Brocade Communications Systems NetIron MLXe Series Hardware Installation Manual page 244

DRBG Health Test on IPsec LP
The implementation of this feature (e.g., prediction resistance, personalization string, additional input) are as follows:
• Prediction Resistance is not TRUE.
• Personalization String Length = 0
• Additional Input Length = 0
NOTE
The DRBG mechanism functions are not distributed. CTR_DRBG is not used. The code used to perform the DRBG Health Test
on IPSec line card is from OpenSSL FIPS2.05.
Example CLI
DRBG functions can be tested on a demand basis, using CLI commands, by independent requests as shown in the following CLI
example.
fips crypto drbg
LP-1#fips crypto drbg
Initializing Hash based sha-256 drng
Instantiating drbg
Running self tests on drbg
DRBG SHA256 test started
DRBG SHA256 test OK
FIPS CRYPTO: DRBG test PASSED
LP-1#fips crypto force-failure drbg
LP-1#fips crypto drbg
Initializing Hash based sha-256 drng
Instantiating drbg
Running self tests on drbg
DRBG SHA256 test failure induced
DRBG SHA256 test failed as expected
FIPS CRYPTO: DRBG test failed as expected
Aug 20 13:36:15:C:System: Module in slot 1 is rebooted due to FIPS DRBG KAT failure
Aug 20 13:36:15:N:Module 1 is reset by mgmt (reason: FIPS KAT failure)
Module is dow
NetIron XMR/MLX Boot Monitor Version 5.9.0
Enter 'b' to stop at boot monitor
sent IPC_MSGTYPE_REBOOT to slot 16 (my_slot = 0, ipc_post_rx32_mode = 0)
received IPC_MSGTYPE_REBOOT_ACK from fid d020
get_module_type: board_class = 244
244
Brocade NetIron MLXe Series Hardware Installation Guide
53-1004203-04