On 02/19/2013 01:25 PM, Rickard Binnare wrote: > Hi! > > Regarding the FIPS_selftest method. I am a little bit confused regarding > this method, according to the documentation UserGuide-2.0.pdf section > 2.6.1 it should be possible to call this method. The UserGuide clearly > states “/A power-up self-test is performed automatically by the > FIPS_mode_set() call, or optionally at any time by the FIPS_selftest()”/ > > However linking dynamically to libeay on Windows FIPS_selftest will > always fail. I can see how it would be possible to run this method if > static linking were utilized. > > This could easily be fixed, so is this by design or am I missing something? > > Should FIPS_selftest not be called when using dynamic linking? Is the > UserGuide wrong?
FIPS_selftest() is called from FIPS_mode_set() (which is actually a wrapper in the "FIPS capable" OpenSSL for FIPS_module_mode_set() which calls FIPS_selftest()). So FIPS_mode_set() cannot succeed if FIPS_selftest() fails, for static or dynamic linking. BTW note that FIPS_selftest() has no practical value; it was defined as an external function call only because such a function is mandated by FIPS 140-2. I can't think of any real-world circumstance in which calling that function would make sense. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
