Barry Fussell

RFC3961 has the KDF in section 5.1(exists in openssl 3.0), however there is a bunch of updated/deprecated and best practice RFCs since then. https://datatracker.ietf.org/doc/search?name=kerberos&sort=&rfcs=on&activedrafts=on&by=group&group=

Neither presently. At that time I was asking since OpenSSL 3.0 had a KDF in their FIPS Providr but it wasn't listed as FIPS approved.

I'm seeing conflicting information from the CMVP regarding the need to block use during encrypt/decrypt. Any background on why you backed off this change ? Thanks