[openssl-users] FIPS Object Module 2.0, fipsalgtest.pl fails

Steve Marquess marquess at openssl.com
Thu Sep 28 15:23:06 UTC 2017

On 09/28/2017 11:07 AM, Diaz de Grenu, Jose wrote:
> I am trying to validate the FIPS Object Module. 
> I have built the test tools as specified in [1] Appendix B.1 and I have downloaded and extract the test vectors from [2]. 
> At that point I run the following:
> perl fipsalgtest.pl --dir=/run/media/sda1/fips_tv/OSF_JN2859_OE46.results
> (where /run/media/sda1/fips_tv/OSF_JN2859_OE46.results is the path I extracted the test vectors to).
> That  produces the following output:
> Running DSA2 tests
> Running DSA tests
> Running ECDSA2 tests
> Running RSA tests
> FATAL parse error processing line 4
> ...

The FIPS module and test suite software (fipsalgtest.pl) are designed to
work with exactly those algorithm tests relevant to the associated
validations (#1747/2398/2473). The test labs generate a unique set of
test vectors for each platform validation; those test vectors must be of
the expected format to be successfully processed. Often they are not,
either because they we incorrectly specified or due to errors. Figuring
out such discrepancies can be lots of fun (not!).

You will want to compare your test vectors with a known good set from
http://openssl.com/testing/validation-2.0/testvectors/. Pick a recent
set, as the format of the test vectors changes over time. Note that as a
result frequent adjustment of fipsalgtest.pl is often necessary.

-Steve M.

Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
+1 301 874 2571
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc

More information about the openssl-users mailing list