Miller, Rob (Omaha) wrote:
Hi,
My question is regarding the library in FIPS mode and the
FIPS_selftest function.
The current FIPS_selftest routine in 0.9.8k calls sha1, hmac, aes,
des, rsa, and dsa selftests. It doesn’t call any sha256, 512 KAT
selftests and I didn’t find these routines in the source. In FIPS mode
I’m allowed to use EVP_DigestInit( &ctx, EVP_sha256() ); successfully.
Why is the sha hash algorithms not tested when FIPS_selftest is called?
Because a separate test for the SHA-3 algorithms was not a requirement
for the SHS (SHA) Known Answer Test at the time of submission, and we
have no incentive to perform non-mandated self tests. Note that the POST
(power up self test, which includes the KATs) is a significant
performance hit on less capable systems (taking upward of four *minutes*
for one ARM system I was looking at recently).
Note the SHA-3 algorithms were tested in the CAVP certificate (#723) and
in fips_test_suite.
If you're looking at a "private label" validation based on the
openssl-fips-1.2 validation you'll see that some of the requirements
have since changed -- the rules change constantly. As of the end of 2010
the current v1.2 code will need very substantial modification for new
validations.
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org