1 Topic by m_u_h

(1 replies, posted in wolfCrypt)

Hi,
Is it possible to get wolfCrypt version  installed on Linux machine using python? Something similar to this given in manual e.g. python3 -c "from wolfcrypt.hashes import Sha; print(Sha().hexdigest())".
Thanks,
Regards,
MUH

Go to forum: wolfCrypt

2 Reply by m_u_h

(2 replies, posted in wolfCrypt)

Hi Kareem,

Thanks for the clarification. We will give it a try.

Best Regards,

Go to forum: wolfCrypt

3 Topic by m_u_h

(2 replies, posted in wolfCrypt)

Hi,
I can manually trigger the POST in-core memory failure by modifying wolfengine library (as suggested by embhorn in a previous post). How can I manually trigger POST KAT failure ? Will removing symbolic link to wolfengine library from OpenSSL/engines directory a valid way of doing this test i.e. OpenSSL will not be able to load engine and run POST KAT tests ?

Thanks,

Go to forum: wolfCrypt

4 Reply by m_u_h

(2 replies, posted in wolfCrypt)

Hi Anthony,

Thanks a-lot for your quick reply and the very useful pointer. We are using Apache Web Server. I have now found out that Apache Web Server will have to be rebuild and re-configured to use external crypto engine e.g. wolfCrypt with OpenSSL i.e. "https://serverfault.com/questions/10594 … che-server".

Thanks Again for your help.

Best Regards,

Go to forum: wolfCrypt

5 Topic by m_u_h

(2 replies, posted in wolfCrypt)

Hi,
We are loading wolfCrypt Engine from OpenSSL configuration file. We have also enabled debug for wolfCrypt Engine. The wolfCrypt Engine is generating debug messages for SSH connection and other cryptographic operations.

However, wolfCrypt Engine is not generating debug messages for TLS handshake/connection (TLS connection is succeeding). Will OpenSSL use wolfCrypt Engine for TLS connections by default or some configuration is needed for this ?
 
Thanks,

Go to forum: wolfCrypt

6 Reply by m_u_h

(2 replies, posted in wolfCrypt)

Hi Kareem,

Thanks a-lot for quick reply and clarification.

Best Regards,

Go to forum: wolfCrypt

7 Topic by m_u_h

(2 replies, posted in wolfCrypt)

Hi,

We are using FIPS validated version of WolfCrypt with WolfEngine. We are loading WolfEngine from OpenSSL configuration.We have build cURL with OpenSSL. Do we also need to build cURL with  WolfCrypt FIPS 140-2 ?


Thanks,

Go to forum: wolfCrypt

8 Reply by m_u_h

(3 replies, posted in wolfCrypt)

Hi Chris,

Thanks for your detailed reply. Yes, we are using FIPS validated version of wolfCrypt with wolfEngine. Does that mean that we don't have to set this option in configuration file ?

Best Regards,

Go to forum: wolfCrypt

9 Topic by m_u_h

(3 replies, posted in wolfCrypt)

Hi,
 
It is possible to enable wolfEngine FIPS checks by setting "enable_fips_checks" to 1. What is effect of enabling FIPS check ? 


Thanks,

Go to forum: wolfCrypt

10 Reply by m_u_h

(2 replies, posted in wolfCrypt)

Thanks for the clarification. I will give it a go.

Best Regards,

Go to forum: wolfCrypt

11 Topic by m_u_h

(2 replies, posted in wolfCrypt)

Hi,
We are using wolengine with OpenSSL. We want to manually trigger wolfengine failure for testing power-up/self-tests behavior. What would be best way to do this ? Do wolfengine provide any API for this purpose ?

Thanks,

Go to forum: wolfCrypt

12 Reply by m_u_h

(2 replies, posted in wolfCrypt)

Hi Eric,

Thanks for the clarification. We will send support ticket to "support@wolfssl.com" for further clarification.

Best Regards,

Go to forum: wolfCrypt

13 Topic by m_u_h

(2 replies, posted in wolfCrypt)

Hi,

We have successfully build wolfengine with fips i.e. "--enable-fips=v2" and debug i.e. "--enable-debug" support on Linux machine. The OpenSSL configuration file has been updated to use wolfengine.

The OpenSSL is using the wolfengine by default. However, wolfengine is not blocking un-supported FIPS algorithms and it is still possible to use non-fips supported algorithms as shown below. Do we need to configure some parameter to enable fips for wolfengine ?

=========================================
Output of "openssl dgst -md4  test.txt" Command
==========================================   
wolfEngine Leaving wolfengine_ctrl, return 1
wolfEngine Entering we_ciphers
wolfEngine Leaving we_ciphers, return 18
wolfEngine Entering we_digests
wolfEngine Leaving we_digests, return 6
wolfEngine Entering we_pkey
Returning 11 supported public key NIDs
wolfEngine Leaving we_pkey, return 11
MD4(test.txt)= 9a2a5dcb1fb54b8a97bd3c4d73a111e4 <========================
wolfEngine Entering we_pkey
Returning 11 supported public key NIDs
wolfEngine Leaving we_pkey, return 11
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering wolfengine_destroy
wolfEngine Entering we_final_random
wolfEngine Leaving we_final_random, return 1
wolfEngine Leaving wolfengine_destroy, return 1

===================================================
Output of  openssl des -in test.txt -out encrypted.txt  Command
================================ ===================
wolfEngine Leaving wolfengine_ctrl, return 1
wolfEngine Entering we_ciphers
wolfEngine Leaving we_ciphers, return 18
wolfEngine Entering we_digests
wolfEngine Leaving we_digests, return 6
wolfEngine Entering we_pkey
Returning 11 supported public key NIDs
wolfEngine Leaving we_pkey, return 11
enter des-cbc encryption password:
Verifying - enter des-cbc encryption password:
wolfEngine Entering we_rand_bytes
wolfEngine Entering we_rand_add_weak_entropy
wolfEngine Entering we_rand_mix_seed
wolfEngine Leaving we_rand_mix_seed, return 1
wolfEngine Leaving we_rand_add_weak_entropy, return 1
wolfEngine Leaving we_rand_bytes, return 1
wolfEngine Entering we_pkey
Returning 11 supported public key NIDs
wolfEngine Leaving we_pkey, return 11
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering we_pkey
wolfEngine Leaving we_pkey, return 1
wolfEngine Entering wolfengine_destroy
wolfEngine Entering we_final_random
wolfEngine Leaving we_final_random, return 1
wolfEngine Leaving wolfengine_destroy, return 1



Thanks,

Go to forum: wolfCrypt

14 Reply by m_u_h

(2 replies, posted in wolfCrypt)

Hi Kareem,

Thanks for the clarification. We will re-try it after building it with ""--enable -debug" flag.

Best Regards,

Go to forum: wolfCrypt

15 Topic by m_u_h

(2 replies, posted in wolfCrypt)

Hi,
We are loading wolfEngine from an OpenSSL configuration file. The loading of engine is working. However, if we try to enable debug i.e. "enable_debug = 1" in configuration file then loading of engine fails and error messages are generated.

The error messages and relevant part of configuration is given below. What can be done to solve these error messages ? 

==============
Error Messages
==============                             
Error configuring OpenSSL
139736640579472:error:260BC066:engine routines:INT_ENGINE_CONFIGURE:engine configuration error:eng_cnf.c:191:section=wolfssl_section, name=enable_debug, value=1
139736640579472:error:0E07606D:configuration file routines:MODULE_RUN:module initialization error:conf_mod.c:225:module=engines, value=engine_section, retcode=-1

====================
Part of Configuration
====================
openssl_conf = openssl_init

[openssl_init]
engines = engine_section

[engine_section]
wolfSSL = wolfssl_section

[wolfssl_section]
# If using OpenSSL <= 1.0.2, change engine_id to wolfengine (drop the "lib").
engine_id = wolfengine
dynamic_path = /path/libwolfengine.so
init = 1
# Use wolfEngine as the default for all algorithms it provides.
default_algorithms = ALL
# Only enable when debugging application - produces large amounts of output.
enable_debug = 1


Thanks,

Go to forum: wolfCrypt

16 Reply by m_u_h

(2 replies, posted in wolfCrypt)

Hi Kareem,

Thanks a-lot for quick reply and clarification.

Best Regards,

Go to forum: wolfCrypt

17 Topic by m_u_h

(2 replies, posted in wolfCrypt)

How can we view the results of Power on self–tests if wolfengine is reloaded on Linux system (wolfengine has already been build on it) ? Is it also possible to run this test on-demand without loading wolfengine ?

Go to forum: wolfCrypt