OpenSSL 3: FIPS DRBG Tests
Kory Hamzeh
kory at avatarci.com
Thu Nov 11 18:02:23 UTC 2021
I am writing the FIPS DRBG AVS per NIST SP800-90A. I have some questions.
1. Is the TEST-RAND ok for nist test? I am planning to basically follow the steps in test/acvp_test.c:drbg_test(), but the data is read in from a file rather than an in memory structure.
2. Some of the test vectors provide you with a 2nd entropy value to use for the 2nd call to generate. Can I call EVP_RAND_set_prams() with a OSSL_RAND_PARAM_TEST_ENTROPY before the 2nd call to generate?
3. And finally, our existing test, based on openssl-fips-2.0.5 called FIPS_drbg_new(). That function allows you to pass an EC curve NID in the upper 16 bits of the drbg type. Not sure how to do this in OpenSSL 3, however, I see no mention of EC curves in:
https://csrc.nist.gov/csrc/media/projects/cryptographic-algorithm-validation-program/documents/drbg/drbgvs.pdf
So it may be a moot issue.
Thanks,
Kory
More information about the openssl-users
mailing list