Doing FIPS responsibly since 2014!

wolfSSL Inc. Stance:

OE Descriptions for software module “tested configurations” should include the toolchain used to compile the code and the OS the toolchain was employed on to allow for cross-compilation scenarios.

OLD: running on with NEW: **Compiled with on ** running on running on with OLD: on running on with NEW: **Compiled with on ** running on on running on with OLD: on on running on with NEW: **Compiled with on **running on on on running on with

wolfSSL Inc. Reasoning and Justification:

wolfSSL Inc recently experienced how a toolchain change caused issues with the software crypto module where there were no change(s) to the OS, processor or module code.

Scenario 1: Unmodified code, compiled for Intel silicon on Linux OS using gcc or older clang version All CAVP vectors passing Scenario 2: Same exact code, same exact intel silicon, same exact Linux OS. Compiler updated to clang 15.0.1. CAVP vectors for a single public key algorithm failing (all other algorithms passing) Problem: The n-th bit of a signature blob was being set or cleared non-deterministically. The failure was highly repeatable in testing. Fix: Use an alternate version of clang and submit a bug report to the toolchain dev team (still waiting on a fix).

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.  We offer free pre-sales customer support, we have FIPS evaluation options and our staff are knowledgeable and eager to help!