> From: "Steve Marquess" <marqu...@openssl.com> 
> Date: 10/21/15 14:18 
> See Appendix B of the OpenSSL FIPS User Guide:

>   https://openssl.org/docs/fips/UserGuide-2.0.pdf

Thanks.

> The specific algorithm tests have changed quite a bit since then
> (constant change is part of the fun), but the general concept is the
> same. The algorithm testing is the easiest part of FIPS 140-2 validations.

What would you consider being the difficult parts ?

> Note the CAVP only tests specific cryptographic algorithms, not
> cryptographic protocol suites like SSH (secsh). OpenSSH itself is just
> application code from the perspective of FIPS 140-2 and thus out of
> scope ...


It has to do with NDcPP 1.0 I think.  Key agreement schemes and key derivation 
functions 
for several security-related communications protocols (SNMP, TLS, SSH, etc.) 
must now be tested as part of the algorithm test process.  





_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to