Hello, Then, is this a bug in ECDSA POST ? Or have to rename the test , as it is misleading and can cause problems in FIPS certification ?
Thanks, Nagarjun On Mon, Aug 30, 2021 at 3:51 PM Tomas Mraz <to...@openssl.org> wrote: > The question was about the fips module POST (power on self test) and > there what I wrote applies. Having special RNG providing constant data > to ECDSA/DSA would be possible to do but it is not required, it would > needlessly complicate the code, and add a risk of having such constant > RNG being accidentally used for something where real random numbers are > needed. > > Tomas > > On Mon, 2021-08-30 at 13:17 +0300, Billy Brumley wrote: > > This is not really true. At least, for some of the tests. > > > > https://github.com/openssl/openssl/blob/master/test/ecdsatest.c#L73 > > > > That hijacks the RNG to feed the expected nonce, so it can check vs a > > KAT. > > > > Cheers, > > > > BBB > > > > On Mon, Aug 30, 2021 at 12:40 PM Tomas Mraz <to...@openssl.org> > > wrote: > > > > > > Hello, > > > > > > your analysis is right. It does only pairwise consistency test as > > > the > > > KAT is impossible to do for regular DSA and ECDSA due to random > > > nonce > > > being input of the signature algorithm and thus the signature > > > always > > > changes. > > > > > > Tomas > > > > > > On Fri, 2021-08-27 at 22:47 +0530, Nagarjun J wrote: > > > > Hi, > > > > > > > > Does openssl-3.0.0 really does ecdsa KAT ? The post test logs > > > > says > > > > "ECDSA KAT :PASS. But when i debuged the code it actually doing > > > > ECDSA > > > > pairwise consistency test. > > > > > > > > Thanks, > > > > Nagarjun > > > > > > -- > > > Tomáš Mráz > > > No matter how far down the wrong road you've gone, turn back. > > > Turkish proverb > > > [You'll know whether the road is wrong if you carefully listen to > > > your > > > conscience.] > > > > > > > > -- > Tomáš Mráz > No matter how far down the wrong road you've gone, turn back. > Turkish proverb > [You'll know whether the road is wrong if you carefully listen to your > conscience.] > > >
