add wolfSSL_Init to csr example, required for fips ecc #270
Conversation
examples/csr/csr.c
Outdated
| @@ -166,6 +166,13 @@ int TPM2_CSR_ExampleArgs(void* userCtx, int argc, char *argv[]) | |||
| argc--; | |||
| } | |||
|
|
|||
| /* init wolfssl, required for fips */ | |||
| rc = wolfSSL_Init(); | |||
There was a problem hiding this comment.
This is great, but a couple things.
- If building with
WOLFCRYPT_ONLYthis needs to bewolfCrypt_Init(). - Use the wolfSSL values
WOLFSSL_SUCCESS. - If you are going to call init you also need to call
_Cleanup()... ForWOLFCRYPT_ONLYthis needs to bewolfCrypt_Cleanup()
examples/csr/csr.c
Outdated
| @@ -166,9 +166,30 @@ int TPM2_CSR_ExampleArgs(void* userCtx, int argc, char *argv[]) | |||
| argc--; | |||
| } | |||
|
|
|||
| /* init wolfssl, required for fips */ | |||
| #ifdef WOLFCRYPT_ONLY | |||
There was a problem hiding this comment.
This logic should be in wolfTPM2_Init and wolfTPM2_Cleanup? I am pretty sure these init/cleanups are already called. Perhaps the issue is I only call the wolfCrypt_Init version?
There was a problem hiding this comment.
I don't know, when I try to do just wolfCrypt_Init it fails with the rng error, I have to call wolfSSL_Init
There was a problem hiding this comment.
Please swap out the logic you added in csr.c, but put into tpm2.c and add the #ifdef WOLFCRYPT_ONLY logic. Call wolfSSL_Init by default unless WOLFCRYPT_ONLY is defined.
There was a problem hiding this comment.
https://github.com/wolfSSL/wolfssl/blob/master/src/ssl.c#L6421
I think this is why, I'm going to call wolfSSL_Init when not WOLFCRYPT_ONLY and call wolfCrypt_Init and wc_SetSeed_Cb when it is
|
So you don't need to call wolfSSL_Init, I just needed to add the |
ZD 16126