Hi,
I am compiling and running open ssl fips compliant version and trying to
run the power on self tests during boot up time as part of FIPS
requirements. I have observed invokation of zeroization function as well as
output displayed as part of this function. Here are questions
a) What is the intent of this zeroization function (it is not related to
zeroization operation of FIPS)
b) This function is not testing any algorithm, is it satisfying any other
requirements
c) Theoretically , output should not be displayed regarding the buffers
during Power on self tests, why are the buffer(s) outputed during this
zeroization operation. Any comments and relevance for FIPS 140-2.
Any comments or inputs regarding this is really appreciated.
File:fips_test_suite.c
Function name:
/* Zeroization
*/
printf("9. Zero-ization...\n");
Zeroize();
Code:
/* Zeroize
*/
static int Zeroize()
{
RSA *key;
unsigned char userkey[16] =
{ 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83,
0x02, 0xb1, 0x09, 0x68 };
int i, n;
key = RSA_generate_key(1024,65537,NULL,NULL);
if (!key)
return 0;
n = BN_num_bytes(key->d);
printf(" Generated %d byte RSA private key\n", n);
printf("\tBN key before overwriting:\n%s\n", BN_bn2hex(key->d));
BN_rand(key->d,n*8,-1,0);
printf("\tBN key after overwriting:\n%s\n", BN_bn2hex(key->d));
printf("\tchar buffer key before overwriting: \n\t\t");
for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
printf("\n");
RAND_bytes(userkey, sizeof userkey);
printf("\tchar buffer key after overwriting: \n\t\t");
for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
printf("\n");
return 1;
}
--
Vidya Sagar
