Re: TLS KDF and SSH KDF in openssl 1.0.2 (FIPS 140-3)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Good luck, the 2.0.16 FOM is nowhere near being 140-3 ready.

The Oracle version is much closer but still not quite there: https://github.com/oracle/solaris-openssl-fips


Pauli

On 17/3/22 19:19, Dhananjay kumar wrote:
Hi All,
We are looking to go through FIPS 140-3 certification for one of our products which still runs on openssl 1.0.2(fips object module 2.0.16) version due to some software dependencies.
in FIPS 140-3, we are asked to explicitly implement KATs(known answer tests) for below algorithms since FIPS_mode_set(1) call doesn't run these by default.
  • Openssl FFC DH Primitive “Z” computation KAT 
  • Openssl TLS KDF KAT 
  • Openssl SSH KDF KAT

We found openssl3 provides EVP_KDF routines to do this but we are not able to find equivalent of that in openssl 1.0.2. 
Any API pointers for SSH KDF, TLS KDF and DH Primitive Z computation in openssl 1.0.2 will be of great help.

Thanks,
Dhananjay

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux