On 05/24/2011 07:00 PM, vidyasagar Ravipati wrote:
> Hi, I am compiling and running open ssl fips compliant version and
> trying to run the power on self tests during boot up time as part of
> FIPS requirements. I have observed invokation of zeroization function
> as well as output displayed as part of this function. Here are
> questions a) What is the intent of this zeroization function (it is
> not related to zeroization operation of FIPS) b) This function is not
> testing any algorithm, is it satisfying any other requirements c)
> Theoretically , output should not be displayed regarding the buffers
> during Power on self tests, why are the buffer(s) outputed during
> this zeroization operation. Any comments and relevance for FIPS
> 140-2.
>
> Any comments or inputs regarding this is really appreciated.
> File:fips_test_suite.c Function name: /* Zeroization */ printf("9.
> Zero-ization...\n"); Zeroize();The fips_test_suite utility was created for, and is only intended for use by, the CMVP accredited test labs in the course of FIPS 140-2 validation testing. It doesn't really do anything useful and is worthless for any real world purpose -- it's a sorry little "red headed stepchild" (I can say that because I wrote the original version). Note the current version is an accretion of all the odds things we were asked to include at various point in time, and it doesn't necessarily have any relevance for any future validations. The "zeroization" demonstration in particular arose from a request long ago that seemed silly even at the time; the specifics are no longer relevant. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877-673-6775 marqu...@opensslfoundation.com
