Hello, There was a thread a year ago (below) concerning the implementation of EC_KEY_check_key() and the failure of this function to handle the NIST ECDSA test vectors. I'm working on a FIPS validation now and find that the routine does not pass the algorithm tests for public key validation of P-256 ECDSA public keys.
Does anyone know of any additional tests that can be performed to meet the X9.62 PKV requirements? Thanks, Ken -------------------------------- Excerpt from last years thread --------------------------------------- > On Fri, Mar 02, 2007 at 05:56:24PM -0500, Xiaoyu Ruan wrote: > >> Thanks. Refer to the sample test given in PKV.txt in >> http://csrc.nist.gov/cryptval/dss/ecdsatestvectors.zip. >> I tried EC_KEY_check_key() against six NIST recommended EC curves P-192 >> P-224 K-163 K-233 B-163 B-233. For curves P-192 P-224 B-163 B-233 the >> function gives correct results. However, for B-163 and B-233, some >> invalid public keys are wrongly evaluated to true. Those invalid public >> keys are exactly the ones marked "(2 - Added PT of order 2)". Is that a >> bug of implementation of EC_KEY_check_key()? Any ideas will be greatly >> appreciated. Thanks. not sure what is going wrong here, I will look at it > > Are you able to share the code and input files that you used to run > the tests? btw: it would be nice to include these tests in the openssl 'make test' run. Cheers, Nils
