On Wed, Apr 01, 2015, jonetsu wrote:
Hello,
As part of development, still using the fips_hmac test code, this time on a
target unit using 1.0.1e, the following errors are shown at the console:
3069614096:error:2D088086:FIPS
routines:FIPS_selftest_x931:selftest
failed:fips_rand_selftest.c:171:
3069614096:error:2D082086:FIPS
routines:FIPS_selftest_cmac:selftest
failed:fips_cmac_selftest.c:178:
3069614096:error:2D080086:FIPS
routines:FIPS_selftest_aes:selftest
failed:fips_aes_selftest.c:97:
3069614096:error:2D090086:FIPS
routines:FIPS_selftest_aes_xts:selftest
failed:fips_aes_selftest.c:383:
3069614096:error:2D083086:FIPS
routines:FIPS_selftest_des:selftest
failed:fips_des_selftest.c:102:
What is the troubleshooting path from here ? Is it only by going to the
appropriate code line ? In the first case, the FIPS_selftest_x931() is
concerned, with the 171 line being:
FIPSerr(FIPS_F_FIPS_SELFTEST_X931,FIPS_R_SELFTEST_FAILED). Which basically
means that the actual test code has to be examined. There is documentation in
the User Guide, section 6.3.1, although it does not seem to be practical to
find out the cause of the failure. There are seemingly no log messages
generated. Information that would give hints as to why a specific test could
fail would be useful. In this case, there's mention of the V seed value
being corrupted but only for simulation mode.
In short, how to find what could be the cause(s) of FIPS test(s) failure(s) ?
Does fips_test_suite from the FIPS module produce similar errors?
Most tests are known answer tests (KAT). That is they pass known inputs to
the algorithm and check to see if the output matches the expected value. As
such the only reason a self test could fail is that the algorithm is
misbehaving: the most common reason for that is a compiler bug.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
