[openssl-users] FIPS Object Module 2.0, fipsalgtest.pl fails

Steve Marquess marquess at openssl.com
Mon Oct 2 15:39:11 UTC 2017

On 10/02/2017 10:29 AM, Diaz de Grenu, Jose wrote:
>> The FIPS module and test suite software (fipsalgtest.pl) are designed to work with exactly those algorithm tests relevant to the associated validations
>> (#1747/2398/2473). The test labs generate a unique set of test vectors for each platform validation; those test vectors must be of the expected format to 
>>  be successfully processed. Often they are not, either because they we incorrectly specified or due to errors. Figuring out such discrepancies can be lots of
>  > fun (not!).
>> You will want to compare your test vectors with a known good set from http://openssl.com/testing/validation-2.0/testvectors/. Pick a recent set, as the format of the test vectors changes over time. Note that as 
>> a result frequent adjustment of fipsalgtest.pl is often necessary.
> I have tried with all the tarballs but I am not able to find one which works without errors.

You reprocessed all of the hundreds of test vectors? I'm impressed. That
must have taken many days of compute time.

> Is there any way to check which test vector were used for FIPS Object Module 2.0.16?

The most recent set of test vectors used for a 2.0.16 OE is:


You have no way of knowing that because we don't publish a mapping of
test vectors to OEs (and most FIPS 140 module vendors don't publish
anything at all). And before you ask, no, while we're delighted to be an
open source model for other validations I'm not keen on spending time
specifically supporting proprietary validations that don't benefit the
OpenSSL community as a whole.

Please note that if you're trying to do your own "private label"
validation you'll have to use a new unique set of test vectors provided
by your accredited test lab; reprocessing a previously used set doesn't
buy you much.

-Steve M.

Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
+1 301 874 2571
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc

More information about the openssl-users mailing list