1

Topic: Setting up wolfEngine to be used with OpenSSL

Hi all,

I have an existing application that uses OpenSSL and would like to use wolfEngine on top of it. I'm working on Mac OSX and have followed the instructions in https://github.com/wolfSSL/wolfEngine as well as watched the wolfEngine webinar at https://www.youtube.com/watch?v=ini0rKfk3mY. I ran

make check

successfully but aside from that, I'm not sure if installation of wolfEngine worked correctly, as I don't see any .so files in .libs/.

Assuming this is normal though and wolfEngine is correctly installed, what is the process of then using it as an engine for OpenSSL? I would like to perform the sanity check shown at 16:00 in the webinar but I'm not sure where the shared object resides after wolfEngine installation.

Thank you for any help!

Share

Re: Setting up wolfEngine to be used with OpenSSL

Hi,

On Mac, the extension will be .dylib rather than .so:

haydenroche@Haydens-MBP:~/wolfEngine$ ls .libs
total 488
-rwxr-xr-x  1 haydenroche  staff   37624 Nov 16 11:26 bench
-rwxr-xr-x  1 haydenroche  staff  203288 Nov 16 11:26 libwolfengine.1.dylib
lrwxr-xr-x  1 haydenroche  staff      21 Nov 16 11:26 libwolfengine.dylib -> libwolfengine.1.dylib
lrwxr-xr-x  1 haydenroche  staff      19 Nov 16 11:26 libwolfengine.la -> ../libwolfengine.la
-rw-r--r--  1 haydenroche  staff    1075 Nov 16 11:26 libwolfengine.lai

I just ran the same demo from the webinar on my Mac, and everything appears to work correctly. I recommend configuring wolfEngine with --enable-debug so that you can see wolfEngine's being used.

Let me know if you have any further issues!

Thanks,

Hayden Roche
wolfSSL Software Engineer

Share

3

Re: Setting up wolfEngine to be used with OpenSSL

Hey Hayden, thanks for the reply.

Things are working well now and we have wolfEngine working 2 separate ways with openssl.cnf and ENGINE_load_wolfengine() smile

Share

Re: Setting up wolfEngine to be used with OpenSSL

That's great to hear!

Share

5

Re: Setting up wolfEngine to be used with OpenSSL

Hi Hayden,

I have a couple questions about using wolfEngine from a config file.

I've set my /usr/local/ssl/openssl.cnf with the following:

openssl_conf = openssl_init

[ openssl_init ]
oid_section             = new_oids
engines = engine_section

[ engine_section ]
wolfSSL = wolfssl_section

[ wolfssl_section ]
engine_id = libwolfengine
dynamic_path = /usr/local/lib/engines-1.1/libwolfengine.dylib
init = 1
enable_debug = 1
default_algorithms = ALL

Now this appears to work on the command line, as when I run "openssl engine" it prints multiple lines regarding wolfEngine, and running "openssl aes" commands on the CL also indicates that wolfEngine is being used.

However, when running this code:

int main() {
    printf("Hello, World!\n");

    ENGINE *e;
    ENGINE_load_builtin_engines();
    e = ENGINE_by_id("libwolfengine");
    ENGINE_init(e);
    //ENGINE_set_default(e, ENGINE_METHOD_ALL); // so far wolfEngine only outputs logs if this is set

    //ENGINE_finish(e);
    //ENGINE_free(e);

    // print wolfEngine logs
    ENGINE_ctrl_cmd(e, "enable_debug", 1, NULL, NULL, 0);

    unsigned char buffer[128];
    if (1 != RAND_bytes(buffer, sizeof(buffer))) {
        fprintf(stderr, "error with RAND_bytes\n");
    }

    printf("Made it to end\n");
    
    return 0;
}

It doesn't indicate that wolfEngine is being used unless I uncomment "ENGINE_set_default". But my questions are:

1. Is there a way to use wolfEngine without calling any ENGINE functions? For example, if I called RAND_bytes in my code without using any ENGINE calls, it would use wolfEngine. I would like to be able to use my existing OpenSSL code and not have to add to it.
2. if yes to 1, how can I verify OpenSSL is delegating the function calls to wolfEngine?

Thank you smile

Share

6 (edited by hayden 2021-11-19 13:46:09)

Re: Setting up wolfEngine to be used with OpenSSL

Hi,

Your test program isn't actually using the configuration file you've written, I think. I've attached examples.tar.gz to this message. It contains an example of how to use wolfEngine with a config file and some documentation. Specifically, you're missing this

OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
                    OPENSSL_INIT_ADD_ALL_DIGESTS |
                    OPENSSL_INIT_LOAD_CONFIG, NULL);

and you need to make sure the environment variable OPENSSL_CONF points to your config file. Please refer to the attached examples for more details.

As long as you've built wolfEngine with --enable-debug and you've got

enable_debug = 1
default_algorithms = ALL

in your config file, wolfEngine will be used for all algorithms it provides and debug messages should be printed to stderr, indicating that wolfEngine's being used. If you get the configuration file right, you won't need any of this

ENGINE *e;
ENGINE_load_builtin_engines();
e = ENGINE_by_id("libwolfengine");
ENGINE_init(e);
//ENGINE_set_default(e, ENGINE_METHOD_ALL); // so far wolfEngine only outputs logs if this is set

//ENGINE_finish(e);
//ENGINE_free(e);

// print wolfEngine logs
ENGINE_ctrl_cmd(e, "enable_debug", 1, NULL, NULL, 0);

Thanks!

Hayden

Post's attachments

examples.tar.gz 2.17 kb, 1 downloads since 2021-11-19 

You don't have the permssions to download the attachments of this post.

Share

7

Re: Setting up wolfEngine to be used with OpenSSL

Hey Hayden, thanks for the reply, the examples folder you linked was really helpful. The two C files you included are working as expected, which is also great. Just checking though, and maybe it is a bit too hopeful, is there any way to have OpenSSL default to using wolfEngine without writing any additional code, even without having to add

OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
                    OPENSSL_INIT_ADD_ALL_DIGESTS |
                    OPENSSL_INIT_LOAD_CONFIG, NULL);

?

Share