OpenSSL 3: FIPS DRBG Tests
Dr Paul Dale
pauli at openssl.org
Thu Nov 11 23:01:23 UTC 2021
On 12/11/21 4:02 am, Kory Hamzeh wrote:
> I am writing the FIPS DRBG AVS per NIST SP800-90A. I have some questions.
>
> 1. Is the TEST-RAND ok for nist test? I am planning to basically follow the steps in test/acvp_test.c:drbg_test(), but the data is read in from a file rather than an in memory structure.
This is one of the things it is intended for. You might consider
writing a BIO-RAND that reads its input from a BIO or one that reads
from a file. TEST-RAND is in memory only but the amount of data
shouldn't be too large to handle.
> 2. Some of the test vectors provide you with a 2nd entropy value to use for the 2nd call to generate. Can I call EVP_RAND_set_prams() with a OSSL_RAND_PARAM_TEST_ENTROPY before the 2nd call to generate?
Yes you can.
You ought to to look at the function rand_test_run() in test/evp_test.c
(as well as the code before and after). This is processing slightly
munged CAVs data and does everything you should need.
> 3. And finally, our existing test, based on openssl-fips-2.0.5 called FIPS_drbg_new(). That function allows you to pass an EC curve NID in the upper 16 bits of the drbg type. Not sure how to do this in OpenSSL 3, however, I see no mention of EC curves in:
>
> https://csrc.nist.gov/csrc/media/projects/cryptographic-algorithm-validation-program/documents/drbg/drbgvs.pdf
>
> So it may be a moot issue.
It's moot. None of the approved DRBGs use EC anymore. There was a bit
of controversy a number of years ago about the Dual-EC DRBG: it's almost
certainly back-doored by the US government.
Pauli
More information about the openssl-users
mailing list