[openssl-users] Key Deriviation Function Tests for TLS
Steve Marquess
marquess at openssl.com
Wed Sep 23 12:16:26 UTC 2015
On 09/23/2015 07:09 AM, Steve Marquess wrote:
> On 09/22/2015 07:26 PM, John Foley (foleyj) wrote:
>> Pull request 368 has KDF support for FIPS:
>> https://github.com/openssl/openssl/pull/368
>>
>>
>> I've already updated libsrtp to use this API for FIPS compliance. We
>> would like to contribute to other downstream projects as well. But it
>> would help if OpenSSL accepted this pull request.
>>
>
> John, the problem is that we have no FIPS validation in which that can
> be used. We're not allowed to make such changes to existing validated
> modules, and have no immediate prospects of doing any new validation.
> IMHO there isn't much point in accepting and committing speculative
> code, i.e. code that we can't actually use in OpenSSL.
John, let me elaborate on my comment above by noting that the Cisco
contribution includes a bunch of FIPS specific code for which there is
no counterpart on the master branch (i.e. no place to put it). A version
which worked on master with all the FIPS stuff stripped out and with
tests via evp_test would be a lot more interesting.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at opensslfoundation.com
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
More information about the openssl-users
mailing list