Hi, I am working on converting this code to OpenSSL 3 for FIPS-140 KASVS ECDH testing:
https://github.com/majek/openssl/blob/master/fips/ecdh/fips_ecdhvs.c <https://github.com/majek/openssl/blob/master/fips/ecdh/fips_ecdhvs.c> The only consequential change I made to the code was replacing the call to FIPS_Digest with a call to EVP_Digest when calculating the Z hash. I am loading the FIPS module using a configuration file and then calling property() to “fips=yes”. I am only testing ECDH key gen and verification. When I run the test against NIST test vectors per SP800-56A, all of the verifies fail. I am wondering if replacing FIPS_Digest with EVP_Digest is not enough? Also, code in the above link used a now unsupported callback function to register a fake entropy source. However, I don’t think entropy is at play for ECDH key verification. Thanks, Kory
