On Wed, Dec 16, 2009, Peter Fry wrote: > I recently discovered that openssl doesn't use cryptodev or padlock > when compiled with the fips option (even though the engine was set.. > i.e.: oepnssl speed -evp aes-128-cbc -engine padlock). It seems to me > that the engines should be used unless FIPS mode has been set. What's > the intended behavior here? >
Ooops, there's a bug in the initialisation code. FIPS builds use different code to avoid having to drag in large dependencies in the validated module. This should fix it: http://cvs.openssl.org/chngview?cn=18992 This change is outside the validated module so it is usable with the 1.2 validation. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
