[openssl-users] OpenSSL FIPS test failure starting from version 1.0.2g
Aaron
wangqun at alumni.nus.edu.sg
Tue Mar 29 02:24:11 UTC 2016
Greetings.
I am using OpenSSl 1.0.2f on various platforms including Solaris, Linux,
RS6000, ibmplinux, HPIA and Windows. Now I am going to upgrade to OpenSSL
1.0.2g. However I hit a test failure when building and tesing 1.0.2g. The
issue occurs on all my platforms except Windows which I haven't tested, so
it is likely a generic problem. The issue didn't occur when I built and
tested 1.0.2f, so it may be a regression in 1.0.2g.
It is very stratforward to repro the issue. Take platform linux_x86-64 as an
example, the repro steps are as follows.
cd openssl-1.0.2g
make clean
./Configure no-idea no-mdc2 no-rc5 no-ec2m fips -m64 no-asm linux-x86_64
make depend
make
make test <--- Hit the issue here.
Error message:
test SSL protocol
test ssl3 is forbidden in FIPS mode
*** IN FIPS MODE ***
Available compression methods:
NONE
46912496310224:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in
fips mode:ssl_lib.c:1877:
46912496310224:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in
fips mode:ssl_lib.c:1877:
test ssl2 is forbidden in FIPS mode
Testing was requested for a disabled protocol. Skipping tests.
make[1]: *** [test_ssl] Error 1
make[1]: Leaving directory
`/tzedek_ocsdev/qun/crs/797167/openssl_diff/openssl-1.0.2g.test/test'
make: *** [tests] Error 2
Anyone knows how to fix the issue please?
Thanks in advance,
Aaron
--
View this message in context: http://openssl.6102.n7.nabble.com/OpenSSL-FIPS-test-failure-starting-from-version-1-0-2g-tp65320.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
More information about the openssl-users
mailing list