Topic: Building Library on ubuntu 17.10

I'm trying to build our application on Ubuntu 17.10, but when I do I get the following error in the wolfSSL library:

/usr/local/include/wolfssl/wolfcrypt/settings.h:1573:14: error: #warning "For timing resistance / side-channel attack prevention consider using harden options" [-Werror=cpp]
             #warning "For timing resistance / side-channel attack prevention consider using harden options"

My configure command is as follows:

./configure --enable-supportedcurves --enable-secure-renegotiation --enable-ecc --enable-gcc-hardening

What should I include to mitigate this error.

Thank you,
Jelani

Share

Re: Building Library on ubuntu 17.10

Hi jebrando,

To resolve this error you have two options:

1. Enable the hardening options `./configure --enable-harden`
2. Disable the hardening support using `./configure CFLAGS="-DWC_NO_HARDEN`

Thanks,
David Garske, wolfSSL

Share

3 (edited by sahl.john 2020-07-02 07:19:12)

Re: Building Library on ubuntu 17.10

I get the same error message even with --enable-harden

I used these options for configure:

./configure --enable-fips=v2 --enable-harden --enable-keygen

But I get this when I build my application:

/usr/local/include/wolfssl/wolfcrypt/settings.h:2060:14: error: #warning "For timing resistance / side-channel attack prevention consider using harden options" [-Werror=cpp]
             #warning "For timing resistance / side-channel attack prevention consider using harden options"
              ^~~~~~~

Share

Re: Building Library on ubuntu 17.10

sahl.john,

Can you double check that there is not a previously installed version of the library present on the system? It may be that your system PATH has a copy of /usr/local/include/wolfssl/options.h that is being included INSTEAD of the local wolfssl/options.h that just got generated when configure was run. If there is another copy of options.h that has different settings in it and it is in the system include path it could be causing this issue. Simply remove or uninstall the older headers and library then try building again.

Warm Regards,

K