> For an application linked to FIPS capable OpenSSL, > 1) After calls to FIPS_mode_set() and FIPS_mode() both succeed, is it good > practice to call FIPS_selftest()? Or is this redundant call? > > 2) Did come across documentation which only hinted that FIPS_mode_set() calls > FIPS_selftest() internally. Is this correct?
> Regards. Indeed, FIPS_mode_set() calls FIPS_selftest() internally(*), and if the selftest fails, FIPS mode will not be enabled. So there is no need to run the selftest immediately after FIPS_mode_set() again. If your program is a long-running service, it might be a good idea to re-run the selftest on a regular base, but I have no particular recommendations about how often would be reasonable. (*) It is stated explicitly in the manual pages, which are printed in Appendix D.2 of the OpenSSL FIPS 2.0 User Guide: >Appendix D.2 FIPS_mode_set(), FIPS_selftest() > FIPS_mode_set() enables the FIPS mode of operation for applications > that have complied with all the provisions of the OpenSSL FIPS 140-2 Security > Policy. Successful execution of this function call with non-zero ONOFF is the > only way to enable FIPS mode. After verifying the integrity of the executable > object code using the stored digest FIPS_mode_set() performs the power-up > self-test. https://www.openssl.org/docs/fips/UserGuide-2.0.pdf This document is the official documentation and most comprehensive guide for the OpenSSL FIPS 2.0 object module. Anything you need to know you should be able to find in there. Regards, Matthias
