AES-cipher offload to engine in openssl-fips
sujiknair at gmail.com
Tue Feb 26 12:51:02 UTC 2019
I am unable to use AES-cipher offload to my engine even though it was
registered with the proper flag (EVP_CIPH_FLAG_FIPS). I was able to use
RSA, digests, and ECDSA to the engine with corresponding flags.
I am using openssl-fips-2.0.16 and openssl-1.0.2e.
OPENSSL_FIPS is set.
I come across the code snippet in crypto/evp/evp_enc.c . In function
EVP_CipherInit_ex. At start, pointer is updated with engine function and at
Line number 173, In case of fips mode, function pointer gets updated to
openssl function. Which means in fips mode ciphers never gets offloaded to
All other functions (digest, RSA etc) , it first updates to fips function,
and then engine function. Why only ciphers has this different behaviour?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users