AES-cipher offload to engine in openssl-fips

suji sujiknair at
Thu Feb 28 11:59:09 UTC 2019


I got these lines

"OpenSSL provides mechanisms for interfacing with external cryptographic
devices, such as 
accelerator cards, via “ENGINES.”  This mechanism is not disabled in FIPS
mode.  In general, if a 
FIPS validated cryptographic device is used with OpenSSL in FIPS mode so
that all cryptographic 
operations are performed either by the device or the FIPS Object Module,
then the result is still 
FIPS validated cryptography.
However, if any cryptographic operations are performed by a non-FIPS
validated device, the result 
is use of non-validated cryptography.  It is the responsibility of the
application developer to ensure 
that ENGINES used during FIPS mode of operation are also FIPS validated.". 

Then coming back to my first question, I should be able to offload
AES_Ciphers to my engine right? Then can I assume that either Its a bug in
openssl-1.0.2 versions or I have missed some flags/something?

Sent from:

More information about the openssl-users mailing list