It is not a bug, the pairwise test is sufficient. It's just a
misleading name. And I do not think it will cause any problem with FIPS
validation, this can be documented.
Tomas
On Mon, 2021-08-30 at 16:53 +0530, Nagarjun J wrote:
> Hello,
>
> Then, is this a bug in ECDSA POST ? Or have to rename
Hello,
Then, is this a bug in ECDSA POST ? Or have to rename the test , as it is
misleading and can cause problems in FIPS certification ?
Thanks,
Nagarjun
On Mon, Aug 30, 2021 at 3:51 PM Tomas Mraz wrote:
> The question was about the fips module POST (power on self test) and
> there what I wr
The question was about the fips module POST (power on self test) and
there what I wrote applies. Having special RNG providing constant data
to ECDSA/DSA would be possible to do but it is not required, it would
needlessly complicate the code, and add a risk of having such constant
RNG being accident
This is not really true. At least, for some of the tests.
https://github.com/openssl/openssl/blob/master/test/ecdsatest.c#L73
That hijacks the RNG to feed the expected nonce, so it can check vs a KAT.
Cheers,
BBB
On Mon, Aug 30, 2021 at 12:40 PM Tomas Mraz wrote:
>
> Hello,
>
> your analysis
Hello,
your analysis is right. It does only pairwise consistency test as the
KAT is impossible to do for regular DSA and ECDSA due to random nonce
being input of the signature algorithm and thus the signature always
changes.
Tomas
On Fri, 2021-08-27 at 22:47 +0530, Nagarjun J wrote:
> Hi,
>
> D
Hi,
Does openssl-3.0.0 really does ecdsa KAT ? The post test logs says "ECDSA
KAT :PASS. But when i debuged the code it actually doing ECDSA pairwise
consistency test.
Thanks,
Nagarjun
