Bug#964215: libwolfssl-dev: #warning "For timing resistance / side-channel attack prevention consider using harden options"
Hi Thorsten, On Fri, Jul 3, 2020 at 3:26 PM Thorsten Glaser wrote: > > Whoa, I didn’t mean you had to upload, right today, just for that ☻ > but thanks anyway. wolfSSL is seeing an increase in popularity. By uploading, I hoped to avoid additional uncertainty about the compatibility mode. Kind regards & happy encrypting! Felix Lechner
Bug#964215: libwolfssl-dev: #warning "For timing resistance / side-channel attack prevention consider using harden options"
Dixi quod… >Might wish to keep it open until there’s sufficient documentation >in the package itself. If you disagree, close it, no complains. Whoa, I didn’t mean you had to upload, right today, just for that ☻ but thanks anyway. Good night, //mirabilos -- 15:41⎜ Somebody write a testsuite for helloworld :-)
Bug#964215: libwolfssl-dev: #warning "For timing resistance / side-channel attack prevention consider using harden options"
severity 964215 wishlist retitle 964215 libwolfssl-dev: no in-package documentation about necessary extra steps thanks Felix Lechner dixit: >> I did consult the Debian-packaged README, but it >> had no such thing, > >The instructions for the OpenSSL layer are not Debian-specific, but I >will add a note to the README.Debian to bridge the documentation gap. Thanks. In the meanwhile, I added it. >> and the code compiles without it. > >Sounds like the compatibility layer had everything you needed. I am >glad to hear it. Which package is it, please? I’m packaging polyphone (SoundFont editor) from scratch. We’ll see whether it suffices. It at least implements all needed functions, and its licence is compatible by Debian standards. >> Why, if this file is so important, is it not automatically included? > >I have asked myself that, as well. Maybe there is a technical reason, >or maybe the authors would like people to use the native interface. The native interface seems to want them as well. >Either way, the library works great once you get over the small >hurdle! Great to see that. >Please feel free to close this bug. Might wish to keep it open until there’s sufficient documentation in the package itself. If you disagree, close it, no complains. Thanks, //mirabilos -- Beware of ritual lest you forget the meaning behind it. yeah but it means if you really care about something, don't ritualise it, or you will lose it. don't fetishise it, don't obsess. or you'll forget why you love it in the first place.
Bug#964215: libwolfssl-dev: #warning "For timing resistance / side-channel attack prevention consider using harden options"
Hi Thorsten, On Fri, Jul 3, 2020 at 12:14 PM Thorsten Glaser wrote: > > I did consult the Debian-packaged README, but it > had no such thing, The instructions for the OpenSSL layer are not Debian-specific, but I will add a note to the README.Debian to bridge the documentation gap. > and the code compiles without it. Sounds like the compatibility layer had everything you needed. I am glad to hear it. Which package is it, please? > Why, if this file is so important, is it not automatically included? I have asked myself that, as well. Maybe there is a technical reason, or maybe the authors would like people to use the native interface. Either way, the library works great once you get over the small hurdle! Please feel free to close this bug. Kind regards Felix Lechner
Bug#964215: libwolfssl-dev: #warning "For timing resistance / side-channel attack prevention consider using harden options"
Felix Lechner dixit: >Did you '#include ' in each file before using the >OpenSSL compatibility headers as described in the instructions? [1] No, of course not. I did consult the Debian-packaged README, but it had no such thing, and the code compiles without it. Why, if this file is so important, is it not automatically included? bye, //mirabilos -- (gnutls can also be used, but if you are compiling lynx for your own use, there is no reason to consider using that package) -- Thomas E. Dickey on the Lynx mailing list, about OpenSSL
Bug#964215: libwolfssl-dev: #warning "For timing resistance / side-channel attack prevention consider using harden options"
Hi Thorsten, On Fri, Jul 3, 2020 at 11:21 AM Thorsten Glaser wrote: > > Just using the library (as OpenSSL drop-in for licence compliance > in Debian terms) produces the following warning: Did you '#include ' in each file before using the OpenSSL compatibility headers as described in the instructions? [1] I know the manual is not that clear, but it works for me every time. I can also help with porting, if needed. Kind regards Felix Lechner [1] https://www.wolfssl.com/docs/wolfssl-manual/ch13/
Bug#964215: libwolfssl-dev: #warning "For timing resistance / side-channel attack prevention consider using harden options"
Package: libwolfssl-dev Version: 4.4.0+dfsg-5 Severity: normal Just using the library (as OpenSSL drop-in for licence compliance in Debian terms) produces the following warning: In file included from /usr/include/wolfssl/openssl/bn.h:33, from /usr/include/wolfssl/openssl/rsa.h:28, from core/utils.cpp:28: /usr/include/wolfssl/wolfcrypt/settings.h:2060:14: warning: #warning "For timing resistance / side-channel attack prevention consider using harden options" [-Wcpp] 2060 | #warning "For timing resistance / side-channel attack prevention consider using harden options" | ^~~ Why is hardening not enabled? -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'oldstable-updates'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.6.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/lksh Init: sysvinit (via /sbin/init) Versions of packages libwolfssl-dev depends on: pn libwolfssl24 libwolfssl-dev recommends no packages. libwolfssl-dev suggests no packages.
