On Mar 2, 2015, at 12:18 PM, jonetsu jone...@teksavvy.com wrote:
Hello,
I tried a simple test to see if FIPS mode would fail, using the example
given in the FIPS user guide 2.0. The test consisted of replacing the
/dev/random and /dev/urandom with /dev/zero. I would have expected that no
source of randomness would make the tests ran at the call of FIPS_mode_set(1)
fail.
ex.:
cd dev
rm random
mknod -m 666 /dev/random c 1 5
Verify presence of zeroes all over:
cat /dev/random | xxd
./fips_hmac fips_hmac.o
If added a ret value to catch the return code from FIPS_mode_set(1). Random
or no random, it always returns 1.
Shouldn't randomness be an important part of the power-up tests ? I
understand there are continuous RNG tests within OpenSSL FIPS mode, although
'later on' (eg. continuous). Wouldn't these tests be part of the power-up
sequence as called by FIPS_mode_set(1) also ?
No. The self-tests verify the output of the algorithms matches for given
input. This means when the PRNG is tested, it’s seeded with known values, and
the output is checked against the correct output for the way it was seeded.
Inputs from /dev/random, /dev/urandom, or any other “random” source are not
used.
Remember, the goal of FIPS 140 is NOT “good security”, it’s “verifying that
known cryptographic algorithms are used”. If the input and output are not
predictably the same, then how can you verify the algorithm used is the
algorithm that’s supposed to be used? And attempting to account in the tests
for every possible input (what you’d have to do if you didn’t only test a small
number of known inputs) would be impractical, at best. :)
TOM
Thanks.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users