I've been doing some testing with the latest 2.0 FIPS Object Module I downloaded and 1.0.1e OpenSSL and have a question.
I was wondering what the Software Integrity self-test is designed to accomplish? It seems like it's to ensure the source code or build hasn't been tampered with. Out of curiosity, I added a comment line in the file ...\fips\fips.c in the FIPS module. Also, because I wasn't sure if the integrity check also validated the OpenSSL library, I added a comment line to the file ...\crypto\evp\evp_enc.c. I then rebuilt the FIPS Object Module, and the FIPS Capable OpenSSL according to the User Guide directions. All of the steps seemed to work. I then started my application, calling FIPS_mode_set(), expecting a failure because of the modifications to the source code files and resulting libraries I had rebuilt. However, the call returned success. Does this make sense to anyone? Am I misinterpreting what the Software Integrity self-test is supposed to do? Thanks in advance.