Pull request 368 has KDF support for FIPS:
https://github.com/openssl/openssl/pull/368
I've already updated libsrtp to use this API for FIPS compliance. We would like
to contribute to other downstream projects as well. But it would help if
OpenSSL accepted this pull request.
--
This (of course) worked. I have three further questions.
1 - Am I correct that "data" points to the internal structure, and so
"skid" should not be freed until I'm done with "data"?
2 - For my education, I thought that d2i calls converted from DER to
openssl internal format. Yet, the input
On Tue, Sep 22, 2015 at 09:22:09AM -0400, Ken Goldman wrote:
> 1 - Am I correct that "data" points to the internal structure, and so "skid"
> should not be freed until I'm done with "data"?
Correct. The "data" element is part of the ASN1_STRING (of type
ASN1_OCTET_STRING).
> 2 - For my
Hello,
In pursuit of FIPS validation using OpenSSL 1.0.2a/ FIPS 2.0.9, we are required
by our testing lab to perform KDF tests for TLS (see document NIST SP800-135,
Rev 1 section 4.2).
Could you please point us to where the source for the KDF TLS test(s) are
available.
Thank you,
Phil
On 09/22/2015 10:04 AM, Philip Bellino wrote:
> Hello,
>
> In pursuit of FIPS validation using OpenSSL 1.0.2a/ FIPS 2.0.9, we are
> required by our testing lab to perform KDF tests for TLS (see document
> NIST SP800-135, Rev 1 section 4.2).
>
>
>
> Could you please point us to where the