TLS KDF and SSH KDF in openssl 1.0.2 (FIPS 140-3)
Dr Paul Dale
pauli at openssl.org
Thu Mar 17 08:24:43 UTC 2022
Good luck, the 2.0.16 FOM is nowhere near being 140-3 ready.
The Oracle version is much closer but still not quite there:
https://github.com/oracle/solaris-openssl-fips
Pauli
On 17/3/22 19:19, Dhananjay kumar wrote:
> Hi All,
> We are looking to go through FIPS 140-3 certification for one of our
> products which still runs on openssl 1.0.2(fips object module 2.0.16)
> version due to some software dependencies.
> in FIPS 140-3, we are asked to explicitly implement KATs(known answer
> tests) for below algorithms since FIPS_mode_set(1) call doesn't run
> these by default.
>
> * *Openssl FFC DH Primitive “Z” computation KAT*
>
> * *Openssl TLS KDF KAT*
> * *Openssl SSH KDF KAT*
>
> *
> *
> We found openssl3 provides *EVP_KDF *routines to do this but we are
> not able to find equivalent of that in openssl 1.0.2.
> Any API pointers for SSH KDF, TLS KDF and DH Primitive Z computation
> in openssl 1.0.2 will be of great help.
>
> Thanks,
> Dhananjay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220317/8e2d7f8f/attachment.htm>
More information about the openssl-users
mailing list