On 10/02/2017 10:29 AM, Diaz de Grenu, Jose wrote: > >> The FIPS module and test suite software (fipsalgtest.pl) are designed to work with exactly those algorithm tests relevant to the associated validations >> (#1747/2398/2473). The test labs generate a unique set of test vectors for each platform validation; those test vectors must be of the expected format to >> be successfully processed. Often they are not, either because they we incorrectly specified or due to errors. Figuring out such discrepancies can be lots of > > fun (not!). > >> You will want to compare your test vectors with a known good set from http://openssl.com/testing/validation-2.0/testvectors/. Pick a recent set, as the format of the test vectors changes over time. Note that as >> a result frequent adjustment of fipsalgtest.pl is often necessary. > > I have tried with all the tarballs but I am not able to find one which works without errors. You reprocessed all of the hundreds of test vectors? I'm impressed. That must have taken many days of compute time. > > Is there any way to check which test vector were used for FIPS Object Module 2.0.16? > The most recent set of test vectors used for a 2.0.16 OE is: http://openssl.com/testing/validation-2.0/testvectors/OVS_2859_OE82.results.tar.gz You have no way of knowing that because we don't publish a mapping of test vectors to OEs (and most FIPS 140 module vendors don't publish anything at all). And before you ask, no, while we're delighted to be an open source model for other validations I'm not keen on spending time specifically supporting proprietary validations that don't benefit the OpenSSL community as a whole. Please note that if you're trying to do your own "private label" validation you'll have to use a new unique set of test vectors provided by your accredited test lab; reprocessing a previously used set doesn't buy you much. -Steve M. -- Steve Marquess OpenSSL Validation Services, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 301 874 2571 marquess@xxxxxxxxxxx gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
