FIPS POST induced failure in OpenSSL3.0.0 for FIPS 140-2 compliance

Matt Caswell matt at
Fri Oct 29 15:57:01 UTC 2021

On 29/10/2021 16:40, Cristian Andrei Sandu wrote:
> Hi all,
> I’m currently updating an application from OpenSSL 1.0.2d to OpenSSL 
> 3.0.0 in preparation for a FIPS 140-2 submission and I’m not sure how to 
> approach the issue of induced failures for the power on self tests.
> In OpenSSL 1.0.2d we used to use |FIPS_post_set_callback()||||for this 
> purpose, by setting a callback that would trigger a failure of a 
> specific test.|
> ||
> The OpensSSL 3.0.0 design states that “/Any special case code needed to 
> return intermediate values (say for CAVS key generation), to display 
> info (self test states), or change the normal flow of FIPS module code 
> (e.g - self test failure or failing a keygen loop that supplies fixed 
> rand values) will be controlled by *embedding callbacks into the FIPS 
> module code*.”/
> Could you give me some pointers on what would be the best approach for 
> this in OpenSSL 3.0.0?  Am I supposed to use the OSSL_SELF_TEST_* APIs 
> to replace the fips_self_test() callback inside the FIPS module or do I 
> somehow need to patch the FIPS provider with new functionality? Any help 
> would be greatly appreciated.

See the OSSL_PROVIDER-FIPS man page here:

In particular see the section "SELF TESTING".

See also the man page for OSSL_SELF_TEST_set_callback here:

The information on self testing for provider authors may also be useful:

Basically you have to provide a callback which will get invoked during 
the self test. The return value from that callback can induce failures. 
There's an example callback on the OSSL_PROVIDER-FIPS man page I linked 
above which shows how to induce a corruption in the SHA1 testing.


More information about the openssl-users mailing list