Index: openssl-1.1.1m/crypto/fips/fips_kdf_selftest.c
===================================================================
--- openssl-1.1.1m.orig/crypto/fips/fips_kdf_selftest.c
+++ openssl-1.1.1m/crypto/fips/fips_kdf_selftest.c
@@ -101,4 +101,68 @@ err:
     return ret;
 }
 
+int FIPS_selftest_ssh(void)
+{
+    int ret = 0;
+    EVP_KDF_CTX *kctx;
+    unsigned char out[8];
+
+    /* Test data from NIST CAVS 14.1 test vectors */
+    const unsigned char key[] = {
+        0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a,
+        0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a,
+        0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa,
+        0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78,
+        0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2,
+        0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90,
+        0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80,
+        0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2,
+        0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08,
+        0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43,
+        0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14,
+        0x4e
+    };
+    const unsigned char xcghash[] = {
+        0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
+        0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
+        0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
+    };
+    const unsigned char sessid[] = {
+        0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
+        0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
+        0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
+    };
+    const unsigned char expected[sizeof(out)] = {
+        0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6
+    };
+
+    if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF)) == NULL)
+        goto err;
+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0)
+        goto err;
+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, key, sizeof(key)) <= 0)
+        goto err;
+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, xcghash,
+		     sizeof(xcghash)) <= 0)
+        goto err;
+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, sessid,
+		     sizeof(sessid)) <= 0)
+        goto err;
+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE,
+		     (int)EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV) <= 0)
+        goto err;
+    if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
+        goto err;
+    if (memcmp(out, expected, sizeof(expected)))
+	goto err;
+
+    ret = 1;
+
+ err:
+    if (!ret)
+        FIPSerr(FIPS_F_FIPS_SELFTEST_SSH, FIPS_R_SELFTEST_FAILED);
+    EVP_KDF_CTX_free(kctx);
+    return ret;
+}
+
 #endif
Index: openssl-1.1.1m/crypto/fips/fips_post.c
===================================================================
--- openssl-1.1.1m.orig/crypto/fips/fips_post.c
+++ openssl-1.1.1m/crypto/fips/fips_post.c
@@ -108,6 +108,8 @@ int FIPS_selftest(void)
         rv = 0;
     if (!FIPS_selftest_tls())
         rv = 0;
+    if (!FIPS_selftest_ssh())
+        rv = 0;
 
     return rv;
 }
Index: openssl-1.1.1m/include/crypto/fips_int.h
===================================================================
--- openssl-1.1.1m.orig/include/crypto/fips_int.h
+++ openssl-1.1.1m/include/crypto/fips_int.h
@@ -78,6 +78,7 @@ int FIPS_selftest_drbg(void);
 int FIPS_selftest_cmac(void);
 int FIPS_selftest_pbkdf2(void);
 int FIPS_selftest_tls(void);
+int FIPS_selftest_ssh(void);
 
 int fips_in_post(void);
 
Index: openssl-1.1.1m/include/openssl/fips.h
===================================================================
--- openssl-1.1.1m.orig/include/openssl/fips.h
+++ openssl-1.1.1m/include/openssl/fips.h
@@ -126,6 +126,7 @@ extern "C" {
 # define FIPS_F_FIPS_SELFTEST_HMAC                        113
 # define FIPS_F_FIPS_SELFTEST_PBKDF2                      152
 # define FIPS_F_FIPS_SELFTEST_TLS                         153
+# define FIPS_F_FIPS_SELFTEST_SSH                         154
 # define FIPS_F_FIPS_SELFTEST_SHA1                        115
 # define FIPS_F_FIPS_SELFTEST_SHA2                        105
 # define FIPS_F_OSSL_ECDSA_SIGN_SIG                       143
Index: openssl-1.1.1m/crypto/fips/fips_err.h
===================================================================
--- openssl-1.1.1m.orig/crypto/fips/fips_err.h
+++ openssl-1.1.1m/crypto/fips/fips_err.h
@@ -113,6 +113,7 @@ static ERR_STRING_DATA FIPS_str_functs[]
     {ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC), "FIPS_selftest_hmac"},
     {ERR_FUNC(FIPS_F_FIPS_SELFTEST_PBKDF2), "FIPS_selftest_pbkdf2"},
     {ERR_FUNC(FIPS_F_FIPS_SELFTEST_TLS), "FIPS_selftest_tls"},
+    {ERR_FUNC(FIPS_F_FIPS_SELFTEST_SSH), "FIPS_selftest_ssh"},
     {ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"},
     {ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA2), "FIPS_selftest_sha2"},
     {ERR_FUNC(FIPS_F_OSSL_ECDSA_SIGN_SIG), "ossl_ecdsa_sign_sig"},