On 09/22/2015 10:04 AM, Philip Bellino wrote: > Hello, > > In pursuit of FIPS validation using OpenSSL 1.0.2a/ FIPS 2.0.9, we are > required by our testing lab to perform KDF tests for TLS (see document > NIST SP800-135, Rev 1 section 4.2). > > > > Could you please point us to where the source for the KDF TLS test(s) > are available. The OpenSSL FIPS Object Module 2.0 (validation certificate #1747 and #2398) preceded those KDF tests, and we're not allowed to add that type of functionality to existing validations (a prohibition that extends even to some vulnerability fixes). We'll address those and other new requirements (I.G. 9.10, FIPS 186-4, SP800-131A, Lucky 13, CVE-2014-0076, etc.) if and when we're in a position to tackle a new open source based validation to succeed #1747. In the meantime you'll need to roll your own code for your proprietary OpenSSL based "private label" validation. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marquess at opensslfoundation.com marquess at openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
