> Huh? From the design document, section "Example dynamic views of
algorithm selection", after the second diagram:
An EVP_DigestSign* operation is more complicated because it
involves two algorithms: a signing algorithm, and a digest
algorithm. In general those two algorithms may come from different
providers or the same one. In the case of the FIPS module the
algorithms must both come from the same FIPS module provider. The
operation will fail if an attempt is made to do otherwise.
There are two options. First, the application does the digest and sign as two
separate things. Second, the provider implementing digestSign has to be
validated to use the other FIPS module.Re: AES-cipher offload to engine in openssl-fips
Salz, Rich via openssl-users Wed, 27 Feb 2019 15:17:28 -0800
- Re: AES-cipher offload to engine in openssl-f... Salz, Rich via openssl-users
- Re: AES-cipher offload to engine in open... Jakob Bohm via openssl-users
- Re: AES-cipher offload to engine in ... Richard Levitte
- Re: AES-cipher offload to engine... Jakob Bohm via openssl-users
- Re: AES-cipher offload to en... Salz, Rich via openssl-users
- Re: AES-cipher offload to en... Richard Levitte
- AW: AES-cipher offload to en... Dr. Matthias St. Pierre
- Re: AES-cipher offload to en... Richard Levitte
- AW: AES-cipher offload to en... Dr. Matthias St. Pierre
- Re: AW: AES-cipher offload t... Richard Levitte
- Re: AES-cipher offload to en... Salz, Rich via openssl-users
- Re: AES-cipher offload to en... Richard Levitte
- Re: AES-cipher offload to en... Salz, Rich via openssl-users
- Re: AES-cipher offload to en... Richard Levitte
- Re: AES-cipher offload to en... Matt Caswell
- Re: AES-cipher offload to en... suji
