The full output of fips_test_suite post is below. I tried changing
AESNI_CAPABLE to 0 as you suggested, and all tests now succeed, as Ken also
experienced.

Here's the output of fips_test_suite:

        POST started
                DRBG AES-128-CTR DF test started
                DRBG AES-128-CTR DF test OK
                DRBG AES-192-CTR DF test started
                DRBG AES-192-CTR DF test OK
                DRBG AES-256-CTR DF test started
                DRBG AES-256-CTR DF test OK
                DRBG AES-128-CTR test started
                DRBG AES-128-CTR test OK
                DRBG AES-192-CTR test started
                DRBG AES-192-CTR test OK
                DRBG AES-256-CTR test started
                DRBG AES-256-CTR test OK
                DRBG SHA1 test started
                DRBG SHA1 test OK
                DRBG SHA224 test started
                DRBG SHA224 test OK
                DRBG SHA256 test started
                DRBG SHA256 test OK
                DRBG SHA384 test started
                DRBG SHA384 test OK
                DRBG SHA512 test started
                DRBG SHA512 test OK
                X9.31 PRNG keylen=16 test started
                X9.31 PRNG keylen=16 test OK
                X9.31 PRNG keylen=24 test started
                X9.31 PRNG keylen=24 test OK
                X9.31 PRNG keylen=32 test started
                X9.31 PRNG keylen=32 test OK
                Digest SHA1 test started
                Digest SHA1 test OK
                Digest SHA1 test started
                Digest SHA1 test OK
                Digest SHA1 test started
                Digest SHA1 test OK
                HMAC SHA1 test started
                HMAC SHA1 test OK
                HMAC SHA224 test started
                HMAC SHA224 test OK
                HMAC SHA256 test started
                HMAC SHA256 test OK
                HMAC SHA384 test started
                HMAC SHA384 test OK
                HMAC SHA512 test started
                HMAC SHA512 test OK
                CMAC AES-128-CBC test started
                CMAC AES-128-CBC test OK
                CMAC AES-192-CBC test started
                CMAC AES-192-CBC test OK
                CMAC AES-256-CBC test started
                CMAC AES-256-CBC test OK
                CMAC DES-EDE3-CBC test started
                CMAC DES-EDE3-CBC test OK
                Cipher AES-128-ECB test started
                Cipher AES-128-ECB test OK
                CCM  test started
                CCM  test FAILED!!
ERROR:2D091086:lib=45,func=145,reason=134:file=.\fips\aes\fips_aes_selftest.c:line=194
                GCM  test started
                GCM  test OK
                XTS AES-128-XTS test started
                XTS AES-128-XTS test OK
                XTS AES-256-XTS test started
                XTS AES-256-XTS test OK
                Cipher DES-EDE3-ECB test started
                Cipher DES-EDE3-ECB test OK
                Cipher DES-EDE3-ECB test started
                Cipher DES-EDE3-ECB test OK
                Signature RSA test started
                Signature RSA test OK
                Signature ECDSA test started
                Signature ECDSA test OK
                Signature ECDSA test started
                Signature ECDSA test OK
                Signature DSA test started
                Signature DSA test OK
        POST Failed
Power-up self test failed

On Fri, Aug 5, 2011 at 4:08 AM, Dr. Stephen Henson <st...@openssl.org>wrote:

> On Thu, Aug 04, 2011, Tyrel Haveman wrote:
>
> > Is there someone in particular who would be optimal to look into this? I
> > have no knowledge of the code or algorithm in question here.
> >
>
> What happens if you do:
>
> fips_test_suite post
>
> Please send the full output.
>
> Also temporarily in e_aes.c try changing the line:
>
> #define AESNI_CAPABLE   (1<<(57-32))
>
> to:
>
> #define AESNI_CAPABLE   0
>
> and see if you still get that error.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       openssl-dev@openssl.org
> Automated List Manager                           majord...@openssl.org
>

Reply via email to