AES-cipher offload to engine in openssl-fips

Salz, Rich rsalz at akamai.com
Tue Feb 26 17:23:24 UTC 2019


  *   Which means in fips mode ciphers never gets offloaded to engine?
  *   All other functions (digest, RSA etc) , it first updates to fips function, and then engine function. Why only ciphers has this different behaviour?

That seems like a bug.  In FIPS mode you can only use the FIPS-validated code, which means that you *have* to use the OpenSSL implementation.

If you do not use the OpenSSL implementation, then you cannot claim to be FIPS validated, and you must get your validation for your implementation.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190226/b906ad5c/attachment-0001.html>


More information about the openssl-users mailing list