Topic: Restricting wolfengine to FIPS supported algorithms
Hi,
We have successfully build wolfengine with fips i.e. "--enable-fips=v2" and debug i.e. "--enable-debug" support on Linux machine. The OpenSSL configuration file has been updated to use wolfengine.
The OpenSSL is using the wolfengine by default. However, wolfengine is not blocking un-supported FIPS algorithms and it is still possible to use non-fips supported algorithms as shown below. Do we need to configure some parameter to enable fips for wolfengine ?
=========================================
Output of "openssl dgst -md4 test.txt" Command
==========================================
wolfEngine Leaving wolfengine_ctrl, return 1
wolfEngine Entering we_ciphers
wolfEngine Leaving we_ciphers, return 18
wolfEngine Entering we_digests
wolfEngine Leaving we_digests, return 6
wolfEngine Entering we_pkey
Returning 11 supported public key NIDs
wolfEngine Leaving we_pkey, return 11
MD4(test.txt)= 9a2a5dcb1fb54b8a97bd3c4d73a111e4 <========================
wolfEngine Entering we_pkey
Returning 11 supported public key NIDs
wolfEngine Leaving we_pkey, return 11
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering wolfengine_destroy
wolfEngine Entering we_final_random
wolfEngine Leaving we_final_random, return 1
wolfEngine Leaving wolfengine_destroy, return 1
===================================================
Output of openssl des -in test.txt -out encrypted.txt Command
================================ ===================
wolfEngine Leaving wolfengine_ctrl, return 1
wolfEngine Entering we_ciphers
wolfEngine Leaving we_ciphers, return 18
wolfEngine Entering we_digests
wolfEngine Leaving we_digests, return 6
wolfEngine Entering we_pkey
Returning 11 supported public key NIDs
wolfEngine Leaving we_pkey, return 11
enter des-cbc encryption password:
Verifying - enter des-cbc encryption password:
wolfEngine Entering we_rand_bytes
wolfEngine Entering we_rand_add_weak_entropy
wolfEngine Entering we_rand_mix_seed
wolfEngine Leaving we_rand_mix_seed, return 1
wolfEngine Leaving we_rand_add_weak_entropy, return 1
wolfEngine Leaving we_rand_bytes, return 1
wolfEngine Entering we_pkey
Returning 11 supported public key NIDs
wolfEngine Leaving we_pkey, return 11
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering wolfengine_destroy
wolfEngine Entering we_final_random
wolfEngine Leaving we_final_random, return 1
wolfEngine Leaving wolfengine_destroy, return 1
Thanks,