On Wed, Aug 03, 2011, Henrik Grindal Bakken wrote: > "Dr. Stephen Henson" <[email protected]> writes: > > > On Wed, Aug 03, 2011, Henrik Grindal Bakken wrote: > > > >> > >> Hi. I'm working on FIPS-validating a product using OpenSSL (but with > >> a crypto module spanning wider, so we can't easily use the OpenSSL > >> crypto module). During code review, some questions about the RNG > >> tests have come up. Most specifically, from what I can read, SP > >> 800-90 requires that (in 11.3.4) the reseed function shall perform a > >> known-answer test before reseeding, and from what I can read in the > >> code, this doesn't happen. > >> > >> Is there a reason for this? > > > > The OpenSSL implementation supports prediction resistance so 11.3.4 > > #2 should apply in this case. > > > > I notice however that it doesn't directly test entropy failure on an > > explicit reseed: though it does on a reseed caused by a PR > > request. I'll update it to include an explicit test too. > > Hi Steve, and thanks for your quick reply. > > Since OpenSSL supports prediction resistance, wouldn't that mean that > 11.3.4 #1 applies? However, even if it's #1 or #2, shouldn't a KAT be > performed at some point before the reseed actually takes place? I > must confess I don't really understand how SP 800-90 intends the KAT > to be carried out... >
Sorry yes I meant #1. The OpenSSL DRBG implementation tests all variants during the POST and also tests specific versions on instantiation. That includes an extensive health check and a KAT. So in that sense there will be two KATs before a reseed takes place but no KAT immediately before a reseed takes place. According to my reading of the standard you don't need a KAT before ressed if you support PR. However different labs will have different opinions and should we require one it can be added easily enough. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
