> On 20 Feb 2024, at 10:56, Koshi Shibagaki (Fujitsu) > <shibagaki.ko...@fujitsu.com> wrote:
> Let me confirm the discussion in threads. I think there are two topics. > 1. prohibit the use of ciphers disallowed in FIPS mode at the level of block > cipher (crypt-bf, etc...) in crypt() and gen_salt() That level might be overkill given that any cipher not in the FIPS certfied module mustn't be used, but it's also not the wrong place to put it IMHO. > 2. adding new "crypt-aes" module. I think this was a hypothetical scenario and not a concrete proposal. > If this is correct, I would like to make a patch for the first topic, as I > think > I can handle it. > Daniel, please let me know if you have been making a patch based on the idea. I haven't yet started on that so feel free to take a stab at it, I'd be happy to review it. Note that there are different API's for doing this in OpenSSL 1.0.2 and OpenSSL 3.x, so a solution must take both into consideration. -- Daniel Gustafsson
