Miller, Rob (Omaha) wrote:
Thanks for your answer. I have an additional questions about the FIPS_selftest API call. The user guide states that FIPS_selftest can be called for initiated self tests. What is the reason that the incore fingerprint is not validated again in the FIPS_selftest api?
Well, the self tests and the integrity test are different things. There is a specific requirement that the self tests be invocable by the user, so we implemented that. There is no requirement that the integrity test be repeated, and in fact the way that is usually implemented (digest over the executable file on disk) there wouldn't be much point in repeating it.
Note there is no practical use for the user initiated self tests. I can't conceive of a situation where you would actually want to make that function call independently of the mandatory Power Up Self Test that includes the integrity test and the algorithm self-tests.. The real-world value of the POST itself is debatable, it dates from a time when cryptography was implemented with discrete component electronics.
BTW bad answer to your last question, I meant SHA-2, the here-and-now SHA256/384/512 and not the future SHA-3.
-Steve M. -- Steve Marquess Open Source Software institute marqu...@oss-institute.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
