It is not a bug, the pairwise test is sufficient. It's just a misleading name. And I do not think it will cause any problem with FIPS validation, this can be documented. Tomas On Mon, 2021-08-30 at 16:53 +0530, Nagarjun J wrote: > Hello, > > Then, is this a bug in ECDSA POST ? Or have to rename the test , as > it is misleading and can cause problems in FIPS certification ? > > Thanks, > Nagarjun > > On Mon, Aug 30, 2021 at 3:51 PM Tomas Mraz <tomas@xxxxxxxxxxx> wrote: > > The question was about the fips module POST (power on self test) > > and > > there what I wrote applies. Having special RNG providing constant > > data > > to ECDSA/DSA would be possible to do but it is not required, it > > would > > needlessly complicate the code, and add a risk of having such > > constant > > RNG being accidentally used for something where real random numbers > > are > > needed. > > > > Tomas > > > > On Mon, 2021-08-30 at 13:17 +0300, Billy Brumley wrote: > > > This is not really true. At least, for some of the tests. > > > > > > https://github.com/openssl/openssl/blob/master/test/ecdsatest.c#L73 > > > > > > That hijacks the RNG to feed the expected nonce, so it can check > > > vs > > a > > > KAT. > > > > > > Cheers, > > > > > > BBB > > > > > > On Mon, Aug 30, 2021 at 12:40 PM Tomas Mraz <tomas@xxxxxxxxxxx> > > > wrote: > > > > > > > > Hello, > > > > > > > > your analysis is right. It does only pairwise consistency test > > > > as > > > > the > > > > KAT is impossible to do for regular DSA and ECDSA due to random > > > > nonce > > > > being input of the signature algorithm and thus the signature > > > > always > > > > changes. > > > > > > > > Tomas > > > > > > > > On Fri, 2021-08-27 at 22:47 +0530, Nagarjun J wrote: > > > > > Hi, > > > > > > > > > > Does openssl-3.0.0 really does ecdsa KAT ? The post test logs > > > > > says > > > > > "ECDSA KAT :PASS. But when i debuged the code it actually > > > > > doing > > > > > ECDSA > > > > > pairwise consistency test. > > > > > > > > > > Thanks, > > > > > Nagarjun > > > > > > > > -- > > > > Tomáš Mráz > > > > No matter how far down the wrong road you've gone, turn back. > > > > Turkish proverb > > > > [You'll know whether the road is wrong if you carefully listen > > > > to > > > > your > > > > conscience.] > > > > > > > > > > -- Tomáš Mráz No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.]
