[openssl-users] OpenSSL FIPS test failure starting from version 1.0.2g

Aaron wangqun at alumni.nus.edu.sg
Tue Mar 29 02:24:11 UTC 2016


Greetings. 

I am using OpenSSl 1.0.2f on various platforms including Solaris, Linux,
RS6000, ibmplinux, HPIA and Windows. Now I am going to upgrade to OpenSSL
1.0.2g. However I hit a test failure when building and tesing 1.0.2g. The
issue occurs on all my platforms except Windows which I haven't tested, so
it is likely a generic problem. The issue didn't occur when I built and
tested 1.0.2f, so it may be a regression in 1.0.2g.

It is very stratforward to repro the issue. Take platform linux_x86-64 as an
example, the repro steps are as follows. 

cd openssl-1.0.2g 
make clean 
./Configure no-idea no-mdc2 no-rc5 no-ec2m fips -m64 no-asm linux-x86_64 
make depend 
make 
make test    <--- Hit the issue here. 

Error message: 
test SSL protocol 
test ssl3 is forbidden in FIPS mode 
*** IN FIPS MODE *** 
Available compression methods: 
  NONE 
46912496310224:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in
fips mode:ssl_lib.c:1877: 
46912496310224:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in
fips mode:ssl_lib.c:1877: 
test ssl2 is forbidden in FIPS mode 
Testing was requested for a disabled protocol. Skipping tests. 
make[1]: *** [test_ssl] Error 1 
make[1]: Leaving directory
`/tzedek_ocsdev/qun/crs/797167/openssl_diff/openssl-1.0.2g.test/test' 
make: *** [tests] Error 2 

Anyone knows how to fix the issue please? 

Thanks in advance, 
Aaron 




--
View this message in context: http://openssl.6102.n7.nabble.com/OpenSSL-FIPS-test-failure-starting-from-version-1-0-2g-tp65320.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.


More information about the openssl-users mailing list