> A generic > way to handle that (aside from Richards dream proposal) would be to > have a NO_INTERNAL_ALGORITHMS setting somewhere in the API. Possibly > split into NO_INTERNAL_SYMMETRIC_ALGOS, ASYMMETRIC, HASHES, etc, for > finer grained control.
Replying to my own post, a second idea: what if the engine claims it can do all possible algorithms, but returns EVP_R_DISABLED_FOR_FIPS for the ones that FIPS does not allow? Would that be sufficient to prevent the core from trying to run any algorithms, or would the failure prompt a fallback to the internal code? -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
