Query regarding openssl-3.0.0 ecdsa self tests
Tomas Mraz
tomas at openssl.org
Mon Aug 30 15:28:28 UTC 2021
It is not a bug, the pairwise test is sufficient. It's just a
misleading name. And I do not think it will cause any problem with FIPS
validation, this can be documented.
Tomas
On Mon, 2021-08-30 at 16:53 +0530, Nagarjun J wrote:
> Hello,
>
> Then, is this a bug in ECDSA POST ? Or have to rename the test , as
> it is misleading and can cause problems in FIPS certification ?
>
> Thanks,
> Nagarjun
>
> On Mon, Aug 30, 2021 at 3:51 PM Tomas Mraz <tomas at openssl.org> wrote:
> > The question was about the fips module POST (power on self test)
> > and
> > there what I wrote applies. Having special RNG providing constant
> > data
> > to ECDSA/DSA would be possible to do but it is not required, it
> > would
> > needlessly complicate the code, and add a risk of having such
> > constant
> > RNG being accidentally used for something where real random numbers
> > are
> > needed.
> >
> > Tomas
> >
> > On Mon, 2021-08-30 at 13:17 +0300, Billy Brumley wrote:
> > > This is not really true. At least, for some of the tests.
> > >
> > > https://github.com/openssl/openssl/blob/master/test/ecdsatest.c#L73
> > >
> > > That hijacks the RNG to feed the expected nonce, so it can check
> > > vs
> > a
> > > KAT.
> > >
> > > Cheers,
> > >
> > > BBB
> > >
> > > On Mon, Aug 30, 2021 at 12:40 PM Tomas Mraz <tomas at openssl.org>
> > > wrote:
> > > >
> > > > Hello,
> > > >
> > > > your analysis is right. It does only pairwise consistency test
> > > > as
> > > > the
> > > > KAT is impossible to do for regular DSA and ECDSA due to random
> > > > nonce
> > > > being input of the signature algorithm and thus the signature
> > > > always
> > > > changes.
> > > >
> > > > Tomas
> > > >
> > > > On Fri, 2021-08-27 at 22:47 +0530, Nagarjun J wrote:
> > > > > Hi,
> > > > >
> > > > > Does openssl-3.0.0 really does ecdsa KAT ? The post test logs
> > > > > says
> > > > > "ECDSA KAT :PASS. But when i debuged the code it actually
> > > > > doing
> > > > > ECDSA
> > > > > pairwise consistency test.
> > > > >
> > > > > Thanks,
> > > > > Nagarjun
> > > >
> > > > --
> > > > Tomáš Mráz
> > > > No matter how far down the wrong road you've gone, turn back.
> > > > Turkish proverb
> > > > [You'll know whether the road is wrong if you carefully listen
> > > > to
> > > > your
> > > > conscience.]
> > > >
> > > >
> >
--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]
More information about the openssl-users
mailing list