Hi All, We are looking to go through FIPS 140-3 certification for one of our products which still runs on openssl 1.0.2(fips object module 2.0.16) version due to some software dependencies. in FIPS 140-3, we are asked to explicitly implement KATs(known answer tests) for below algorithms since FIPS_mode_set(1) call doesn't run these by default.
- *Openssl FFC DH Primitive āZā computation KAT* - *Openssl TLS KDF KAT* - *Openssl SSH KDF KAT* We found openssl3 provides *EVP_KDF *routines to do this but we are not able to find equivalent of that in openssl 1.0.2. Any API pointers for SSH KDF, TLS KDF and DH Primitive Z computation in openssl 1.0.2 will be of great help. Thanks, Dhananjay
