<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Good luck, the 2.0.16 FOM is nowhere near being 140-3 ready.<br>
<br>
The Oracle version is much closer but still not quite there:
<a class="moz-txt-link-freetext" href="https://github.com/oracle/solaris-openssl-fips">https://github.com/oracle/solaris-openssl-fips</a><br>
<br>
<br>
Pauli<br>
<br>
<div class="moz-cite-prefix">On 17/3/22 19:19, Dhananjay kumar
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAP1bxLm0_7aROc+F98p3rMPu3bwACY=6SHmcJvmD+wUbzgXGmw@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Hi All,
<div>We are looking to go through FIPS 140-3 certification for
one of our products which still runs on openssl 1.0.2(fips
object module 2.0.16) version due to some software
dependencies.</div>
<div>in FIPS 140-3, we are asked to explicitly implement
KATs(known answer tests) for below algorithms since
FIPS_mode_set(1) call doesn't run these by default.</div>
<ul style="margin:10px 0px
0px;list-style-type:square;color:rgb(23,43,77);font-size:13px">
<li><strong>Openssl FFC DH Primitive “Z” computation KAT</strong> </li>
</ul>
<ul style="margin:10px 0px
0px;list-style-type:square;color:rgb(23,43,77);font-size:13px">
<li><strong>Openssl TLS KDF KAT</strong> </li>
<li><strong>Openssl SSH KDF KAT</strong></li>
</ul>
<div><font color="#172b4d"><b><br>
</b></font></div>
<div><font color="#172b4d">We found openssl3 provides </font><b>EVP_KDF
</b>routines to do this but we are not able to find equivalent
of that in openssl 1.0.2. </div>
<div>Any API pointers for SSH KDF, TLS KDF and DH Primitive Z
computation in openssl 1.0.2 will be of great help.</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Dhananjay</div>
</div>
</blockquote>
<br>
</body>
</html>