This is only conjecture, but it is an educated conjecture. I've done several implementations of FIPS-approved RNGs, and once had trouble with the RNG test failing.
The algorithm we used was the one in FIPS 186-2 appendix 3. This algorithm involves taking an SHA-1 hash, and then treating it as a 160-bit integer and adding it (mod 2^160) to some other value. The problem turned out to be that the test vectors were for the opposite endianness as the host. (Sorry, I have done both little- and big-endian implementations, and I can't remember which one had the trouble.) Thus we had to treat the hash output as 5 words, and byte reverse each word before considering it as 32 bits of the 160-bit integer. Obviously, swapping bytes of a hash output is a waste of cycles, and does nothing for security. But if you have to do it to pass, you have to do it. -- David Jacobson --- On Thu, 2/12/09, RussMitch <[email protected]> wrote: From: RussMitch <[email protected]> Subject: Re: FIPS_selftest_rng fails on Solaris10 x86 To: [email protected] Date: Thursday, February 12, 2009, 11:49 AM No, the test/fips_test_suite does not run correctly, here's the results: FIPS-mode test application 1. Non-Approved cryptographic operation test... a. Included algorithm (D-H)...successful ERROR:2d072065:lib=45,func=114,reason=101:file=fips_rand_selftest.c:line=364: 2. Automatic power-up self test...FAILED! /Russ Dr. Stephen Henson wrote: > > On Thu, Feb 12, 2009, RussMitch wrote: > >> >> Hello, >> >> I've built openssl-0.9.8j on Solaris10 Update 5 as follows: >> >> ./config fipscanisterbuild >> make clean >> make >> > > That's against the security policy. > >> Next, I've created a simple program that calls FIPS_mode_set(1) and links >> to >> the libraries in /usr/local/ssl/fips/lib. >> >> The first two tests, FIPS_signature_witness() and >> FIPS_check_incore_fingerprint() PASS. >> >> The third test, FIPS_selftest_rng FAILS. >> >> I've also tried the exact same procedure on a Fedora Core5 linux based >> machine, and all of the tests PASS. >> >> Anyone have an idea of what may be wrong? >> > > Does test/fips_test_suite run correctly? > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [email protected] > > -- View this message in context: http://www.nabble.com/FIPS_selftest_rng-fails-on-Solaris10-x86-tp21980325p21983578.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
