{"id":19579754,"url":"https://github.com/wolfssl/wolfengine","last_synced_at":"2025-09-11T06:37:58.702Z","repository":{"id":37317871,"uuid":"337227521","full_name":"wolfSSL/wolfEngine","owner":"wolfSSL","description":"wolfCrypt and wolfCrypt FIPS engine for OpenSSL","archived":false,"fork":false,"pushed_at":"2025-03-25T18:47:24.000Z","size":1648,"stargazers_count":23,"open_issues_count":1,"forks_count":27,"subscribers_count":18,"default_branch":"master","last_synced_at":"2025-04-04T23:11:12.822Z","etag":null,"topics":["cryptography","fips","fips-140-2","fips-140-3","openssl","openssl-engine","openssl-library","openssl-support","wolfcrypt","wolfssl"],"latest_commit_sha":null,"homepage":"https://www.wolfssl.com","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wolfSSL.png","metadata":{"files":{"readme":"README.md","changelog":"ChangeLog.md","contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-02-08T22:30:38.000Z","updated_at":"2025-03-25T18:47:22.000Z","dependencies_parsed_at":"2023-02-14T02:01:46.629Z","dependency_job_id":"157a1641-37d7-4358-a4a0-467277a288da","html_url":"https://github.com/wolfSSL/wolfEngine","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2FwolfEngine","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2FwolfEngine/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2FwolfEngine/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2FwolfEngine/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wolfSSL","download_url":"https://codeload.github.com/wolfSSL/wolfEngine/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251112537,"owners_count":21538162,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","fips","fips-140-2","fips-140-3","openssl","openssl-engine","openssl-library","openssl-support","wolfcrypt","wolfssl"],"created_at":"2024-11-11T07:18:55.940Z","updated_at":"2025-04-27T08:31:54.899Z","avatar_url":"https://github.com/wolfSSL.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# wolfEngine\n\nwolfEngine is an [OpenSSL engine](https://www.openssl.org/docs/man1.0.2/man3/engine.html)\nbacked by wolfSSL's wolfCrypt cryptography library. wolfCrypt is\n[FIPS-validated](https://csrc.nist.gov/Projects/cryptographic-module-validation-program/Certificate/3389),\nso wolfEngine can be used to achieve FIPS compliance with OpenSSL, all without\nhaving to touch the OpenSSL code itself.\n\n## Features\n\n* SHA-1\n* SHA-224\n* SHA-256\n* SHA-384\n* SHA-512\n* SHA3-224\n* SHA3-256\n* SHA3-384\n* SHA3-512\n* DES3-CBC\n* AES\n    * 128, 192, and 256 bit keys\n    * ECB\n    * CBC\n    * CTR\n    * GCM\n    * CCM\n* DRBG\n* RSA\n* DH\n* ECC\n    * ECDSA\n    * ECDH\n    * EC key generation\n    * Curve P-192\n    * Curve P-224\n    * Curve P-256\n    * Curve P-384\n    * Curve P-521\n* HMAC\n* CMAC\n* HKDF\n* PBKDF2\n* TLS PRF\n\n### OpenSSL Version Support\nwolfEngine can be used with any OpenSSL version that supports the engine\nframework. Engines are deprecated in OpenSSL 3.0.0. They're replaced with a\nsimilar concept called [providers](https://www.openssl.org/docs/manmaster/man7/provider.html).\nwolfSSL also offers a provider backed by wolfCrypt. Please reach out to\nfacts@wolfssl.com if you're interested in evaluating the wolfSSL provider. \n\n#### Caveats\n* SHA-3 support is only available with OpenSSL versions 1.1.1+.\n* EC_KEY_METHOD is only available with OpenSSL versions 1.1.1+.\n\n## Building on \\*nix\n\n### TL;DR\u003e\nThe quickest way to get up and running is to use the `scripts/util-*.sh`. There\nis a `scripts/test-sanity.sh` that will pull all the required dependencies,\ncompile them as needed, and finally run a few tests to make sure things are\nworking as they should. For a more detailed step-by-step instruction,\ncontinue reading.\n\n### OpenSSL\n\nAssuming you've downloaded OpenSSL source code into a directory called openssl:\n```\ncd openssl\n./config shared\nmake\nsudo make install\n```\n\n### wolfSSL\n\n#### From FIPS Bundle\n\nUse this configure command:\n```\n./configure --enable-engine\n```\n\nThis adds support for `--enable-engine=fips-v2` automatically. Replace this with\n`--enable-engine=fips-v5` if using a FIPSv5 140-3 bundle. Replace this with\n`--enable-engine=fips-ready` if using a FIPS Ready bundle. If your wolfSSL\nversion doesn't support `--enable-engine`, use this instead:\n\n```\n./configure --enable-fips=v2 --enable-opensslcoexist --enable-cmac\n--enable-keygen --enable-sha --enable-des3 --enable-aesctr --enable-aesccm\n--enable-x963kdf CPPFLAGS=\"-DHAVE_AES_ECB -DWOLFSSL_AES_DIRECT\n-DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DECC_MIN_KEY_SZ=192 -DSha3=wc_Sha3\n-DNO_OLD_SHA256_NAMES -DNO_OLD_MD5_NAME\"\n```\n\nChange `--enable-fips=v2` to `--enable-fips=ready` if using a FIPS Ready bundle.\n\n#### From Git\n\n```\ngit clone https://github.com/wolfssl/wolfssl.git\ncd wolfssl\n./autogen.sh\n./configure --enable-engine=no-fips\nmake\nsudo make install\n```\n\nIf your wolfSSL version doesn't support `--enable-engine`, use this instead:\n\n```\n./configure --enable-opensslcoexist --enable-cmac --enable-keygen --enable-sha\n--enable-des3 --enable-aesctr --enable-aesccm --enable-x963kdf\nCPPFLAGS=\"-DHAVE_AES_ECB -DWOLFSSL_AES_DIRECT -DWC_RSA_NO_PADDING\n-DWOLFSSL_PUBLIC_MP -DECC_MIN_KEY_SZ=192 -DWOLFSSL_PSS_LONG_SALT\n-DWOLFSSL_PSS_SALT_LEN_DISCOVER\"\n```\n\n#### Additional Options\n- Add `--enable-pwdbased` to the configure commands above if using PKCS#12.\n- Add `--enable-debug` to turn on debug logging.\n\n### wolfEngine\n\n```\ngit clone https://github.com/wolfSSL/wolfEngine.git\ncd wolfEngine\n./autogen.sh\n./configure --with-openssl=/path/to/openssl/installation --with-wolfssl=/path/to\n/wolfssl/installation\nmake\nmake check\n```\n\n`make check` may fail if the OpenSSL or wolfSSL libraries aren't found. In this\ncase, try `export LD_LIBRARY_PATH=/path/to/openssl/installation/lib:/path/to/\nwolfssl/installation/lib:$LD_LIBRARY_PATH` and re-run `make check`.\n\n#### Customizing\n\n* To build wolfEngine in single-threaded mode, add `--enable-singlethreaded` to\nthe configure command.\n* To build wolfEngine with PBES support (used with PKCS #12), add\n`--enable-pbe`. Note: wolfSSL must have been configured with\n`--enable-pwdbased`.\n* To disable support for loading wolfEngine dynamically, add\n`--disable-dynamic-engine`.\n* To build a static version of wolfEngine, add `--enable-static`.\n* To use a custom user_settings.h file to override the defines produced by\n`./configure`, add `--enable-usersettings` and place a user_settings.h file with\nthe defines you want in the include directory. See the root of the project for\nan example user_settings.h.\n* To build wolfEngine with debug support, add `--enable-debug`. Then, to\nactivate the debug logging at runtime, your application should send this control\ncommand to wolfEngine (denoted \"e\" here): `ENGINE_ctrl_cmd(e, \"enable_debug\", 1,\nNULL, NULL, 0)`.\n* To build wolfEngine for use with OpenSSH, add `--enable-openssh`.\n\n## Testing on \\*nix\n\n### Unit Tests\n\nRun the unit tests with `make check`.\n\nIf you get an error like `error while loading shared libraries: libssl.so.3`\nthen the library cannot be found. Use the `LD_LIBRARY_PATH` environment variable\nas described earlier.\n\n### Integration Tests\nSee the scripts directory for integration tests with other applications (e.g.\nOpenSSH, stunnel, etc.).\n\n### Commit Tests\n\nFor wolfEngine developers running commit tests, a custom OpenSSL installation\nlocation can be set using the `WOLFENGINE_OPENSSL_INSTALL` environment variable.\nWhen set, wolfEngine commit tests will use the specified OpenSSL installation\npath for commit tests, setting the path using\n`--with-openssl=WOLFENGINE_OPENSSL_INSTALL` at configure time.\n\n## Windows\n\nRefer to `windows/README.md` for instructions for building wolfEngine using\nVisual Studio.\n\n## Examples\n\nExample programs using wolfEngine can be found in the `examples/` subdirectory.\n\n## Need Help?\n\nPlease reach out to support@wolfssl.com for technical support. If you're\ninterested in commercial licensing, FIPS operating environment additions,\nconsulting services, or other business engagements, please reach out to\nfacts@wolfssl.com.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwolfssl%2Fwolfengine","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwolfssl%2Fwolfengine","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwolfssl%2Fwolfengine/lists"}