Also for comparison, my MinGW version which I also rebuilt today
following the same guidelines, gives this result:
FIPS-mode test application
1. Non-Approved cryptographic operation test...
a. Included algorithm (D-H)...successful
2. Automatic power-up self test...successful
3. AES encryption/decryption...successful
4. RSA key generation and encryption/decryption...successful
5. DES-ECB encryption/decryption...successful
6. DSA key generation and signature validation...successful
7a. SHA-1 hash...successful
7b. SHA-256 hash...successful
7c. SHA-512 hash...successful
7d. HMAC-SHA-1 hash...successful
7e. HMAC-SHA-224 hash...successful
7f. HMAC-SHA-256 hash...successful
7g. HMAC-SHA-384 hash...successful
7h. HMAC-SHA-512 hash...successful
8. Non-Approved cryptographic operation test...
a. Included algorithm (D-H)...successful as expected
9. Zero-ization...
Generated 128 byte RSA private key
BN key before overwriting:
96774EB027F09F3DC58EAC3CD5FC7225CC9F85F1DBDE8B85329A2E7655918D66CD6BD974FE1411F59916BEB5B14E935C608D87756315F82B681492EA866143D274DC4BACEAD05D954FA3C97A2E8CAF4794D9056A05FE102B1D0B06E1C58C4A258360501A6CF6DC005FBE4BE99972A60066F703912D61D0CBE0430198C969FEB9
BN key after overwriting:
50DAD8481B99A819AD034FC1602018E3F70340F5386B9EC5DA27D69C23E2CC8C67DCE6606E50063DD999CE79004F5DA734345FD1EE6AE79CE8F9D7DEAA5D7A8BBCCC983E7DDF7326BC411FAC7D4AB2B830192AA0436A986B52E37764AA7322183A5448E52AF86369E68E90D99864905A16BEEC0304A17CD491061ABABB7677AE
char buffer key before overwriting:
4850f0a33aedd3af6e477f8302b10968
char buffer key after overwriting:
600d4e386f23722bc0ae57f4ece7948e
All tests completed with 0 errors
So can I assume there is something with Solaris 10 causing this error?
Hope this helps... and thank you
LE
Elia, Leonard F. wrote:
Thank you for your input.
I rebuilt with nothing but config fips; the test you requested fails
with this:
FIPS-mode test application
1. Non-Approved cryptographic operation test...
a. Included algorithm (D-H)...successful
6385:error:2A068065:FIPS routines:FIPS_selftest_aes:selftest
failed:fips_aes_selftest.c:92:
2. Automatic power-up self test...FAILED!
LE
Dr. Stephen Henson wrote:
That isn't the approved build procedure. You must do:
./config fips
and *nothing* else otherwise it is a violation of the security policy.
Though that isn't the cause of the problem. When you build from
validated
sources what does:
test/fips_test_suite
produce?
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
