The question was about the fips module POST (power on self test) and there what I wrote applies. Having special RNG providing constant data to ECDSA/DSA would be possible to do but it is not required, it would needlessly complicate the code, and add a risk of having such constant RNG being accidentally used for something where real random numbers are needed. Tomas On Mon, 2021-08-30 at 13:17 +0300, Billy Brumley wrote: > This is not really true. At least, for some of the tests. > > https://github.com/openssl/openssl/blob/master/test/ecdsatest.c#L73 > > That hijacks the RNG to feed the expected nonce, so it can check vs a > KAT. > > Cheers, > > BBB > > On Mon, Aug 30, 2021 at 12:40 PM Tomas Mraz <tomas@xxxxxxxxxxx> > wrote: > > > > Hello, > > > > your analysis is right. It does only pairwise consistency test as > > the > > KAT is impossible to do for regular DSA and ECDSA due to random > > nonce > > being input of the signature algorithm and thus the signature > > always > > changes. > > > > Tomas > > > > On Fri, 2021-08-27 at 22:47 +0530, Nagarjun J wrote: > > > Hi, > > > > > > Does openssl-3.0.0 really does ecdsa KAT ? The post test logs > > > says > > > "ECDSA KAT :PASS. But when i debuged the code it actually doing > > > ECDSA > > > pairwise consistency test. > > > > > > Thanks, > > > Nagarjun > > > > -- > > Tomáš Mráz > > No matter how far down the wrong road you've gone, turn back. > > Turkish proverb > > [You'll know whether the road is wrong if you carefully listen to > > your > > conscience.] > > > > -- Tomáš Mráz No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.]
