This is a FIPS 140-2 requirement. The FIPS_mode_set(1) in init_fips_mode() called from OPENSSL_init_library is to satisfy the FIPS 140-2, Section 4.9 requirement that power-up selftest be run when the module is powered-up. This must be done regardless of whether the module is to be run in FIPS mode or not. Reading /proc entry only indicates whether to run the module in FIPS mode.
Note: The FIPS code in openssl in Xenial is a work-in-progress and is not complete. All effort is made to optimize the power-up selftest as mush as possible. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1591797 Title: Only run FIPS self tests when FIPS is enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1591797/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
