[openssl-users] Key Deriviation Function Tests for TLS

Steve Marquess marquess at openssl.com
Wed Sep 23 11:09:24 UTC 2015


On 09/22/2015 07:26 PM, John Foley (foleyj) wrote:
> Pull request 368 has KDF support for FIPS:
>  https://github.com/openssl/openssl/pull/368
> 
> 
> I've already updated libsrtp to use this API for FIPS compliance. We
> would like to contribute to other downstream projects as well.  But it
> would help if OpenSSL accepted this pull request.
> 

John, the problem is that we have no FIPS validation in which that can
be used. We're not allowed to make such changes to existing validated
modules, and have no immediate prospects of doing any new validation.
IMHO there isn't much point in accepting and committing speculative
code, i.e. code that we can't actually use in OpenSSL.

-Steve M.

-- 
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at opensslfoundation.com
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc


More information about the openssl-users mailing list