AES-cipher offload to engine in openssl-fips

Salz, Rich rsalz at
Tue Feb 26 17:23:24 UTC 2019

  *   Which means in fips mode ciphers never gets offloaded to engine?
  *   All other functions (digest, RSA etc) , it first updates to fips function, and then engine function. Why only ciphers has this different behaviour?

That seems like a bug.  In FIPS mode you can only use the FIPS-validated code, which means that you *have* to use the OpenSSL implementation.

If you do not use the OpenSSL implementation, then you cannot claim to be FIPS validated, and you must get your validation for your implementation.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list