Performing Self Tests

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Performing Self Tests

OpenSSLGRT

OpenSSL 0.9.8a

 

We are required to perform the following self tests on our implementation of OpenSSL for FIPs:

 

Known Answer Tests:

-RSA

-3DES

-Pseudorandom Number Generator (PRNG)

-HMAC SHA-1

 

Continuous Random Number Generator Test for the PRNG

 

Continuous Random Number Generator Test to test the entropy of the RNG

 

Can anyone tell

-if these are already done internally in OpenSSL (I imagine the OpenSSL 0.9.7 FIPs version does them but we must use 0.9.8a since that is the one we have working on PocketPC)

-or if there are functions we can call in OpenSSL to do them.

 

Thank you!

Reply | Threaded
Open this post in threaded view
|

Re: Performing Self Tests

Dr. Stephen Henson
On Fri, Feb 24, 2006, OpenSSLGRT wrote:

> OpenSSL 0.9.8a
>
>  
>
> We are required to perform the following self tests on our implementation of
> OpenSSL for FIPs:
>
>  
>
> Known Answer Tests:
>
> -RSA
>
> -3DES
>
> -Pseudorandom Number Generator (PRNG)
>
> -HMAC SHA-1
>
>  
>
> Continuous Random Number Generator Test for the PRNG
>
>  
>
> Continuous Random Number Generator Test to test the entropy of the RNG
>
>  
>
> Can anyone tell
>
> -if these are already done internally in OpenSSL (I imagine the OpenSSL
> 0.9.7 FIPs version does them but we must use 0.9.8a since that is the one we
> have working on PocketPC)
>
> -or if there are functions we can call in OpenSSL to do them.
>
>

There is no FIPS code in 0.9.8. Even if you could use 0.9.7 FIPS it is unlikely
to be covered by any certification on that platform: so it would need to be
validated separately.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: SPAM-URL Re: Performing Self Tests

OpenSSLGRT
Hi -

I understand 0.9.8a has no FIPs code and we will not have to have it
validated, but rather we are using this in our PDA product to force TLS and
to allow selecting of correct cipher suites and that product will be the
thing to be validated and so since OpenSSL 0.9.8a is not FIPs validated we
are required to perform the Known Answer Tests:
-RSA
-3DES
-Pseudorandom Number Generator (PRNG)
-HMAC SHA-1
and Continuous Random Number Generator Test for the PRNG
and Continuous Random Number Generator Test to test the entropy of the RNG

I am wondering if these tests are in OpenSSL already and we can call funcs
to do them.

Thank you

>
There is no FIPS code in 0.9.8. Even if you could use 0.9.7 FIPS it is
unlikely
to be covered by any certification on that platform: so it would need to be
validated separately.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]