Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[openssl-users] openssl fipsalgtest

49 views
Skip to first unread message

xxiao8

unread,
Dec 9, 2015, 12:07:39 AM12/9/15
to
I'm trying to run the algorithm tests under linux for fips 2.0.10 +
openssl 1.0.1e, using the fips-2.0-tv.tar.gz from openssl website, and
saw quite some errors, anything am I missing?

Thanks,
xxiao

----
perl fipsalgtest.pl --dir=/tmp/tv
----
WARNING: unrecognized filename
/tmp/tv/OSF_2464_OE4/DRBG800-90/req/Dual_EC_DRBG.req
WARNING: bogus file /tmp/tv/OSF_2464_OE4/DRBG800-90/resp/Dual_EC_DRBG.rsp
WARNING: bogus file /tmp/tv/OSF_2464_OE4/TDES/resp/TOFBMonte1.rsp
WARNING: bogus file /tmp/tv/OSF_2464_OE4/TDES/resp/TOFBMMT1.rsp
WARNING: bogus file /tmp/tv/OSF_2464_OE4/TDES/resp/TCBCMonte1.rsp
WARNING: bogus file /tmp/tv/OSF_2464_OE4/TDES/resp/TCFB8Monte1.rsp
WARNING: bogus file /tmp/tv/OSF_2464_OE4/TDES/resp/TECBMMT1.rsp
WARNING: bogus file /tmp/tv/OSF_2464_OE4/TDES/resp/TCBCMMT1.rsp
WARNING: bogus file /tmp/tv/OSF_2464_OE4/TDES/resp/TCFB8MMT1.rsp
WARNING: bogus file /tmp/tv/OSF_2464_OE4/TDES/resp/TCFB64MMT1.rsp
WARNING: bogus file /tmp/tv/OSF_2464_OE4/TDES/resp/TCFB1Monte1.rsp
WARNING: bogus file /tmp/tv/OSF_2464_OE4/TDES/resp/TECBMonte1.rsp
WARNING: bogus file /tmp/tv/OSF_2464_OE4/TDES/resp/TCFB1MMT1.rsp
WARNING: bogus file /tmp/tv/OSF_2464_OE4/TDES/resp/TCFB64Monte1.rsp
WARNING: unrecognized filename /tmp/tv/OSF_2464_OE4/TDES/req/TOFBMMT1.req
WARNING: unrecognized filename /tmp/tv/OSF_2464_OE4/TDES/req/TCFB64MMT1.req
WARNING: unrecognized filename /tmp/tv/OSF_2464_OE4/TDES/req/TECBMonte1.req
WARNING: unrecognized filename
/tmp/tv/OSF_2464_OE4/TDES/req/TCFB64Monte1.req
WARNING: unrecognized filename /tmp/tv/OSF_2464_OE4/TDES/req/TCFB1Monte1.req
WARNING: unrecognized filename /tmp/tv/OSF_2464_OE4/TDES/req/TCFB8MMT1.req
WARNING: unrecognized filename /tmp/tv/OSF_2464_OE4/TDES/req/TOFBMonte1.req
WARNING: unrecognized filename /tmp/tv/OSF_2464_OE4/TDES/req/TECBMMT1.req
WARNING: unrecognized filename /tmp/tv/OSF_2464_OE4/TDES/req/TCBCMMT1.req
WARNING: unrecognized filename /tmp/tv/OSF_2464_OE4/TDES/req/TCFB1MMT1.req
WARNING: unrecognized filename /tmp/tv/OSF_2464_OE4/TDES/req/TCFB8Monte1.req
WARNING: unrecognized filename /tmp/tv/OSF_2464_OE4/TDES/req/TCBCMonte1.req
WARNING: bogus file /tmp/tv/OSF_2464_OE4/DSA/resp/PQGGen.rsp
WARNING: bogus file /tmp/tv/OSF_2464_OE4/DSA/resp/SigGen.rsp
WARNING: bogus file /tmp/tv/OSF_2464_OE4/DSA/resp/KeyPair.rsp
WARNING: bogus file /tmp/tv/OSF_2464_OE4/DSA/resp/SigVer.rsp
WARNING: unrecognized filename /tmp/tv/OSF_2464_OE4/DSA/req/KeyPair.req
WARNING: unrecognized filename /tmp/tv/OSF_2464_OE4/DSA/req/SigVer.req
WARNING: unrecognized filename /tmp/tv/OSF_2464_OE4/DSA/req/PQGGen.req
WARNING: unrecognized filename /tmp/tv/OSF_2464_OE4/DSA/req/SigGen.req
WARNING: unrecognized filename /tmp/tv/OSF_2464_OE4/ECDSA/req/SigVer.req
WARNING: unrecognized filename /tmp/tv/OSF_2464_OE4/ECDSA/req/PKV.req
WARNING: unrecognized filename /tmp/tv/OSF_2464_OE4/ECDSA/req/SigGen.req
WARNING: unrecognized filename /tmp/tv/OSF_2464_OE4/ECDSA/req/KeyPair.req
WARNING: bogus file /tmp/tv/OSF_2464_OE4/ECDSA/resp/SigGen.rsp
WARNING: bogus file /tmp/tv/OSF_2464_OE4/ECDSA/resp/PKV.rsp
WARNING: bogus file /tmp/tv/OSF_2464_OE4/ECDSA/resp/SigVer.rsp
WARNING: bogus file /tmp/tv/OSF_2464_OE4/ECDSA/resp/KeyPair.rsp
ERROR: 42 bogus or duplicate request and response files

_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Steve Marquess

unread,
Dec 9, 2015, 8:04:30 AM12/9/15
to
On 12/09/2015 12:06 AM, xxiao8 wrote:
> I'm trying to run the algorithm tests under linux for fips 2.0.10 +
> openssl 1.0.1e, using the fips-2.0-tv.tar.gz from openssl website, and
> saw quite some errors, anything am I missing?

fipsalgtest.pl is a utility of value only for performing formal CAVP
algorithm testing. Unfortunately the CAVP is constantly changing the
format of the algorithm test files ("test vectors"), so by the time you
try to use fipsalgtest.pl on a newly obtained set of test vectors for
your validation attempt it probably won't exactly match. You'll need to
dig in and figure out the discrepancies.

Also note it's not at all unusual to receive incorrect test vectors (the
CAVS tool that generates them is very labor intensive and it's all too
easy for the test lab to miss a checkbox or whatever). Figuring out
whether a discrepancy is due to a legitimate format change or outright
error, and then convincing the test lab and CAVP of the latter, can be fun.

We developed this tool because we were doing platform tests by the
hundreds. For a one-off validation you may want to consider just
hand-jamming the "--generate-script" file.

I'll also note that sorting out the algorithm tests will be relatively
trivial compared to hacking the OpenSSL FIPS Object Module v2.0 code to
meet all the new requirements that have accumulated since that
validation was obtained. You'll want to do those mods before the
algorithm testing.

-Steve M.

--
Steve Marquess
OpenSSL Software Foundation
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marq...@openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc

hbuja...@digi.com

unread,
Jun 29, 2017, 9:19:44 AM6/29/17
to
I came to this party late... but just in case it can help other people...
In the openssl-fips-2.0.14 release, there are a couple of arguments that let you skip the warnings reported above and progress:
--quiet-bogus --quiet-missing

Robert Rodriguez

unread,
Jul 19, 2023, 7:22:50 AM7/19/23
to
A garage door spring replacement is a job frequently https://garagedoorrepairhighlandsprings.net/garage-door-replacement/ undertaken by a professional Garage Door Spring Replacement Company.
0 new messages