|
I have to use OpenSSL 0.9.8a inside of a FIPs candidate PDA product (instead of the FIPs version 0.9.7 because I have gotten 0.9.8a built and working well for my Windows CE project). So since 0.9.8a does not have FIPs I had to add my own KATs for RSA, DES, and PRNG -- that worked OK. Now I have one more thing to accomplish which is the PRNG continuous tests. I tried to look through 0.9.7 to determine how that was done but have questions so I was wondering if anyone could help with…
Prior to each use I need to test the RAND. So I just do: - int i = RAND_pseudo_bytes( buf, sizeofbuf ); (I do not seed the PRNG, I just call RAND_pseudo()). - store the value - each time I use OpenSSL I compare my new value with my stored value. (if it’s the first time through I do not use the value but just store it and get a new PRN). - If the test fails I make two more attempts and then if it still fails I consider the PRNG test failed. (I assume this is correct but please comment if not).
***The second part is I need Continuous Random Number Generator Test to test the entropy of the RNG. So I think (???) that is test that the seed is sufficient. That is what I am trying to determine how to do. If anyone can comnent/help on that it would be appretiated!
Aside: One thing I noticed is that in 0.9.8a when you do int i = RAND_pseudo_bytes( buf, sizeofbuf ); the return will tell if the bytes generated are cryptographically strong so I was hoping in a way that I could just call RAND_pseudo_bytes and check the return and that would be enough but I think the test requirements mean that the seeding mechanism needs to be tested.
Thank you for any help or ideas (please correct anything I said above that is wrong!).
p.s. I am not sure if a question like this is OK for OpenSSL-Dev or if it should be restricted to OpenSSL-Users – if the later then please mention and I will keep them to –Users in the future.
|
