AES-cipher offload to engine in openssl-fips

Suji sujiknair at gmail.com
Tue Feb 26 12:51:02 UTC 2019


Hi,

I am unable to use AES-cipher offload to my engine even though it was
registered with the proper flag (EVP_CIPH_FLAG_FIPS). I was able to use
RSA, digests, and ECDSA to the engine with corresponding flags.

I am using openssl-fips-2.0.16 and openssl-1.0.2e.

OPENSSL_FIPS is set.

I come across the code snippet in crypto/evp/evp_enc.c . In function
EVP_CipherInit_ex. At start, pointer is updated with engine function and at
Line number 173, In case of fips mode, function pointer gets updated to
openssl function. Which means in fips mode ciphers never gets offloaded to
engine?

All other functions (digest, RSA etc) , it first updates to fips function,
and then engine function. Why only ciphers has this different behaviour?

Please reply.

Thanks,
Suji
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190226/00a8d7b5/attachment-0001.html>


More information about the openssl-users mailing list