Hi Anamitra, Key agreement using DH is not approved. See Section 2.3 and 2.4 of OpenSSL FIPS 140-2 Security Policy (http://www.openssl.org/docs/fips/SecurityPolicy-1.1.1.pdf).
Jeff On Thu, May 6, 2010 at 3:22 PM, Anamitra Dutta Majumdar (anmajumd) <anmaj...@cisco.com> wrote: > Have not seen a response to this. > The FIPS_selftest() API does not perform any selt-tests on diffie-Hellman > algorithm. Is it because it is a non-approved security function in the FIPS > module? > Do we need self tests on DH if DH key exchange is used by SSH in the > system running in FIPS mode? > > Thanks > Anamitra > ________________________________ > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Nikitha > Sent: Wednesday, April 07, 2010 10:23 AM > To: openssl-users > Subject: known answer test and alogorithm test for Diffie-Hellman? > > Hi All, > I'm a novice user to openssl libraries. Could you plz point me to the > source/test suite available for known answer test of FIPS 140-2 level 2 > complaint Diffie-Hellman module? > > Thanks, > Nikitha ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
