[openssl-users] fips_ecdhvs failing for non Prime Curves

Dr. Stephen Henson steve at openssl.org
Tue Feb 24 14:30:49 UTC 2015

On Mon, Feb 23, 2015, Bala Duvvuri wrote:

> Hi All,
> I am trying to test the FIPS ECDH support present in OpenSSL i.e trying to run the fips_ecdhvs.c test.

When you say ECDH support present in OpenSSL do you mean in the FIPS module or
in OpenSSL itself?

If you mean in OpenSSL itself then you need to use cofactor ECDH for the tests
which is only supported in OpenSSL 1.0.2 and later (it is supported in the
FIPS module). The results for cofactor ECDH differ from ECDH if the curve
cofactor is not 1: this is true for several binary curves which would account
for the differences you were seeing.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list