Good luck, the 2.0.16 FOM is nowhere near being 140-3 ready.
The Oracle version is much closer but still not quite there:
https://github.com/oracle/solaris-openssl-fips
Pauli
On 17/3/22 19:19, Dhananjay kumar wrote:
Hi All,
We are looking to go through FIPS 140-3 certification for one of our
products which still runs on openssl 1.0.2(fips object module 2.0.16)
version due to some software dependencies.
in FIPS 140-3, we are asked to explicitly implement KATs(known answer
tests) for below algorithms since FIPS_mode_set(1) call doesn't run
these by default.
* *Openssl FFC DH Primitive “Z” computation KAT*
* *Openssl TLS KDF KAT*
* *Openssl SSH KDF KAT*
*
*
We found openssl3 provides *EVP_KDF *routines to do this but we are
not able to find equivalent of that in openssl 1.0.2.
Any API pointers for SSH KDF, TLS KDF and DH Primitive Z computation
in openssl 1.0.2 will be of great help.
Thanks,
Dhananjay
