> On 20 Feb 2024, at 10:56, Koshi Shibagaki (Fujitsu) <shibagaki.koshi@fujitsu.com> wrote:
> Let me confirm the discussion in threads. I think there are two topics.
> 1. prohibit the use of ciphers disallowed in FIPS mode at the level of block
> cipher (crypt-bf, etc...) in crypt() and gen_salt()
That level might be overkill given that any cipher not in the FIPS certfied
module mustn't be used, but it's also not the wrong place to put it IMHO.
> 2. adding new "crypt-aes" module.
I think this was a hypothetical scenario and not a concrete proposal.
> If this is correct, I would like to make a patch for the first topic, as I think
> I can handle it.
> Daniel, please let me know if you have been making a patch based on the idea.
I haven't yet started on that so feel free to take a stab at it, I'd be happy
to review it. Note that there are different API's for doing this in OpenSSL
1.0.2 and OpenSSL 3.x, so a solution must take both into consideration.
--
Daniel Gustafsson