On 09/05/2016 02:09 AM, Leon Brits wrote: > The FIPS validation company says: > > > > “The tests I am most interested in are the failure cases, where you > induce an error in each of the power-on self-tests and conditional tests > (i.e, continuous RNG test, pairwise consistency test).” > > > > Can anybody tell me how I can induce these errors? > > > > I do run the FIPS_selftest() function on demand and the POST has never > failed when I switch to FIPS mode with FIPS_mode_set(). > > > > Thanks > > LJB > > >
So you're trying to obtain your own copycat validation based on the OpenSSL FIPS Object Module code (as many vendors have done). Since that has been done so many times your unnamed FIPS validation consultant or test lab should already be familiar enough with the OpenSSL FIPS module code to immediately know the answer to this question, rather than asking it of you (that's a hint). Most labs or consultants would direct you to the "fips_test_suite" test harness (also called from fips_algvs), which is included in the OpenSSL FIPS module tarballs and documented in the User Guide: https://www.openssl.org/docs/fips/UserGuide-2.0.pdf Test labs typically just run "fips_algv fips_test_suite" for the functional testing, as it was designed for exactly that purpose. -Steve M. -- Steve Marquess OpenSSL Validation Services, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
