[openssl-users] af_alg engine: digests work but ciphers do not?

Barbe, Charles Charles.Barbe at allworx.com
Tue Apr 21 17:10:40 UTC 2015

That was it... thank you so much!!!

Charles A. Barbe
Senior Software Engineer
Allworx, a Windstream company
245 East Main St | Rochester NY | 14604
Charles.Barbe at allworx.com | 585.421.5565

From: openssl-users [openssl-users-bounces at openssl.org] on behalf of Dr. Stephen Henson [steve at openssl.org]
Sent: Tuesday, April 21, 2015 10:05 AM
To: openssl-users at openssl.org
Subject: Re: [openssl-users] af_alg engine: digests work but ciphers do not?

On Tue, Apr 21, 2015, Barbe, Charles wrote:

> I've spent the last few days configuring the cryptodev engine on my platform and I am also seeing the same behavior with that engine as I did with af_alg. It seems like OpenSSL does not even attempt to use the engine for ciphers. My next step is to start plowing through the openssl code to figure out how control is supposed to get passed to an engine - I believe this happens in evp_enc.c.
> Something tells me I'm just missing something fundamental here... like a configuration option on build or maybe something I missed in openssl.conf.

> However, if I try to do a cipher instead of a digest, my driver is not used. For example, when I run:
> openssl speed aes-256-cbc -engine af_alg

The speed command uses EVP for all digest operations but uses low level APIs
for cipher operations when you don't include the -evp option. ENGINEs only
work at the EVP level so your above command will just use the built in

If instead you do:

  openssl speed -evp aes-256-cbc

It should work if you've set up an ENGINE to provide the default

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

This email message and any attachments are for the sole use of the intended recipient(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and any attachments.

More information about the openssl-users mailing list