1 Topic by volga629 (edited by volga629 2024-11-15 11:11:37)

  • Registered: 2024-10-30
  • Posts: 40

Topic: Strongswan WolfSSL FIPS Windows MSYS

Hello Everyone,
How I can check if output library dll is built FIPS compliant  ?
When I try to load wolfssl plugin in strongswan it complains about missing FIPS support

I  used --enable-fips=ready

Plugin 

$ cat strongswan.d/charon/wolfssl.conf
wolfssl {

    # Enable to prevent loading the plugin if wolfSSL is not in FIPS mode.
    fips_mode = yes

    # Whether to load the plugin. Can also be an integer to increase the
    # priority of this plugin.
    load = yes

}

Log 


 ./charon-svc.exe -h
00[DMN] Starting IKE service charon-svc (strongSwan 5.9.14, Windows Client 10.0.22621 (SP 0.0))
00[LIB] wolfssl FIPS mode unavailable (-203)
00[LIB] plugin 'wolfssl': failed to load - wolfssl_plugin_create returned NULL

Share

  • Registered: 2021-07-06
  • Posts: 152

Re: Strongswan WolfSSL FIPS Windows MSYS

Hello volga629,

-203 IN_CORE_FIPS_E means our FIPS hash check failed.  When building wolfSSL FIPS you must update the FIPS hash after any build option/environment change, you can either run the script fips-hash.sh in the root of the wolfSSL directory or run the wolfCrypt test and copy the hash it outputs to fips_test.c.  Then rebuild and retry using wolfSSL with strongswan.

Thanks,
Kareem

Share

  • Registered: 2024-10-30
  • Posts: 40

Re: Strongswan WolfSSL FIPS Windows MSYS

Thank you for reply, I tried the following process, but it didn't helped. I will try to recompile from clean source. 

./configure 
make
./fips-hash.sh
make 
make install DESTDIR=/home/directory

Share

4 Reply by volga629 (edited by volga629 2024-11-18 15:15:34)

  • Registered: 2024-10-30
  • Posts: 40

Re: Strongswan WolfSSL FIPS Windows MSYS

I tried recompile clean source and result the same -203 error when strongswan tries to load wolfssl library libwolfssl-42.dll

 CC       wolfcrypt/src/src_libwolfssl_la-signature.lo
  CC       wolfcrypt/src/src_libwolfssl_la-wc_encrypt.lo
  CC       wolfcrypt/src/src_libwolfssl_la-wolfmath.lo
  CC       wolfcrypt/src/src_libwolfssl_la-memory.lo
  CC       wolfcrypt/src/src_libwolfssl_la-asn.lo
  CC       wolfcrypt/src/src_libwolfssl_la-coding.lo
  CC       wolfcrypt/src/src_libwolfssl_la-md5.lo
  CC       wolfcrypt/src/src_libwolfssl_la-pkcs12.lo
  CC       wolfcrypt/src/src_libwolfssl_la-tfm.lo
  CC       wolfcrypt/src/src_libwolfssl_la-wc_lms.lo
  CC       wolfcrypt/src/src_libwolfssl_la-wc_lms_impl.lo
  CC       wolfcrypt/src/src_libwolfssl_la-wc_xmss.lo
  CC       wolfcrypt/src/src_libwolfssl_la-wc_xmss_impl.lo
  CC       wolfcrypt/src/src_libwolfssl_la-fe_operations.lo
  CC       wolfcrypt/src/src_libwolfssl_la-ge_operations.lo
  CC       wolfcrypt/src/src_libwolfssl_la-fe_448.lo
  CC       wolfcrypt/src/src_libwolfssl_la-ge_448.lo
  CC       src/libwolfssl_la-internal.lo
  CC       src/libwolfssl_la-wolfio.lo
  CC       src/libwolfssl_la-keys.lo
  CC       src/libwolfssl_la-ssl.lo
  CC       src/libwolfssl_la-tls.lo
  CC       src/libwolfssl_la-tls13.lo
  CC       src/libwolfssl_la-ocsp.lo
  CC       src/libwolfssl_la-dtls.lo
  CC       wolfcrypt/test/test.o
  CCLD     src/libwolfssl.la
  CCLD     wolfcrypt/benchmark/benchmark.exe
  CCLD     wolfcrypt/test/testwolfcrypt.exe
make[2]: Leaving directory '/home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready'
make[1]: Leaving directory '/home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready'

volga629@Desktop1 MSYS ~/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready
$ bash -x ./fips-hash.sh
+ test '!' -x ./wolfcrypt/test/testwolfcrypt
+ test '!' -s ./wolfcrypt/src/fips_test.c
++ ./wolfcrypt/test/testwolfcrypt
++ sed -n 's/hash = \(.*\)/\1/p'
+ NEWHASH=76B04B1BDFA4454AF3C54F678D29FDF1D83C51F9CC65A81E19F12B27CF839B0F
+ test -n 76B04B1BDFA4454AF3C54F678D29FDF1D83C51F9CC65A81E19F12B27CF839B0F
+ cp wolfcrypt/src/fips_test.c wolfcrypt/src/fips_test.c.bak
+ sed 's/^".*";/"76B04B1BDFA4454AF3C54F678D29FDF1D83C51F9CC65A81E19F12B27CF839B0F";/' wolfcrypt/src/fips_test.c.bak
 make install DESTDIR=$(pwd)/wolfssl-fips-build
make -j9  install-recursive
make[1]: Entering directory '/home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready'
make[2]: Entering directory '/home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready'
make[2]: warning: -j9 forced in submake: resetting jobserver mode.
make[3]: Entering directory '/home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready'
make[3]: warning: -j9 forced in submake: resetting jobserver mode.
/bin/sh /home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready/build-aux/install-sh -d /home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready/wolfssl-fips-build/usr/bin
/usr/bin/install -c wolfssl-config /home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready/wolfssl-fips-build/usr/bin
 /usr/bin/mkdir -p '/home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready/wolfssl-fips-build/usr/share/doc/wolfssl'
 /usr/bin/mkdir -p '/home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready/wolfssl-fips-build/usr/share/doc/wolfssl/example'
 /usr/bin/mkdir -p '/home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready/wolfssl-fips-build/usr/include'
 /usr/bin/mkdir -p '/home/volga629/strongswan-5.9.14/wolfssl-5.7.4-gplv3-fips-ready/wolfssl-fips-build/usr/lib/pkgconfig'

Share

5 Reply by volga629 (edited by volga629 2024-11-19 07:54:36)

  • Registered: 2024-10-30
  • Posts: 40

Re: Strongswan WolfSSL FIPS Windows MSYS

I  will try rebuild from source again, but strongswan start up error is point  that wolfssl library is not fully working.
Can you please post requirements to build wolfssl properly on Windows.

Start up error

$ ./charon-svc.exe -h
00[DMN] Starting IKE service charon-svc (strongSwan 5.9.14, Windows Client 10.0.22621 (SP 0.0))
00[LIB] wolfssl FIPS mode unavailable (-203)
00[LIB] plugin 'wolfssl': failed to load - wolfssl_plugin_create returned NULL
00[LIB] feature CUSTOM:libcharon in critical plugin 'charon-svc' has unmet dependency: NONCE_GEN
00[LIB] feature CUSTOM:libcharon-receiver in critical plugin 'charon-svc' has unmet dependency: HASHER:HASH_SHA1
00[LIB] feature CUSTOM:libcharon-sa-managers in critical plugin 'charon-svc' has unmet dependency: HASHER:HASH_SHA1
00[CFG] failed to read the resolver config: error reading file (No such file or directory)
00[CFG] failed to create a DNS resolver instance
00[LIB] failed to load 3 critical plugin features

Share

  • Registered: 2024-10-30
  • Posts: 40

Re: Strongswan WolfSSL FIPS Windows MSYS

I tried disable shared library and rebuilt with static and still having trouble to run FIPS wolfssl. This time getting -197 

$ ./charon-svc.exe
00[DMN] Starting IKE service charon-svc (strongSwan 5.9.14, Windows Client 10.0.22621 (SP 0.0))
00[LIB] wolfssl FIPS mode unavailable (-197)
00[LIB] plugin 'wolfssl': failed to load - wolfssl_plugin_create returned NULL
00[LIB] feature CUSTOM:libcharon in critical plugin 'charon-svc' has unmet dependency: NONCE_GEN
00[LIB] feature CUSTOM:libcharon-receiver in critical plugin 'charon-svc' has unmet dependency: HASHER:HASH_SHA1
00[LIB] feature CUSTOM:libcharon-sa-managers in critical plugin 'charon-svc' has unmet dependency: HASHER:HASH_SHA1
00[CFG] failed to read the resolver config: error reading file (No such file or directory)
00[CFG] failed to create a DNS resolver instance
00[LIB] failed to load 3 critical plugin features

Share

  • Registered: 2021-07-06
  • Posts: 152

Re: Strongswan WolfSSL FIPS Windows MSYS

Hi volga629,

Since you are using FIPS ready, please try adding a call to wc_RunAllCast_fips() after strongswan calls (wolf)SSL_Init() and let me know if it helps.  If not, please enable wolfSSL debug logging and attach a debug log here.

Thanks,
Kareem

Share

  • Registered: 2024-10-30
  • Posts: 40

Re: Strongswan WolfSSL FIPS Windows MSYS

In testWolfCrypt I am getting error 

$ ./wolfcrypt/test/testwolfcrypt
------------------------------------------------------------------------------
 wolfSSL version 5.7.4
------------------------------------------------------------------------------
FIPS module version in use: wolfCrypt v7.0.0
error    test passed!
MEMORY   test passed!
base64   test passed!
base16   test passed!
asn      test passed!
in my Fips callback, ok = 0, err = -197
message = FIPS mode not allowed error
hash =
RANDOM   test failed!
 error L=17866 code=-197 (FIPS mode not allowed error)
 [fiducial line numbers: 9103 28041 46740 59294]
Exiting main with return code: -1

Share

  • Registered: 2021-07-06
  • Posts: 152

Re: Strongswan WolfSSL FIPS Windows MSYS

Hi Volga,

That error means the FIPS hash was not updated correctly, you will need to update your FIPS hash or wolfSSL will not initialize.

Thanks,
Kareem

Share

10 Reply by volga629 (edited by volga629 2024-11-19 12:21:59)

  • Registered: 2024-10-30
  • Posts: 40

Re: Strongswan WolfSSL FIPS Windows MSYS

I am not sure what I am doing incorrectly, but even tried to pass -DWOLFCRYPT_FIPS_CORE_HASH_VALUE
I tried to enable debug log. 

            --disable-examples \
            LDFLAGS="-lws2_32 -lcrypt32 -Wl,-s -Wl,--gc-sections" \
            CFLAGS="-DWOLFCRYPT_FIPS_CORE_HASH_VALUE=8D29242F610EAEA179605BB1A99974EBC72B0ECDB26B483B226A729F36FC82A2"

Curent configure options  need remove      --disable-static \

 ./configure --host=x86_64-w64-mingw32 --enable-reproducible-build --enable-keygen --enable-rsapss \
            --enable-secure-renegotiation --enable-fastmath \
            --enable-ed25519 --enable-curve25519 \
            --enable-static=yes \
            --enable-shared=no \
            --enable-fips=ready \
            --enable-opensslall \
            --enable-ecc \
            --enable-ocsp \
            --enable-crl \
            --enable-psk \
            --disable-fpecc \
            --disable-aligndata \
            --disable-static \
            --disable-jni \
            --disable-crl-monitor\
            --disable-examples \
            LDFLAGS="-lws2_32 -lcrypt32 -Wl,-s -Wl,--gc-sections" \
            CFLAGS="-DWOLFCRYPT_FIPS_CORE_HASH_VALUE=8D29242F610EAEA179605BB1A99974EBC72B0ECDB26B483B226A729F36FC82A2"

Share

11 Reply by volga629 (edited by volga629 2024-11-19 12:22:29)

  • Registered: 2024-10-30
  • Posts: 40

Re: Strongswan WolfSSL FIPS Windows MSYS

Is this give better info ?
I tried to enable --enable-debug


$ ./wolfcrypt/test/testwolfcrypt
------------------------------------------------------------------------------
 wolfSSL version 5.7.4
------------------------------------------------------------------------------
FIPS module version in use: wolfCrypt v7.0.0
error    test passed!
wolfSSL Entering memory_test
MEMORY   test passed!
wolfSSL Entering base64_test
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too big
Bad Base64 Decode data, too small
Bad Base64 Decode data, too big
Bad Base64 Decode data, too small
Bad Base64 Decode data, too big
Bad Base64 Decode data, too small
Bad Base64 Decode data, too big
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad end of line in Base64 Decode
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Escape buffer max too small
base64   test passed!
wolfSSL Entering base16_test
base16   test passed!
wolfSSL Entering asn_test
asn      test passed!
wolfSSL Entering random_test
in my Fips callback, ok = 0, err = -197
message = FIPS mode not allowed error
hash =
RANDOM   test failed!
 error L=17866 code=-197 (FIPS mode not allowed error)
 [fiducial line numbers: 9103 28041 46740 59294]
wolfSSL Entering wolfCrypt_Cleanup
Exiting main with return code: -1

Share

  • Registered: 2024-10-30
  • Posts: 40

Re: Strongswan WolfSSL FIPS Windows MSYS

Is it possible related to --enable-static  that hash is not generated ?

Share

  • Registered: 2021-07-06
  • Posts: 152

Re: Strongswan WolfSSL FIPS Windows MSYS

Hi Volga,

When using wolfSSL as a static library, the hash will change depending on the application wolfSSL is built against.  You will need to run strongswan with wolfSSL linked, then get the FIPS hash from there and rebuild wolfSSL with that hash.  I would recommend building as a dynamic library if possible as it will be more straightforward.

Share

  • Registered: 2024-10-30
  • Posts: 40

Re: Strongswan WolfSSL FIPS Windows MSYS

If I build dynamic library error 

Escape buffer max too small
base64   test passed!
wolfSSL Entering base16_test
base16   test passed!
wolfSSL Entering asn_test
asn      test passed!
wolfSSL Entering random_test
in my Fips callback, ok = 0, err = -203
message = In Core Integrity check FIPS error
hash = 11FC92013108BCB799AF1141F7BE8EB3E314240A8985736469BBDC33D5A94A0C
In core integrity hash check failure, copy above hash
into verifyCore[] in fips_test.c and rebuild
RANDOM   test failed!
 error L=17866 code=-197 (FIPS mode not allowed error)
 [fiducial line numbers: 9103 28041 46740 59294]
wolfSSL Entering wolfCrypt_Cleanup
Exiting main with return code: -1

Share

  • Registered: 2021-07-06
  • Posts: 152

Re: Strongswan WolfSSL FIPS Windows MSYS

For the dynamic library error you need to copy the given hash into verifyCore in fips_test.c and rebuild wolfSSL.

Share

16 Reply by volga629 (edited by volga629 2024-11-19 13:57:36)

  • Registered: 2024-10-30
  • Posts: 40

Re: Strongswan WolfSSL FIPS Windows MSYS

Sorry, I was need to clarify. That message after I ran make second time.

Please confirm  the build process

autoreconf -ifv
./configure
make
./fips_hash.sh
make
make install DESTDIR=install_dir

Share

  • Registered: 2024-10-30
  • Posts: 40

Re: Strongswan WolfSSL FIPS Windows MSYS

I tried rebuild dynamic library and still having issue. I followed the process and tried compile and run update  fips hash.
I think it time to open GitHub issue,  seems like hash update process having issue in Windows.


$ ldd charon-svc.exe
        ntdll.dll => /c/Windows/SYSTEM32/ntdll.dll (0x7ffb75230000)
        KERNEL32.DLL => /c/Windows/System32/KERNEL32.DLL (0x7ffb73c10000)
        KERNELBASE.dll => /c/Windows/System32/KERNELBASE.dll (0x7ffb726b0000)
        ADVAPI32.dll => /c/Windows/System32/ADVAPI32.dll (0x7ffb73890000)
        msvcrt.dll => /c/Windows/System32/msvcrt.dll (0x7ffb73e70000)
        sechost.dll => /c/Windows/System32/sechost.dll (0x7ffb73530000)
        bcrypt.dll => /c/Windows/System32/bcrypt.dll (0x7ffb72c10000)
        RPCRT4.dll => /c/Windows/System32/RPCRT4.dll (0x7ffb73720000)
        WS2_32.dll => /c/Windows/System32/WS2_32.dll (0x7ffb739b0000)
        fwpuclnt.dll => /c/Windows/SYSTEM32/fwpuclnt.dll (0x7ffb6f0e0000)
        IPHLPAPI.DLL => /c/Windows/SYSTEM32/IPHLPAPI.DLL (0x7ffb70d10000)
        libwolfssl-42.dll => /home/volg629/strongswan-5.9.14/strongswan-sec/libwolfssl-42.dll (0x7ffb148f0000)
        CRYPT32.dll => /c/Windows/System32/CRYPT32.dll (0x7ffb72540000)
        ucrtbase.dll => /c/Windows/System32/ucrtbase.dll (0x7ffb72d00000)
        WINHTTP.dll => /c/Windows/SYSTEM32/WINHTTP.dll (0x7ffb6e9c0000)
        libgcc_s_seh-1.dll => /mingw64/bin/libgcc_s_seh-1.dll (0x7ffb485b0000)
        libdl.dll => /mingw64/bin/libdl.dll (0x7ffb4b4d0000)
        libunbound-8.dll => /mingw64/bin/libunbound-8.dll (0x7ffb14050000)
        libldns-3.dll => /mingw64/bin/libldns-3.dll (0x7ffb335f0000)
        libwinpthread-1.dll => /mingw64/bin/libwinpthread-1.dll (0x7ffb43380000)
        libssl-3-x64.dll => /mingw64/bin/libssl-3-x64.dll (0x7ffb21d30000)
        libcrypto-3-x64.dll => /mingw64/bin/libcrypto-3-x64.dll (0x26be2410000)
        libcrypto-3-x64.dll => /mingw64/bin/libcrypto-3-x64.dll (0x26be28f0000)
        libcrypto-3-x64.dll => /mingw64/bin/libcrypto-3-x64.dll (0x7ffb05a80000)
        USER32.dll => /c/Windows/System32/USER32.dll (0x7ffb73a30000)
        win32u.dll => /c/Windows/System32/win32u.dll (0x7ffb72e20000)
        GDI32.dll => /c/Windows/System32/GDI32.dll (0x7ffb73be0000)
        gdi32full.dll => /c/Windows/System32/gdi32full.dll (0x7ffb72af0000)
        msvcp_win.dll => /c/Windows/System32/msvcp_win.dll (0x7ffb72ec0000)

volga629@Desktop1 MSYS ~/strongswan-5.9.14/strongswan-sec
$ ./charon-svc.exe
Starting Power On Self Test
Pre-Operational Self Test FAILURE
00[DMN] Starting IKE service charon-svc (strongSwan 5.9.14, Windows Client 10.0.22621 (SP 0.0))
00[LIB] wolfssl FIPS mode unavailable (-203)
00[LIB] plugin 'wolfssl': failed to load - wolfssl_plugin_create returned NULL
00[LIB] feature CUSTOM:libcharon in critical plugin 'charon-svc' has unmet dependency: NONCE_GEN
00[LIB] feature CUSTOM:libcharon-receiver in critical plugin 'charon-svc' has unmet dependency: HASHER:HASH_SHA1
00[LIB] feature CUSTOM:libcharon-sa-managers in critical plugin 'charon-svc' has unmet dependency: HASHER:HASH_SHA1
00[CFG] failed to read the resolver config: error reading file (No such file or directory)
00[CFG] failed to create a DNS resolver instance
00[LIB] failed to load 3 critical plugin features

Share

  • Registered: 2024-10-30
  • Posts: 40

Re: Strongswan WolfSSL FIPS Windows MSYS

Thank you for all support. I opened GitHub issue, to continue find correct formula.

Share