AES-cipher offload to engine in openssl-fips
Salz, Rich
rsalz at akamai.com
Tue Feb 26 17:23:24 UTC 2019
* Which means in fips mode ciphers never gets offloaded to engine?
* All other functions (digest, RSA etc) , it first updates to fips function, and then engine function. Why only ciphers has this different behaviour?
That seems like a bug. In FIPS mode you can only use the FIPS-validated code, which means that you *have* to use the OpenSSL implementation.
If you do not use the OpenSSL implementation, then you cannot claim to be FIPS validated, and you must get your validation for your implementation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190226/b906ad5c/attachment-0001.html>
More information about the openssl-users
mailing list