RE: FIPS CCM self-test failure
FYI: We believe this could also be a problem on Linux and Solaris x86 when running on the same CPU, but it's hard to know, as the asm code is a little different for windows. Jim Peterson PKWARE, Inc. From: owner-openssl-...@openssl.orgmailto:owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org]mailto:[mailto:owner-openssl-...@openssl.org] On Behalf Of Tyrel Haveman Sent: Thursday, August 04, 2011 12:25 PM To: openssl-dev@openssl.orgmailto:openssl-dev@openssl.org Subject: FIPS CCM self-test failure Hello, After building the FIPS module on Windows using the do_fips.bat script, I run the fips_test_suite.exe. On most machines all tests succeed. But on one machine I have, the CCM test fails (exact error below). I did a bit of debugging and it looks like the functions are simply returning the wrong encoded bytes. The only thing I can find that distinguishes this machine from the others, where it succeeds, is that this machine has an Intel Core i7 CPU, while the others are older CPUs. Out of curiousity I tried building with no-asm (which I know is not supported), and then all the tests succeed on all the machines. This leads me to believe that there's a problem with the assembly code. Note that I tried both 32-bit and 64-bit builds and it's the same problem with both. Here is where the error is being reported: CCM test started CCM test FAILED!! ERROR:2D091086:lib=45,func=145,reason=134:file=.\fips\aes\fips_aes_selftest.c:line=194 What do you think? Thanks, Tyrel
Re: FIPS CCM self-test failure
FYI: We believe this could also be a problem on Linux and Solaris x86 when running on the same CPU, but it's hard to know, as the asm code is a little different for windows. It was an os-independent problem and fix applies to *all* x86[_64] platforms, Windows or not. Asm code is not really different on Windows, only prologue and epilogue are different that allow Unix code to be used on Windows. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS CCM self-test failure
Thank you, Andy, this works great! Also thanks for fixing it so quickly. Tyrel On Sun, Aug 7, 2011 at 11:02 AM, Andy Polyakov ap...@openssl.org wrote: The error happens in fips_aes_selftest.c, lines 157-159: if (memcmp(tag, ccm_tag, sizeof(ccm_tag)) || memcmp(out, ccm_ct, sizeof(ccm_ct))) goto err; That's where the error *detected*, not occurs:-) The problem is fixed now in http://cvs.openssl.org/chngview?cn=21213. From: Dr. Stephen Henson st...@openssl.org Also temporarily in e_aes.c try changing the line: #define AESNI_CAPABLE (1(57-32)) to: #define AESNI_CAPABLE 0 and see if you still get that error. For reference. Faster way (in sense that it doesn't involve modifying code and recompilation) to disable AESNI is to env OPENSSL_ia32cap=~0x200 test/fips_test_suite A. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS CCM self-test failure
Same here, works great. Fantastic work, especially considering this was fixed over the weekend! Ken --- On Mon, 8/8/11, Tyrel Haveman ty...@binarypeople.net wrote: From: Tyrel Haveman ty...@binarypeople.net Subject: Re: FIPS CCM self-test failure To: openssl-dev@openssl.org Date: Monday, August 8, 2011, 11:33 AM Thank you, Andy, this works great! Also thanks for fixing it so quickly. Tyrel On Sun, Aug 7, 2011 at 11:02 AM, Andy Polyakov ap...@openssl.org wrote: The error happens in fips_aes_selftest.c, lines 157-159: if (memcmp(tag, ccm_tag, sizeof(ccm_tag)) || memcmp(out, ccm_ct, sizeof(ccm_ct))) goto err; That's where the error *detected*, not occurs:-) The problem is fixed now in http://cvs.openssl.org/chngview?cn=21213. From: Dr. Stephen Henson st...@openssl.org Also temporarily in e_aes.c try changing the line: #define AESNI_CAPABLE (1(57-32)) to: #define AESNI_CAPABLE 0 and see if you still get that error. For reference. Faster way (in sense that it doesn't involve modifying code and recompilation) to disable AESNI is to env OPENSSL_ia32cap=~0x200 test/fips_test_suite A. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS CCM self-test failure
The error happens in fips_aes_selftest.c, lines 157-159: if (memcmp(tag, ccm_tag, sizeof(ccm_tag)) || memcmp(out, ccm_ct, sizeof(ccm_ct))) goto err; That's where the error *detected*, not occurs:-) The problem is fixed now in http://cvs.openssl.org/chngview?cn=21213. From: Dr. Stephen Henson st...@openssl.org Also temporarily in e_aes.c try changing the line: #define AESNI_CAPABLE (1(57-32)) to: #define AESNI_CAPABLE 0 and see if you still get that error. For reference. Faster way (in sense that it doesn't involve modifying code and recompilation) to disable AESNI is to env OPENSSL_ia32cap=~0x200 test/fips_test_suite A. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS CCM self-test failure
On Thu, Aug 04, 2011, Tyrel Haveman wrote: Is there someone in particular who would be optimal to look into this? I have no knowledge of the code or algorithm in question here. What happens if you do: fips_test_suite post Please send the full output. Also temporarily in e_aes.c try changing the line: #define AESNI_CAPABLE (1(57-32)) to: #define AESNI_CAPABLE 0 and see if you still get that error. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS CCM self-test failure
Dr. Henson Changing #define AESNI_CAPABLE 0 resolved the problem. All the tests run ok. Ken --- On Fri, 8/5/11, Dr. Stephen Henson st...@openssl.org wrote: From: Dr. Stephen Henson st...@openssl.org Subject: Re: FIPS CCM self-test failure To: openssl-dev@openssl.org Date: Friday, August 5, 2011, 6:08 AM On Thu, Aug 04, 2011, Tyrel Haveman wrote: Is there someone in particular who would be optimal to look into this? I have no knowledge of the code or algorithm in question here. What happens if you do: fips_test_suite post Please send the full output. Also temporarily in e_aes.c try changing the line: #define AESNI_CAPABLE (1(57-32)) to: #define AESNI_CAPABLE 0 and see if you still get that error. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS CCM self-test failure
Dr. Henson The error happens in fips_aes_selftest.c, lines 157-159: if (memcmp(tag, ccm_tag, sizeof(ccm_tag)) || memcmp(out, ccm_ct, sizeof(ccm_ct))) goto err; If I comment out these three lines, all tests run ok. Ken --- On Fri, 8/5/11, Dr. Stephen Henson st...@openssl.org wrote: From: Dr. Stephen Henson st...@openssl.org Subject: Re: FIPS CCM self-test failure To: openssl-dev@openssl.org Date: Friday, August 5, 2011, 6:08 AM On Thu, Aug 04, 2011, Tyrel Haveman wrote: Is there someone in particular who would be optimal to look into this? I have no knowledge of the code or algorithm in question here. What happens if you do: fips_test_suite post Please send the full output. Also temporarily in e_aes.c try changing the line: #define AESNI_CAPABLE (1(57-32)) to: #define AESNI_CAPABLE 0 and see if you still get that error. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS CCM self-test failure
The full output of fips_test_suite post is below. I tried changing AESNI_CAPABLE to 0 as you suggested, and all tests now succeed, as Ken also experienced. Here's the output of fips_test_suite: POST started DRBG AES-128-CTR DF test started DRBG AES-128-CTR DF test OK DRBG AES-192-CTR DF test started DRBG AES-192-CTR DF test OK DRBG AES-256-CTR DF test started DRBG AES-256-CTR DF test OK DRBG AES-128-CTR test started DRBG AES-128-CTR test OK DRBG AES-192-CTR test started DRBG AES-192-CTR test OK DRBG AES-256-CTR test started DRBG AES-256-CTR test OK DRBG SHA1 test started DRBG SHA1 test OK DRBG SHA224 test started DRBG SHA224 test OK DRBG SHA256 test started DRBG SHA256 test OK DRBG SHA384 test started DRBG SHA384 test OK DRBG SHA512 test started DRBG SHA512 test OK X9.31 PRNG keylen=16 test started X9.31 PRNG keylen=16 test OK X9.31 PRNG keylen=24 test started X9.31 PRNG keylen=24 test OK X9.31 PRNG keylen=32 test started X9.31 PRNG keylen=32 test OK Digest SHA1 test started Digest SHA1 test OK Digest SHA1 test started Digest SHA1 test OK Digest SHA1 test started Digest SHA1 test OK HMAC SHA1 test started HMAC SHA1 test OK HMAC SHA224 test started HMAC SHA224 test OK HMAC SHA256 test started HMAC SHA256 test OK HMAC SHA384 test started HMAC SHA384 test OK HMAC SHA512 test started HMAC SHA512 test OK CMAC AES-128-CBC test started CMAC AES-128-CBC test OK CMAC AES-192-CBC test started CMAC AES-192-CBC test OK CMAC AES-256-CBC test started CMAC AES-256-CBC test OK CMAC DES-EDE3-CBC test started CMAC DES-EDE3-CBC test OK Cipher AES-128-ECB test started Cipher AES-128-ECB test OK CCM test started CCM test FAILED!! ERROR:2D091086:lib=45,func=145,reason=134:file=.\fips\aes\fips_aes_selftest.c:line=194 GCM test started GCM test OK XTS AES-128-XTS test started XTS AES-128-XTS test OK XTS AES-256-XTS test started XTS AES-256-XTS test OK Cipher DES-EDE3-ECB test started Cipher DES-EDE3-ECB test OK Cipher DES-EDE3-ECB test started Cipher DES-EDE3-ECB test OK Signature RSA test started Signature RSA test OK Signature ECDSA test started Signature ECDSA test OK Signature ECDSA test started Signature ECDSA test OK Signature DSA test started Signature DSA test OK POST Failed Power-up self test failed On Fri, Aug 5, 2011 at 4:08 AM, Dr. Stephen Henson st...@openssl.orgwrote: On Thu, Aug 04, 2011, Tyrel Haveman wrote: Is there someone in particular who would be optimal to look into this? I have no knowledge of the code or algorithm in question here. What happens if you do: fips_test_suite post Please send the full output. Also temporarily in e_aes.c try changing the line: #define AESNI_CAPABLE (1(57-32)) to: #define AESNI_CAPABLE 0 and see if you still get that error. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
FIPS CCM self-test failure
Hello, After building the FIPS module on Windows using the do_fips.bat script, I run the fips_test_suite.exe. On most machines all tests succeed. But on one machine I have, the CCM test fails (exact error below). I did a bit of debugging and it looks like the functions are simply returning the wrong encoded bytes. The only thing I can find that distinguishes this machine from the others, where it succeeds, is that this machine has an Intel Core i7 CPU, while the others are older CPUs. Out of curiousity I tried building with no-asm (which I know is not supported), and then all the tests succeed on all the machines. This leads me to believe that there's a problem with the assembly code. Note that I tried both 32-bit and 64-bit builds and it's the same problem with both. Here is where the error is being reported: CCM test started CCM test FAILED!! ERROR:2D091086:lib=45,func=145,reason=134:file=.\fips\aes\fips_aes_selftest.c:line=194 What do you think? Thanks, Tyrel
Re: FIPS CCM self-test failure
I see the same exact same thing. I compile on a 32 bit XP system and test runs ok. I copy the compiled exe's to a HP 64-bit Windows 7 machine with Intel i7-2600 and the test fails with same exact error. Ken --- On Thu, 8/4/11, Dr. Stephen Henson st...@openssl.org wrote: From: Dr. Stephen Henson st...@openssl.org Subject: Re: FIPS CCM self-test failure To: openssl-dev@openssl.org Date: Thursday, August 4, 2011, 6:48 PM On Thu, Aug 04, 2011, Tyrel Haveman wrote: Hello, After building the FIPS module on Windows using the do_fips.bat script, I run the fips_test_suite.exe. On most machines all tests succeed. But on one machine I have, the CCM test fails (exact error below). I did a bit of debugging and it looks like the functions are simply returning the wrong encoded bytes. The only thing I can find that distinguishes this machine from the others, where it succeeds, is that this machine has an Intel Core i7 CPU, while the others are older CPUs. Out of curiousity I tried building with no-asm (which I know is not supported), and then all the tests succeed on all the machines. This leads me to believe that there's a problem with the assembly code. Note that I tried both 32-bit and 64-bit builds and it's the same problem with both. Here is where the error is being reported: CCM test started CCM test FAILED!! ERROR:2D091086:lib=45,func=145,reason=134:file=.\fips\aes\fips_aes_selftest.c:line=194 What do you think? Could be a problem with the AES-NI support for CCM which is rather new. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS CCM self-test failure
Is there someone in particular who would be optimal to look into this? I have no knowledge of the code or algorithm in question here. Tyrel On Thu, Aug 4, 2011 at 4:48 PM, Dr. Stephen Henson st...@openssl.orgwrote: On Thu, Aug 04, 2011, Tyrel Haveman wrote: Hello, After building the FIPS module on Windows using the do_fips.bat script, I run the fips_test_suite.exe. On most machines all tests succeed. But on one machine I have, the CCM test fails (exact error below). I did a bit of debugging and it looks like the functions are simply returning the wrong encoded bytes. The only thing I can find that distinguishes this machine from the others, where it succeeds, is that this machine has an Intel Core i7 CPU, while the others are older CPUs. Out of curiousity I tried building with no-asm (which I know is not supported), and then all the tests succeed on all the machines. This leads me to believe that there's a problem with the assembly code. Note that I tried both 32-bit and 64-bit builds and it's the same problem with both. Here is where the error is being reported: CCM test started CCM test FAILED!! ERROR:2D091086:lib=45,func=145,reason=134:file=.\fips\aes\fips_aes_selftest.c:line=194 What do you think? Could be a problem with the AES-NI support for CCM which is rather new. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
