The full output of fips_test_suite post is below. I tried changing
AESNI_CAPABLE to 0 as you suggested, and all tests now succeed, as Ken also
experienced.
Here's the output of fips_test_suite:
POST started
DRBG AES-128-CTR DF test started
DRBG AES-128-CTR DF test OK
DRBG AES-192-CTR DF test started
DRBG AES-192-CTR DF test OK
DRBG AES-256-CTR DF test started
DRBG AES-256-CTR DF test OK
DRBG AES-128-CTR test started
DRBG AES-128-CTR test OK
DRBG AES-192-CTR test started
DRBG AES-192-CTR test OK
DRBG AES-256-CTR test started
DRBG AES-256-CTR test OK
DRBG SHA1 test started
DRBG SHA1 test OK
DRBG SHA224 test started
DRBG SHA224 test OK
DRBG SHA256 test started
DRBG SHA256 test OK
DRBG SHA384 test started
DRBG SHA384 test OK
DRBG SHA512 test started
DRBG SHA512 test OK
X9.31 PRNG keylen=16 test started
X9.31 PRNG keylen=16 test OK
X9.31 PRNG keylen=24 test started
X9.31 PRNG keylen=24 test OK
X9.31 PRNG keylen=32 test started
X9.31 PRNG keylen=32 test OK
Digest SHA1 test started
Digest SHA1 test OK
Digest SHA1 test started
Digest SHA1 test OK
Digest SHA1 test started
Digest SHA1 test OK
HMAC SHA1 test started
HMAC SHA1 test OK
HMAC SHA224 test started
HMAC SHA224 test OK
HMAC SHA256 test started
HMAC SHA256 test OK
HMAC SHA384 test started
HMAC SHA384 test OK
HMAC SHA512 test started
HMAC SHA512 test OK
CMAC AES-128-CBC test started
CMAC AES-128-CBC test OK
CMAC AES-192-CBC test started
CMAC AES-192-CBC test OK
CMAC AES-256-CBC test started
CMAC AES-256-CBC test OK
CMAC DES-EDE3-CBC test started
CMAC DES-EDE3-CBC test OK
Cipher AES-128-ECB test started
Cipher AES-128-ECB test OK
CCM test started
CCM test FAILED!!
ERROR:2D091086:lib=45,func=145,reason=134:file=.\fips\aes\fips_aes_selftest.c:line=194
GCM test started
GCM test OK
XTS AES-128-XTS test started
XTS AES-128-XTS test OK
XTS AES-256-XTS test started
XTS AES-256-XTS test OK
Cipher DES-EDE3-ECB test started
Cipher DES-EDE3-ECB test OK
Cipher DES-EDE3-ECB test started
Cipher DES-EDE3-ECB test OK
Signature RSA test started
Signature RSA test OK
Signature ECDSA test started
Signature ECDSA test OK
Signature ECDSA test started
Signature ECDSA test OK
Signature DSA test started
Signature DSA test OK
POST Failed
Power-up self test failed
On Fri, Aug 5, 2011 at 4:08 AM, Dr. Stephen Henson <[email protected]>wrote:
> On Thu, Aug 04, 2011, Tyrel Haveman wrote:
>
> > Is there someone in particular who would be optimal to look into this? I
> > have no knowledge of the code or algorithm in question here.
> >
>
> What happens if you do:
>
> fips_test_suite post
>
> Please send the full output.
>
> Also temporarily in e_aes.c try changing the line:
>
> #define AESNI_CAPABLE (1<<(57-32))
>
> to:
>
> #define AESNI_CAPABLE 0
>
> and see if you still get that error.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [email protected]
> Automated List Manager [email protected]
>
