OpenSSL 3: FIPS DRBG Tests

Kory Hamzeh kory at
Thu Nov 11 18:02:23 UTC 2021

I am writing the FIPS DRBG AVS per NIST SP800-90A. I have some questions.

1. Is the TEST-RAND ok for nist test? I am planning to basically follow the steps in test/acvp_test.c:drbg_test(), but the data is read in from a file rather than an in memory structure.

2. Some of the test vectors provide you with a 2nd entropy value to use for the 2nd call to generate. Can I call EVP_RAND_set_prams() with a  OSSL_RAND_PARAM_TEST_ENTROPY before the 2nd call to generate?

3. And finally, our existing test, based on openssl-fips-2.0.5 called FIPS_drbg_new(). That function allows you to pass an EC curve NID in the upper 16 bits of the drbg type. Not sure how to do this in OpenSSL 3, however, I see no mention of EC curves in:

So it may be a moot issue.


More information about the openssl-users mailing list