SafeZone Crypto Engine and SafeZone Crypto Provider

Crypto Engine and Crypto Provider (SafeZone Crypto Engine and SafeZone Crypto Provider) are fast and flexible implementations of the OpenSSL Engine and Provider APIs. They can be used together with the FIPS Crypto Library to provide a FIPS validated backend to OpenSSL. However, they are decoupled from the cryptographic modules, ensuring a smooth and fast transition between FIPS 140 versions.

The separation of the Provider/Engine from the cryptographic module allows for maximum flexibility in case an update or fix needs to be made. This flexibility ensures a fast response rate and minimum disruption in update cycles.

Crypto Engine allows customers to use FIPS 140-3 validated cryptography without forcing them to upgrade OpenSSL before they are ready. Rambus is committed to supporting all customers still using OpenSSL 1.1.x.

Crypto Provider allows customers to use the latest OpenSSL versions and our FIPS validated modules to build for the future without worrying about changes in FIPS standards or OpenSSL APIs.

Both the Crypto Provider and Engine support a wide range of algorithms and standards and are not limited only to those which are FIPS approved.

Supported algorithms:

• Cipher algorithms: AES (ECB, CBC, CFB, GCM, CCM, CTR, OFB, KW, KWP, WRAP, WRAP-PAD), 3DES, ChaCha20-Poly1305, RSA
• Hash algorithms: SHA-1, SHA-2, SHA-3
• MAC algorithms: HMAC-SHA, GMAC-AES, AES CMAC
• Digital signatures: RSA, DSA, ECSDA
• Key agreement: Diffie-Hellman, ECDH
• Key derivation: TLS (1.0, 1.1, 1.2, 1.3), PKCS #5 PBKDF2, HKDF
• Random number generation: NIST SP 800-90A Rev 1: AES-CTR