Query regarding openssl-3.0.0 ecdsa self tests
Tomas Mraz
tomas at openssl.org
Mon Aug 30 10:21:19 UTC 2021
The question was about the fips module POST (power on self test) and
there what I wrote applies. Having special RNG providing constant data
to ECDSA/DSA would be possible to do but it is not required, it would
needlessly complicate the code, and add a risk of having such constant
RNG being accidentally used for something where real random numbers are
needed.
Tomas
On Mon, 2021-08-30 at 13:17 +0300, Billy Brumley wrote:
> This is not really true. At least, for some of the tests.
>
> https://github.com/openssl/openssl/blob/master/test/ecdsatest.c#L73
>
> That hijacks the RNG to feed the expected nonce, so it can check vs a
> KAT.
>
> Cheers,
>
> BBB
>
> On Mon, Aug 30, 2021 at 12:40 PM Tomas Mraz <tomas at openssl.org>
> wrote:
> >
> > Hello,
> >
> > your analysis is right. It does only pairwise consistency test as
> > the
> > KAT is impossible to do for regular DSA and ECDSA due to random
> > nonce
> > being input of the signature algorithm and thus the signature
> > always
> > changes.
> >
> > Tomas
> >
> > On Fri, 2021-08-27 at 22:47 +0530, Nagarjun J wrote:
> > > Hi,
> > >
> > > Does openssl-3.0.0 really does ecdsa KAT ? The post test logs
> > > says
> > > "ECDSA KAT :PASS. But when i debuged the code it actually doing
> > > ECDSA
> > > pairwise consistency test.
> > >
> > > Thanks,
> > > Nagarjun
> >
> > --
> > Tomáš Mráz
> > No matter how far down the wrong road you've gone, turn back.
> > Turkish proverb
> > [You'll know whether the road is wrong if you carefully listen to
> > your
> > conscience.]
> >
> >
--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]
More information about the openssl-users
mailing list