TLS KDF and SSH KDF in openssl 1.0.2 (FIPS 140-3)
Dhananjay kumar
dhanukumar1990 at gmail.com
Thu Mar 17 08:19:18 UTC 2022
Hi All,
We are looking to go through FIPS 140-3 certification for one of our
products which still runs on openssl 1.0.2(fips object module 2.0.16)
version due to some software dependencies.
in FIPS 140-3, we are asked to explicitly implement KATs(known answer
tests) for below algorithms since FIPS_mode_set(1) call doesn't run these
by default.
- *Openssl FFC DH Primitive “Z” computation KAT*
- *Openssl TLS KDF KAT*
- *Openssl SSH KDF KAT*
We found openssl3 provides *EVP_KDF *routines to do this but we are not
able to find equivalent of that in openssl 1.0.2.
Any API pointers for SSH KDF, TLS KDF and DH Primitive Z computation in
openssl 1.0.2 will be of great help.
Thanks,
Dhananjay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220317/78b6005b/attachment.htm>
More information about the openssl-users
mailing list