[openssl-users] Key Deriviation Function Tests for TLS

Steve Marquess marquess at openssl.com
Tue Sep 22 14:53:42 UTC 2015

On 09/22/2015 10:04 AM, Philip Bellino wrote:
> Hello,
> In pursuit of FIPS validation using OpenSSL 1.0.2a/ FIPS 2.0.9, we are
> required by our testing lab to perform KDF tests for TLS (see document
> NIST SP800-135, Rev 1 section 4.2).
> Could you please point us to where the source for the KDF TLS test(s)
> are available.

The OpenSSL FIPS Object Module 2.0 (validation certificate #1747 and
#2398) preceded those KDF tests, and we're not allowed to add that type
of functionality to existing validations (a prohibition that extends
even to some vulnerability fixes). We'll address those and other new
requirements (I.G. 9.10, FIPS 186-4, SP800-131A, Lucky 13,
CVE-2014-0076, etc.) if and when we're in a position to tackle a new
open source based validation to succeed #1747.

In the meantime you'll need to roll your own code for your proprietary
OpenSSL based "private label" validation.

-Steve M.

Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at opensslfoundation.com
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc

More information about the openssl-users mailing list