To disable FIPS mode:
Step
1.
Enter system view.
2.
Disable FIPS mode.
FIPS self-tests
To ensure the correct operation of cryptography modules, FIPS provides self-test mechanisms,
including power-up self-test and conditional self-test. You can also trigger a self-test. If the power-up
self-test fails, the card where the self-test process exists reboots. If the conditional self-test fails, the
system outputs self-test failure information.
NOTE:
If a self-test fails, contact Hewlett Packard Enterprise Support.
Power-up self-tests
The power-up self-test, also called known-answer test, examines the availability of FIPS-allowed
cryptographic algorithms. A cryptographic algorithm is run on data for which the correct output is
already known. The calculated output is compared with the known answer. If they are not identical,
the known-answer test fails.
The power-up self-test examines the cryptographic algorithms listed in
Table 14 Power-up self-test list
Type
Cryptographic algorithm
self-test
Cryptographic engine self-test
Command
system-view
undo fips mode enable
Operations
Tests the following algorithms:
•
DSA (signature and authentication).
•
RSA (signature and authentication).
•
RSA (encryption and decryption).
•
AES.
•
3DES.
•
SHA1.
•
HMAC-SHA1.
•
Random number generator algorithms.
Tests the following algorithms used by cryptographic engines:
•
DSA (signature and authentication).
•
RSA (signature and authentication).
•
RSA (encryption and decryption).
•
AES.
•
3DES.
•
SHA1.
•
HMAC-SHA1.
•
Random number generator algorithms.
561
Remarks
N/A
By default, the FIPS mode is
disabled.
Table
14.