Skip to content

Call wolfCrypt_SetCb_fips in wolfengine_bind for FIPS builds. #177

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
anhu merged 1 commit into from
Feb 2, 2022
Merged

Call wolfCrypt_SetCb_fips in wolfengine_bind for FIPS builds. #177

anhu merged 1 commit into from
Feb 2, 2022

Conversation

@haydenroche5
Copy link
Contributor

@haydenroche5 haydenroche5 commented Feb 1, 2022

We've had a lot of users come to us for support when wolfEngine can't be found,
and the resolution often ends up being that the FIPS module integrity check
failed and the expected HMAC value needs to be updated. This commit sets up
a callback that will indicate the problem and how to fix it, just like we do
for testwolfcrypt in wolfSSL.

@haydenroche5 haydenroche5 self-assigned this Feb 1, 2022
SparkiDev
SparkiDev reviewed Feb 1, 2022
View reviewed changes
src/we_internal.c Outdated
WOLFENGINE_ENTER(WE_LOG_ENGINE, "wolfengine_bind");

#ifdef HAVE_FIPS
wolfCrypt_SetCb_fips(fipsCb);
Copy link
Contributor

@SparkiDev SparkiDev Feb 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to include fips_test.h?

Copy link
Contributor Author

@haydenroche5 haydenroche5 Feb 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep! Will fix.

anhu
anhu reviewed Feb 1, 2022
View reviewed changes
src/we_internal.c Outdated
printf("hash = %s\n", hash);

if (err == IN_CORE_FIPS_E) {
printf("In core integrity hash check failure. Copy above hash\n");
Copy link
Member

@anhu anhu Feb 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the initial "In" seems weird. I think it should be
Core integrity hash check failure. Copy above hash....

Copy link
Contributor Author

@haydenroche5 haydenroche5 Feb 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reworded.

src/we_internal.c Outdated
printf("hash = %s\n", hash);

if (err == IN_CORE_FIPS_E) {
printf("In core integrity hash check failure. Copy above hash\n");
Copy link
Member

@anhu anhu Feb 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should have more markers to make it more prominent. like

printf("*******************************************\n");

Copy link
Contributor Author

@haydenroche5 haydenroche5 Feb 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added.

@haydenroche5
Call wolfCrypt_SetCb_fips in wolfengine_bind for FIPS builds.
0ccab03 
We've had a lot of users come to us for support when wolfEngine can't be found,
and the resolution often ends up being that the FIPS module integrity check
failed and the expected HMAC value needs to be updated. This commit sets up
a callback that will indicate the problem and how to fix it, just like we do
for testwolfcrypt in wolfSSL.
@anhu anhu merged commit 9b08099 into wolfSSL:master Feb 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anhu anhu anhu approved these changes

@SparkiDev SparkiDev SparkiDev approved these changes

Assignees

@anhu anhu

@SparkiDev SparkiDev

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@haydenroche5 @anhu @SparkiDev