> From: "Steve Marquess" <marquess at openssl.com> > Date: 10/21/15 14:18 > See Appendix B of the OpenSSL FIPS User Guide: > ?https://openssl.org/docs/fips/UserGuide-2.0.pdf Thanks. > The specific algorithm tests have changed quite a bit since then > (constant change is part of the fun), but the general concept is the > same. The algorithm testing is the easiest part of FIPS 140-2 validations. What would you consider being the difficult parts ? > Note the CAVP only tests specific cryptographic algorithms, not > cryptographic protocol suites like SSH (secsh). OpenSSH itself is just > application code from the perspective of FIPS 140-2 and thus out of > scope ... It has to do with NDcPP 1.0 I think. ?Key agreement schemes and key derivation functions? for several security-related communications protocols (SNMP, TLS, SSH, etc.)? must now be tested as part of the algorithm test process. ?
