New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hash_gen fails with DRBG_CONT_FAILURE #3657
Comments
Ok, so it's a FIPS thing. But
|
more info, |
Hello @vuvova Could you please try the wolfcrypt test What is the RNG (hardware based, other)? How is it being seeded? |
@embhorn see my last comment, the first two turned out to be misleading, sorry. It's not about entropy or FIPS check, it's about many concurrent threads using the same shared We're calling |
Yes, that looks correct. Thanks! |
We're seeing
RAND_bytes()
failing (returning 0) rather often. Adding printfs in various places we traced it down to this check inHash_gen()
this was printing, for example,
What is the logic behind this check? I don't see it in the NIST DRBG specs (as from http://dx.doi.org/10.6028/NIST.SP.800-90Ar1). It seems to be saying that the first 32 bit of the SHA256 cannot have the same value three times in a row. But it's a RNG, it seems that this coincidence can happen sometimes, even if it's unlikely
The text was updated successfully, but these errors were encountered: