Welcome to the wolfSSL Forums!

m_u_h · 2022-12-12 19:19:14

m_u_h
Member
Offline

Registered: 2022-12-06
Posts: 16

Topic: Restricting wolfengine to FIPS supported algorithms

Hi,

We have successfully build wolfengine with fips i.e. "--enable-fips=v2" and debug i.e. "--enable-debug" support on Linux machine. The OpenSSL configuration file has been updated to use wolfengine.

The OpenSSL is using the wolfengine by default. However, wolfengine is not blocking un-supported FIPS algorithms and it is still possible to use non-fips supported algorithms as shown below. Do we need to configure some parameter to enable fips for wolfengine ?

=========================================
Output of "openssl dgst -md4 test.txt" Command
==========================================
wolfEngine Leaving wolfengine_ctrl, return 1
wolfEngine Entering we_ciphers
wolfEngine Leaving we_ciphers, return 18
wolfEngine Entering we_digests
wolfEngine Leaving we_digests, return 6
wolfEngine Entering we_pkey
Returning 11 supported public key NIDs
wolfEngine Leaving we_pkey, return 11
MD4(test.txt)= 9a2a5dcb1fb54b8a97bd3c4d73a111e4 <========================
wolfEngine Entering we_pkey
Returning 11 supported public key NIDs
wolfEngine Leaving we_pkey, return 11
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering wolfengine_destroy
wolfEngine Entering we_final_random
wolfEngine Leaving we_final_random, return 1
wolfEngine Leaving wolfengine_destroy, return 1

===================================================
Output of openssl des -in test.txt -out encrypted.txt Command
================================ ===================
wolfEngine Leaving wolfengine_ctrl, return 1
wolfEngine Entering we_ciphers
wolfEngine Leaving we_ciphers, return 18
wolfEngine Entering we_digests
wolfEngine Leaving we_digests, return 6
wolfEngine Entering we_pkey
Returning 11 supported public key NIDs
wolfEngine Leaving we_pkey, return 11
enter des-cbc encryption password:
Verifying - enter des-cbc encryption password:
wolfEngine Entering we_rand_bytes
wolfEngine Entering we_rand_add_weak_entropy
wolfEngine Entering we_rand_mix_seed
wolfEngine Leaving we_rand_mix_seed, return 1
wolfEngine Leaving we_rand_add_weak_entropy, return 1
wolfEngine Leaving we_rand_bytes, return 1
wolfEngine Entering we_pkey
Returning 11 supported public key NIDs
wolfEngine Leaving we_pkey, return 11
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering wolfengine_destroy
wolfEngine Entering we_final_random
wolfEngine Leaving we_final_random, return 1
wolfEngine Leaving wolfengine_destroy, return 1

Thanks,

embhorn · 2022-12-13 07:44:20

embhorn
Moderator
Offline

From: Mobile, AL
Registered: 2013-12-11
Posts: 298

Re: Restricting wolfengine to FIPS supported algorithms

Hello m_u_h

It is the responsibility of the application making a claim to be using FIPS validated cryptography to only use FIPS validated cryptography.

Please submit a support ticket by emailing support@wolfssl.com for further clarification.

Kind regards,
Eric, wolfSSL Support

m_u_h · 2022-12-13 10:01:39

m_u_h
Member
Offline

Registered: 2022-12-06
Posts: 16

Re: Restricting wolfengine to FIPS supported algorithms

Hi Eric,

Thanks for the clarification. We will send support ticket to "support@wolfssl.com" for further clarification.

Best Regards,

Welcome to the wolfSSL Forums!

Restricting wolfengine to FIPS supported algorithms

Posts: 3

1 Topic by m_u_h 2022-12-12 19:19:14

Topic: Restricting wolfengine to FIPS supported algorithms

2 Reply by embhorn 2022-12-13 07:44:20

Re: Restricting wolfengine to FIPS supported algorithms

3 Reply by m_u_h 2022-12-13 10:01:39

Re: Restricting wolfengine to FIPS supported algorithms

Posts: 3