start, end, wolfCrypt_FIPS_aes_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips.c: In function 'wc_ecc_make_key_ex_fips':
wolfcrypt/src/fips.c:4110:19: error: 'WC_ECC_FIPS_GEN_MIN' undeclared (first use in this function)
 4110 |     if (keysize < WC_ECC_FIPS_GEN_MIN) {
      |                   ^~~~~~~~~~~~~~~~~~~
wolfcrypt/src/fips_test.c:2060:44: error: 'wolfCrypt_FIPS_CMAC_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2060 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_CMAC_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips.c: In function 'wc_ecc_make_key_ex2_fips':
wolfcrypt/src/fips.c:4238:19: error: 'WC_ECC_FIPS_GEN_MIN' undeclared (first use in this function)
 4238 |     if (keysize < WC_ECC_FIPS_GEN_MIN)
      |                   ^~~~~~~~~~~~~~~~~~~
wolfcrypt/src/fips_test.c:2061:43: error: 'wolfCrypt_FIPS_cmac_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2061 |                               start, end, wolfCrypt_FIPS_cmac_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2068:44: error: 'wolfCrypt_FIPS_DH_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2068 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_DH_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips.c: In function 'wolfCrypt_GetCoreHash_fips':
wolfcrypt/src/fips.c:1084:1: warning: control reaches end of non-void function [-Wreturn-type]
 1084 | }
      | ^
wolfcrypt/src/fips.c: In function 'wolfCrypt_GetRawComputedHash_fips':
wolfcrypt/src/fips.c:1091:1: warning: control reaches end of non-void function [-Wreturn-type]
 1091 | }
      | ^
wolfcrypt/src/fips.c:wolfcrypt/src/fips_test.c:2069:43: At top level:
                                                                                                                                   '                                '?
 2069 |                               start, end, ' defined but not used [                                            ,
      |                                           ]
  165 | static char ^~~~~~~~~~~~~~~~~~~~~~~~~~~base16_hash
      |                                           [FIPS_IN_CORE_DIGEST_SIZE*2+1]; /* calculated hash */
      |             wolfCrypt_FIPS_sanity

wolfcrypt/src/fips_test.c:2075:44: error: 'wolfCrypt_FIPS_ECC_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2075 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_ECC_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
  CC       wolfcrypt/benchmark/benchmark.o
wolfcrypt/src/fips_test.c:2076:43: error: 'wolfCrypt_FIPS_ecc_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2076 |                               start, end, wolfCrypt_FIPS_ecc_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity  CC       wolfcrypt/src/src_libwolfssl_la-wolfcrypt_first.lo

  CC       wolfcrypt/src/src_libwolfssl_la-hmac.lo
wolfcrypt/src/fips_test.c:2082:44:make[2]: *** [Makefile:7328: wolfcrypt/src/src_libwolfssl_la-fips.lo] Error 1
make[2]: *** Waiting for unfinished jobs....
  CC       wolfcrypt/src/src_libwolfssl_la-random.lo
 error: 'wolfCrypt_FIPS_ED25519_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2082 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_ED25519_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2083:43: error: 'wolfCrypt_FIPS_ed25519_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2083 |                               start, end, wolfCrypt_FIPS_ed25519_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2095:44: error: 'wolfCrypt_FIPS_HMAC_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2095 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_HMAC_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2096:43: error: 'wolfCrypt_FIPS_hmac_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2096 |                               start, end, wolfCrypt_FIPS_hmac_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2101:44: error: 'wolfCrypt_FIPS_KDF_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2101 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_KDF_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2102:43: error: 'wolfCrypt_FIPS_kdf_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2102 |                               start, end, wolfCrypt_FIPS_kdf_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2108:44: error: 'wolfCrypt_FIPS_PBKDF_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2108 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_PBKDF_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2109:43: error: 'wolfCrypt_FIPS_pbkdf_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2109 |                               start, end, wolfCrypt_FIPS_pbkdf_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2115:44: error: 'wolfCrypt_FIPS_DRBG_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2115 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_DRBG_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2116:43: error: 'wolfCrypt_FIPS_drbg_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2116 |                               start, end, wolfCrypt_FIPS_drbg_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2122:44: error: 'wolfCrypt_FIPS_RSA_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2122 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_RSA_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2123:43: error: 'wolfCrypt_FIPS_rsa_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2123 |                               start, end, wolfCrypt_FIPS_rsa_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2129:44: error: 'wolfCrypt_FIPS_SHA_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2129 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_SHA_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2130:43: error: 'wolfCrypt_FIPS_sha_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2130 |                               start, end, wolfCrypt_FIPS_sha_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/wolfcrypt_first.c:34: warning: ignoring '#pragma code_seg ' [-Wunknown-pragmas]
   34 |     #pragma code_seg(".fipsA$a")
      |
wolfcrypt/src/wolfcrypt_first.c:35: warning: ignoring '#pragma const_seg ' [-Wunknown-pragmas]
   35 |     #pragma const_seg(".fipsB$a")
      |
wolfcrypt/src/fips_test.c:2136:44: error: 'wolfCrypt_FIPS_SHA256_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2136 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_SHA256_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2137:43: error: 'wolfCrypt_FIPS_sha256_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2137 |                               start, end, wolfCrypt_FIPS_sha256_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2143:44: error: 'wolfCrypt_FIPS_SHA512_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2143 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_SHA512_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2144:43: error: 'wolfCrypt_FIPS_sha512_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2144 |                               start, end, wolfCrypt_FIPS_sha512_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2150:44: error: 'wolfCrypt_FIPS_SHA3_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2150 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_SHA3_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2151:43: error: 'wolfCrypt_FIPS_sha3_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2151 |                               start, end, wolfCrypt_FIPS_sha3_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2156:44: error: 'wolfCrypt_FIPS_FT_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2156 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_FT_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2157:43: error: 'wolfCrypt_FIPS_ft_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2157 |                               start, end, wolfCrypt_FIPS_ft_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2162:43: error: 'wolfCrypt_FIPS_f_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2162 |                               start, end, wolfCrypt_FIPS_f_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2168:15: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2168 |     code_sz = (unsigned long)last - (unsigned long)first;
      |               ^
wolfcrypt/src/fips_test.c:2168:37: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2168 |     code_sz = (unsigned long)last - (unsigned long)first;
      |                                     ^
wolfcrypt/src/fips_test.c:2169:15: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2169 |     data_sz = (unsigned long)end - (unsigned long)start;
      |               ^
wolfcrypt/src/fips_test.c:2169:36: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2169 |     data_sz = (unsigned long)end - (unsigned long)start;
      |                                    ^
wolfcrypt/src/fips_test.c:2189:37: error: 'FIPS_IN_CORE_HASH_TYPE' undeclared (first use in this function); did you mean 'FIPS_ECC_HASH_TYPE'?
 2189 |     ret = wc_HmacSetKey_fips(&hmac, FIPS_IN_CORE_HASH_TYPE,
      |                                     ^~~~~~~~~~~~~~~~~~~~~~
      |                                     FIPS_ECC_HASH_TYPE
wolfcrypt/src/fips_test.c:2199:19: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2199 |         data_sz = (unsigned long)verifyCore - (unsigned long)start;
      |                   ^
wolfcrypt/src/fips_test.c:2199:47: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2199 |         data_sz = (unsigned long)verifyCore - (unsigned long)start;
      |                                               ^
wolfcrypt/src/fips_test.c:2203:19: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2203 |         data_sz = (unsigned long)end - (unsigned long)start;
      |                   ^
wolfcrypt/src/fips_test.c:2203:40: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2203 |         data_sz = (unsigned long)end - (unsigned long)start;
      |                                        ^
wolfcrypt/src/fips_test.c:2027:14: warning: unused variable 'binVerify' [-Wunused-variable]
 2027 |     byte     binVerify  [FIPS_IN_CORE_VERIFY_SZ];
      |              ^~~~~~~~~
wolfcrypt/src/fips_test.c:2026:14: warning: unused variable 'binCoreKey' [-Wunused-variable]
 2026 |     byte     binCoreKey [FIPS_IN_CORE_KEY_SZ];
      |              ^~~~~~~~~~
wolfcrypt/src/fips_test.c:2025:14: warning: unused variable 'hash' [-Wunused-variable]
 2025 |     byte     hash[FIPS_IN_CORE_DIGEST_SIZE];
      |              ^~~~
wolfcrypt/src/fips_test.c: At top level:
wolfcrypt/src/fips_test.c:2234: warning: ignoring '#pragma warning ' [                                         ]
 2234 |     #pragma warning(pop)
      |
 warning: ignoring '#pragma code_seg ' [-Wunknown-pragmas]
   38 |         #pragma code_seg(".fipsA$g")
      |
wolfcrypt/src/hmac.c:39: warning: ignoring '#pragma const_seg ' [-Wunknown-pragmas]
   39 |         #pragma const_seg(".fipsB$g")
      |
make[2]: *** [Makefile:7335: wolfcrypt/src/src_libwolfssl_la-fips_test.lo] Error 1
wolfcrypt/src/random.c:53: warning: ignoring '#pragma code_seg ' [-Wunknown-pragmas]
   53 |         #pragma code_seg(".fipsA$i")
      |
wolfcrypt/src/random.c:54: warning: ignoring '#pragma const_seg ' [-Wunknown-pragmas]
   54 |         #pragma const_seg(".fipsB$i")
      |
make[2]: *** [Makefile:7213: wolfcrypt/test/test.o] Error 1
make[2]: Leaving directory '/home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready'
make[1]: *** [Makefile:9026: all-recursive] Error 1
make[1]: Leaving directory '/home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready'
make: *** [Makefile:5376: all] Error 2

34

(14 replies, posted in wolfSSL)

Based on --help, do I need to request trial licence


  --enable-fips           Enable FIPS 140-2, Will NOT work w/o FIPS license
                          (default: disabled)

35

(14 replies, posted in wolfSSL)

I triggered help on invalid option

configure: error: Invalid value for --enable-fips "v3" (main options: v1, v2, v5, v6, ready, dev, rand, no, disabled)

Where are possible to find meaning of those options.

36

(14 replies, posted in wolfSSL)

Hello Anthony,
Thank you for reply --enable-fips=v2  resolves the issue.
I can share project details in PM.

I am getting error on compile


wolfcrypt/src/fips.c: In function 'wc_RsaPSS_SignEx_fips':
wolfcrypt/src/fips.c:3717:26: error: 'WC_RSA_FIPS_SIG_MIN' undeclared (first use in this function)
 3717 |     if (ret > 0 && ret < WC_RSA_FIPS_SIG_MIN) {
      |                          ^~~~~~~~~~~~~~~~~~~
wolfcrypt/src/fips_test.c: In function 'DoInCoreCheck':
wolfcrypt/src/fips_test.c:2025:19: error: 'FIPS_IN_CORE_DIGEST_SIZE' undeclared (first use in this function); did you mean 'FIPS_HMAC_DIGEST_SZ'?
 2025 |     byte     hash[FIPS_IN_CORE_DIGEST_SIZE];
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~
      |                   FIPS_HMAC_DIGEST_SZ
wolfcrypt/src/fips_test.c:2025:19: note: each undeclared identifier is reported only once for each function it appears in
wolfcrypt/src/fips.c: In function 'wc_MakeRsaKey_fips':
wolfcrypt/src/fips.c:3933:16: error: 'WC_RSA_FIPS_GEN_MIN' undeclared (first use in this function)
 3933 |     if (size < WC_RSA_FIPS_GEN_MIN)
      |                ^~~~~~~~~~~~~~~~~~~
wolfcrypt/src/fips_test.c:2026:26: error: 'FIPS_IN_CORE_KEY_SZ' undeclared (first use in this function); did you mean 'FIPS_HMAC_KEY_SZ'?
 2026 |     byte     binCoreKey [FIPS_IN_CORE_KEY_SZ];
      |                          ^~~~~~~~~~~~~~~~~~~
      |                          FIPS_HMAC_KEY_SZ
wolfcrypt/src/fips.c: In function 'wc_ecc_make_key_fips':
wolfcrypt/src/fips.c:4092:19: error: 'WC_ECC_FIPS_GEN_MIN' undeclared (first use in this function)
 4092 |     if (keysize < WC_ECC_FIPS_GEN_MIN)
      |                   ^~~~~~~~~~~~~~~~~~~
wolfcrypt/src/fips_test.c:2027:26: error: 'FIPS_IN_CORE_VERIFY_SZ' undeclared (first use in this function)
 2027 |     byte     binVerify  [FIPS_IN_CORE_VERIFY_SZ];
      |                          ^~~~~~~~~~~~~~~~~~~~~~
wolfcrypt/src/fips_test.c:2045:9: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2045 |     if ((unsigned long) last <= (unsigned long) first)
      |         ^
wolfcrypt/src/fips_test.c:2045:33: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2045 |     if ((unsigned long) last <= (unsigned long) first)
      |                                 ^
wolfcrypt/src/fips_test.c:2049:9: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2049 |     if (wolfcrypt/src/fips.c: In function '(unsigned long) end <= (unsigned long) start)
      |         wc_ecc_make_key_ex_fips^':

wolfcrypt/src/fips_test.c:2049:32:wolfcrypt/src/fips.c:4110:19:  warning: error: cast from pointer to integer of different size [ -Wpointer-to-int-castWC_ECC_FIPS_GEN_MIN]
 2049 |     if ((unsigned long) end <= ' undeclared (first use in this function)
 4110 |     if (keysize < (WC_ECC_FIPS_GEN_MINunsigned long) start)
      |                                ) {
      |                   ^
^~~~~~~~~~~~~~~~~~~
wolfcrypt/src/fips_test.c:2054:44: error: 'wolfCrypt_FIPS_AES_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2054 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_AES_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips.c: In function 'wc_ecc_make_key_ex2_fips':
wolfcrypt/src/fips.c:4238:19: error: 'WC_ECC_FIPS_GEN_MIN' undeclared (first use in this function)
 4238 |     if (keysize < WC_ECC_FIPS_GEN_MIN)
      |                   ^~~~~~~~~~~~~~~~~~~
wolfcrypt/src/fips_test.c:2055:43: error: 'wolfCrypt_FIPS_aes_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2055 |                               start, end, wolfCrypt_FIPS_aes_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips.c: In function 'wolfCrypt_GetCoreHash_fips':
wolfcrypt/src/fips.c:1084:1: warning: control reaches end of non-void function [-Wreturn-type]
 1084 | }
      | ^
wolfcrypt/src/fips.c: In function 'wolfCrypt_GetRawComputedHash_fips':
wolfcrypt/src/fips.c:1091:1: warning: control reaches end of non-void function [-Wreturn-type]
 1091 | }
      | ^
wolfcrypt/src/fips_test.c:2060:44: error: 'wolfCrypt_FIPS_CMAC_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2060 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_CMAC_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips.c: At top level:
wolfcrypt/src/fips.c:165:13: warning: 'base16_hash' defined but not used [-Wunused-variable]
  165 | static char base16_hash[FIPS_IN_CORE_DIGEST_SIZE*2+1]; /* calculated hash */
      |             ^~~~~~~~~~~
wolfcrypt/src/fips_test.c:2061:43: error: 'wolfCrypt_FIPS_cmac_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2061 |                               start, end, wolfCrypt_FIPS_cmac_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2068:44: error: 'wolfCrypt_FIPS_DH_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2068 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_DH_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2069:43: error: 'wolfCrypt_FIPS_dh_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2069 |                               start, end, wolfCrypt_FIPS_dh_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2075:44: error: 'wolfCrypt_FIPS_ECC_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2075 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_ECC_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2076:43: error: 'wolfCrypt_FIPS_ecc_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2076 |                               start, end, wolfCrypt_FIPS_ecc_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2082:44: error: 'wolfCrypt_FIPS_ED25519_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2082 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_ED25519_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2083:43: error: 'wolfCrypt_FIPS_ed25519_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2083 |                               start, end, wolfCrypt_FIPS_ed25519_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2095:44: error: 'wolfCrypt_FIPS_HMAC_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2095 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_HMAC_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2096:43: error: 'wolfCrypt_FIPS_hmac_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2096 |                               start, end, wolfCrypt_FIPS_hmac_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
make[2]: *** [Makefile:7328: wolfcrypt/src/src_libwolfssl_la-fips.lo] Error 1
make[2]: *** Waiting for unfinished jobs....
wolfcrypt/src/fips_test.c:2101:44: error: 'wolfCrypt_FIPS_KDF_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2101 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_KDF_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2102:43: error: 'wolfCrypt_FIPS_kdf_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2102 |                               start, end, wolfCrypt_FIPS_kdf_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2108:44: error: 'wolfCrypt_FIPS_PBKDF_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2108 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_PBKDF_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2109:43: error: 'wolfCrypt_FIPS_pbkdf_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2109 |                               start, end, wolfCrypt_FIPS_pbkdf_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2115:44: error: 'wolfCrypt_FIPS_DRBG_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2115 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_DRBG_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2116:43: error: 'wolfCrypt_FIPS_drbg_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2116 |                               start, end, wolfCrypt_FIPS_drbg_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2122:44: error: 'wolfCrypt_FIPS_RSA_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2122 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_RSA_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2123:43: error: 'wolfCrypt_FIPS_rsa_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2123 |                               start, end, wolfCrypt_FIPS_rsa_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2129:44: error: 'wolfCrypt_FIPS_SHA_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2129 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_SHA_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2130:43: error: 'wolfCrypt_FIPS_sha_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2130 |                               start, end, wolfCrypt_FIPS_sha_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2136:44: error: 'wolfCrypt_FIPS_SHA256_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2136 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_SHA256_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2137:43: error: 'wolfCrypt_FIPS_sha256_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2137 |                               start, end, wolfCrypt_FIPS_sha256_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2143:44: error: 'wolfCrypt_FIPS_SHA512_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2143 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_SHA512_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2144:43: error: 'wolfCrypt_FIPS_sha512_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2144 |                               start, end, wolfCrypt_FIPS_sha512_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2150:44: error: 'wolfCrypt_FIPS_SHA3_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2150 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_SHA3_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2151:43: error: 'wolfCrypt_FIPS_sha3_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2151 |                               start, end, wolfCrypt_FIPS_sha3_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2156:44: error: 'wolfCrypt_FIPS_FT_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2156 |     if (wolfCrypt_FIPS_sanity(first, last, wolfCrypt_FIPS_FT_sanity,
      |                                            ^~~~~~~~~~~~~~~~~~~~~~~~
      |                                            wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2157:43: error: 'wolfCrypt_FIPS_ft_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2157 |                               start, end, wolfCrypt_FIPS_ft_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2162:43: error: 'wolfCrypt_FIPS_f_ro_sanity' undeclared (first use in this function); did you mean 'wolfCrypt_FIPS_sanity'?
 2162 |                               start, end, wolfCrypt_FIPS_f_ro_sanity,
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                           wolfCrypt_FIPS_sanity
wolfcrypt/src/fips_test.c:2168:15: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2168 |     code_sz = (unsigned long)last - (unsigned long)first;
      |               ^
wolfcrypt/src/fips_test.c:2168:37: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2168 |     code_sz = (unsigned long)last - (unsigned long)first;
      |                                     ^
wolfcrypt/src/fips_test.c:2169:15: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2169 |     data_sz = (unsigned long)end - (unsigned long)start;
      |               ^
wolfcrypt/src/fips_test.c:2169:36: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2169 |     data_sz = (unsigned long)end - (unsigned long)start;
      |                                    ^
wolfcrypt/src/fips_test.c:2189:37: error: 'FIPS_IN_CORE_HASH_TYPE' undeclared (first use in this function); did you mean 'FIPS_ECC_HASH_TYPE'?
 2189 |     ret = wc_HmacSetKey_fips(&hmac, FIPS_IN_CORE_HASH_TYPE,
      |                                     ^~~~~~~~~~~~~~~~~~~~~~
      |                                     FIPS_ECC_HASH_TYPE
wolfcrypt/src/fips_test.c:2199:19: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2199 |         data_sz = (unsigned long)verifyCore - (unsigned long)start;
      |                   ^
wolfcrypt/src/fips_test.c:2199:47: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2199 |         data_sz = (unsigned long)verifyCore - (unsigned long)start;
      |                                               ^
wolfcrypt/src/fips_test.c:2203:19: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2203 |         data_sz = (unsigned long)end - (unsigned long)start;
      |                   ^
wolfcrypt/src/fips_test.c:2203:40: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 2203 |         data_sz = (unsigned long)end - (unsigned long)start;
      |                                        ^
wolfcrypt/src/fips_test.c:2027:14: warning: unused variable 'binVerify' [-Wunused-variable]
 2027 |     byte     binVerify  [FIPS_IN_CORE_VERIFY_SZ];
      |              ^~~~~~~~~
wolfcrypt/src/fips_test.c:2026:14: warning: unused variable 'binCoreKey' [-Wunused-variable]
 2026 |     byte     binCoreKey [FIPS_IN_CORE_KEY_SZ];
      |              ^~~~~~~~~~
wolfcrypt/src/fips_test.c:2025:14: warning: unused variable 'hash' [-Wunused-variable]
 2025 |     byte     hash[FIPS_IN_CORE_DIGEST_SIZE];
      |              ^~~~
wolfcrypt/src/fips_test.c: At top level:
wolfcrypt/src/fips_test.c:2234: warning: ignoring '#pragma warning ' [-Wunknown-pragmas]
 2234 |     #pragma warning(pop)
      |
make[2]: *** [Makefile:7335: wolfcrypt/src/src_libwolfssl_la-fips_test.lo] Error 1
make[2]: Leaving directory '/home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready'
make[1]: *** [Makefile:9026: all-recursive] Error 1
make[1]: Leaving directory '/home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready'
make: *** [Makefile:5376: all] Error 2

37

(14 replies, posted in wolfSSL)

It produce error

configure: Generating user options header...
checking for wolfssl/openssl/aes.h... no
configure: error: Header file inconsistency detected -- error including wolfssl/openssl/aes.h.

I am not sure if there are conflicting options

38

(14 replies, posted in wolfSSL)

Hello Everyone,
I am trying to compile library on windows under MSYS and getting error

WolfSSL latest release FIPS enabled.

Current version of configure options

 ./configure --enable-keygen --enable-rsapss --enable-dtls --enable-certgen --enable-certreq --enable-certext --enable-sessioncerts --enable-crl --enable-ocsp  --enable-secure-renegotiation --enable-strongswan CFLAGS="-DWOLFSSL_LOG_PRINTF -DWOLFSSL_PUBLIC_MP -DHAVE_EX_DATA -DFP_MAX_BITS=8192" --enable-ed25519 --enable-curve25519 --enable-fips=ready --prefix=$(pwd)

Can you please provide feedback on recommend configuration options FIPS enabled library.