"Dr. Stephen Henson" <[email protected]> writes: > On Wed, Aug 03, 2011, Henrik Grindal Bakken wrote: > >> >> Hi. I'm working on FIPS-validating a product using OpenSSL (but with >> a crypto module spanning wider, so we can't easily use the OpenSSL >> crypto module). During code review, some questions about the RNG >> tests have come up. Most specifically, from what I can read, SP >> 800-90 requires that (in 11.3.4) the reseed function shall perform a >> known-answer test before reseeding, and from what I can read in the >> code, this doesn't happen. >> >> Is there a reason for this? > > The OpenSSL implementation supports prediction resistance so 11.3.4 > #2 should apply in this case. > > I notice however that it doesn't directly test entropy failure on an > explicit reseed: though it does on a reseed caused by a PR > request. I'll update it to include an explicit test too.
Hi Steve, and thanks for your quick reply. Since OpenSSL supports prediction resistance, wouldn't that mean that 11.3.4 #1 applies? However, even if it's #1 or #2, shouldn't a KAT be performed at some point before the reseed actually takes place? I must confess I don't really understand how SP 800-90 intends the KAT to be carried out... -- Henrik Grindal Bakken <[email protected]> PGP ID: 8D436E52 Fingerprint: 131D 9590 F0CF 47EF 7963 02AF 9236 D25A 8D43 6E52 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
