AES-cipher offload to engine in openssl-fips
suji
sujiknair at gmail.com
Thu Feb 28 11:59:09 UTC 2019
>From https://www.openssl.org/docs/fips/UserGuide-2.0.pdf
I got these lines
"OpenSSL provides mechanisms for interfacing with external cryptographic
devices, such as
accelerator cards, via “ENGINES.” This mechanism is not disabled in FIPS
mode. In general, if a
FIPS validated cryptographic device is used with OpenSSL in FIPS mode so
that all cryptographic
operations are performed either by the device or the FIPS Object Module,
then the result is still
FIPS validated cryptography.
However, if any cryptographic operations are performed by a non-FIPS
validated device, the result
is use of non-validated cryptography. It is the responsibility of the
application developer to ensure
that ENGINES used during FIPS mode of operation are also FIPS validated.".
Then coming back to my first question, I should be able to offload
AES_Ciphers to my engine right? Then can I assume that either Its a bug in
openssl-1.0.2 versions or I have missed some flags/something?
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
More information about the openssl-users
mailing list