OpenSSL with IBMCA extension

Your system environment may require an installation where OpenSSL needs to be configured to use IBMCA, either the IBMCA provider or the IBMCA engine.

If you want to exploit IBM Z® cryptographic adapters configured in CCA mode or accelerator mode, you can configure OpenSSL to use IBMCA. IBMCA invokes the functions of the underlying libica library which in turn accesses the appropriate available cryptographic hardware where the clear key processing is performed.

The differences between both flavors of IBMCA and a quick decision check are given in Decide about the flavor of IBMCA.

Figure 1 shows the invocation flow in the Linux® on IBM® Z and IBM LinuxONE crypto stack with IBMCA provider or IBMCA engine.
Figure 1. Linux on IBM Z and IBM LinuxONE crypto stack
A picture showing the invocation flow in the Linux on IBM Z and IBM LinuxONE crypto stack