It seems a bug to me, as one of these EVP_PKEY_free should be avoided. Any
analysis on this?
Thanks,
Suji
>From https://www.openssl.org/docs/fips/UserGuide-2.0.pdf
I got these lines
"OpenSSL provides mechanisms for interfacing with external cryptographic
devices, such as
accelerator cards, via “ENGINES.” This mechanism is not disabled in FIPS
mode. In general, if a
FIPS validated cryptographic de
The requirement here is, to offload my "engine supported fips-compliant
methods" to engine and other "fips-complaint" functions to openssl
dynamically. Here I need to use openssl-fips module I guess.
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
Thanks for the reply.
With non-fips openssl, it is possible to write my own fips-module. I
understood.
But, is it possible for me to write a fips-compliant/fips validated "dynamic
engine" with openssl-fips? Which allows me to offload "fips-compilant"
functions to my engine "dynamically"?
--
functions (digest, RSA etc) , it first updates to fips function,
and then engine function. Why only ciphers has this different behaviour?
Please reply.
Thanks,
Suji
