[openssl-users] CAVP protocol testing - what does it really consist of ?
jonetsu
jonetsu at teksavvy.com
Wed Oct 21 19:22:51 UTC 2015
> From: "Steve Marquess" <marquess at openssl.com>
> Date: 10/21/15 14:18
> See Appendix B of the OpenSSL FIPS User Guide:
> https://openssl.org/docs/fips/UserGuide-2.0.pdf
Thanks.
> The specific algorithm tests have changed quite a bit since then
> (constant change is part of the fun), but the general concept is the
> same. The algorithm testing is the easiest part of FIPS 140-2 validations.
What would you consider being the difficult parts ?
> Note the CAVP only tests specific cryptographic algorithms, not
> cryptographic protocol suites like SSH (secsh). OpenSSH itself is just
> application code from the perspective of FIPS 140-2 and thus out of
> scope ...
It has to do with NDcPP 1.0 I think. Key agreement schemes and key derivation functions
for several security-related communications protocols (SNMP, TLS, SSH, etc.)
must now be tested as part of the algorithm test process.
More information about the openssl-users
mailing list