AES-cipher offload to engine in openssl-fips

Richard Levitte levitte at openssl.org
Wed Feb 27 22:20:24 UTC 2019 

On Wed, 27 Feb 2019 22:54:41 +0100,
Salz, Rich via openssl-users wrote:
> 
> >    I always understood "FIPS-capable OpenSSL" to refer specifically to an
>     OpenSSL compiled with the options to incorporate the FIPS canister
>     module, not just any OpenSSL build that might be used in FIPS compliant
>     applications (as that would be any OpenSSL at all).
> 
> Yes, that is historically correct.  I don't believe the project uses
> the term "FIPS-capable OpenSSL" any more.  Instead, the design and
> such talk about a FIPS module which OpenSSL can use.

Correct.

>     > I see no reason why libcrypto should be able to load two
>     > FIPS-validated modules (*) and use them both, all depending on what
>     > algorithms and properties are desired (apart from the "fips"
>     > property).
> 
> Richard made a typo here.  He means there is no reason why libcrypto
> should NOT be able to load two modules.

You got it right.  Sorry for the confusion I caused.

>     >  However, I've come to understand that those two modules
>     > must not be made to cooperate, i.e. for a signing operation using
>     > sha256WithRSAEncryption, it's not permitted for one module to do the
>     > sha256 part and the other module to do the RSA calculations.
> 
> I believe Richard is wrong here.  Or at least his text could be
> misleading. If the EVP API does the digesting with one module and
> then calls another module to do the RSA signing, that is okay.

Huh?  From the design document, section "Example dynamic views of
algorithm selection", after the second diagram:

    An EVP_DigestSign* operation is more complicated because it
    involves two algorithms: a signing algorithm, and a digest
    algorithm. In general those two algorithms may come from different
    providers or the same one. In the case of the FIPS module the
    algorithms must both come from the same FIPS module provider. The
    operation will fail if an attempt is made to do otherwise.

Ref: https://www.openssl.org/docs/OpenSSL300Design.html#example-dynamic-views-of-algorithm-selection

Cheers,
Richard

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-users mailing list