Also for comparison, my MinGW version which I also rebuilt today
following the same guidelines, gives this result:

FIPS-mode test application

1. Non-Approved cryptographic operation test...
a. Included algorithm (D-H)...successful
2. Automatic power-up self test...successful
3. AES encryption/decryption...successful
4. RSA key generation and encryption/decryption...successful
5. DES-ECB encryption/decryption...successful
6. DSA key generation and signature validation...successful
7a. SHA-1 hash...successful
7b. SHA-256 hash...successful
7c. SHA-512 hash...successful
7d. HMAC-SHA-1 hash...successful
7e. HMAC-SHA-224 hash...successful
7f. HMAC-SHA-256 hash...successful
7g. HMAC-SHA-384 hash...successful
7h. HMAC-SHA-512 hash...successful
8. Non-Approved cryptographic operation test...
a. Included algorithm (D-H)...successful as expected
9. Zero-ization...
Generated 128 byte RSA private key
BN key before overwriting:
96774EB027F09F3DC58EAC3CD5FC7225CC9F85F1DBDE8B8532 9A2E7655918D66CD6BD974FE1411F59916BEB5B14E935C608D 87756315F82B681492EA866143D274DC4BACEAD05D954FA3C9 7A2E8CAF4794D9056A05FE102B1D0B06E1C58C4A258360501A 6CF6DC005FBE4BE99972A60066F703912D61D0CBE0430198C9 69FEB9
BN key after overwriting:
50DAD8481B99A819AD034FC1602018E3F70340F5386B9EC5DA 27D69C23E2CC8C67DCE6606E50063DD999CE79004F5DA73434 5FD1EE6AE79CE8F9D7DEAA5D7A8BBCCC983E7DDF7326BC411F AC7D4AB2B830192AA0436A986B52E37764AA7322183A5448E5 2AF86369E68E90D99864905A16BEEC0304A17CD491061ABABB 7677AE
char buffer key before overwriting:
char buffer key after overwriting:

All tests completed with 0 errors

So can I assume there is something with Solaris 10 causing this error?
Hope this helps... and thank you


Elia, Leonard F. wrote:
> Thank you for your input.
> I rebuilt with nothing but config fips; the test you requested fails
> with this:
> FIPS-mode test application
> 1. Non-Approved cryptographic operation test...
> a. Included algorithm (D-H)...successful
> 6385:error:2A068065:FIPS routines:FIPS_selftest_aes:selftest
> failed:fips_aes_selftest.c:92:
> 2. Automatic power-up self test...FAILED!
> LE
> Dr. Stephen Henson wrote:
>> That isn't the approved build procedure. You must do:
>> ./config fips
>> and *nothing* else otherwise it is a violation of the security policy.
>> Though that isn't the cause of the problem. When you build from
>> validated
>> sources what does:
>> test/fips_test_suite
>> produce?
>> Steve.
>> --
>> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
>> OpenSSL project core developer and freelance consultant.
>> Funding needed! Details on homepage.
>> Homepage:
>> __________________________________________________ ____________________


__________________________________________________ ____________________
OpenSSL Project
User Support Mailing List
Automated List Manager