Thanks for your answer. I have an additional questions about the FIPS_selftest API call. The user guide states that FIPS_selftest can be called for initiated self tests. What is the reason that the incore fingerprint is not validated again in the FIPS_selftest api?
Thanks, Rob -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Dr. Stephen Henson Sent: Tuesday, October 27, 2009 12:18 PM To: [email protected] Subject: Re: sha256 in FIPS mode. On Tue, Oct 27, 2009, Miller, Rob (Omaha) wrote: > Hi, My question is regarding the library in FIPS mode and the FIPS_selftest > function. The current FIPS_selftest routine in 0.9.8k calls sha1, hmac, > aes, des, rsa, and dsa selftests. It doesn't call any sha256, 512 KAT > selftests and I didn't find these routines in the source. In FIPS mode I'm > allowed to use EVP_DigestInit( &ctx, EVP_sha256() ); successfully. > > Why is the sha hash algorithms not tested when FIPS_selftest is called? > The HMAC algorithm is tested using all sha* algorithms including sha256. HMAC KAT tests test the associate digest algorithm as well as the HMAC operation. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
