Sometimes FIPS TLS Error Message

All other questions regarding DCMTK

Moderator: Moderator Team

Post Reply
Message
Author
pospione
Posts: 1
Joined: Thu, 2020-09-10, 06:33

Sometimes FIPS TLS Error Message

#1 Post by pospione » Thu, 2020-09-10, 08:19

Dear All,

I'm using DCMTK version 3.6.2 with OpenSSL 1.0.2m associated with FIPS 2.0.16 to implement DICOM TLS SCU application.
Once I run this application, it keeps running and receives messages and transmit images.
A lot of images are transmitted a day and association is made several times.

When this application is run, it executes FIPS_Set_mode(1) at the first part of codes to set the FIPS mode.
Thereafter, association and transmission will operate in TLS FIPS mode.

However, it works well in TLS FIPS mode for a while, but suddenly the following error message appears sometimes and all other executions fail.
0006:031e DUL secure transport layer: drbg stuck
0006:031e DUL secure transport layer: fips selftest failed

In this case, I must close the program and run it again.

I would like to know why these error occurs in the middle of running.
Also, I wonder if there is a way to overcome this symptom without running the program again, or if there is a way to recover it to work again.

Thank you.

Marco Eichelberg
OFFIS DICOM Team
OFFIS DICOM Team
Posts: 1258
Joined: Tue, 2004-11-02, 17:22
Location: Oldenburg, Germany
Contact:

Re: Sometimes FIPS TLS Error Message

#2 Post by Marco Eichelberg » Tue, 2020-09-15, 08:44

The error messages "drbg stuck" and "fips selftest failed" (which are generated by OpenSSL and only printed by DCMTK) seem to indicate that there is a problem with your FIPS module. DRBG is the Deterministic Random Bit Generator, and if that does not respond, then the self-test of the FIPS module will fail. We (as the DCMTK team) don't have any FIPS module available and DCMTK does not contain any FIPS specific code, or call any FIPS function, so I am fairly certain that the problem is somewhere between OpenSSL and the FIPS module.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest