Re: [PATCH] lib/crypto: Add FIPS pre-operational self-test for SHA algorithms

Next message: Dmitry Safonov via B4 Relay: "[PATCH v2] gen_init_cpio: Ignore fsync() returning EINVAL on pipes"
Previous message: Drew Fustini: "Re: [PATCH v2 6/8] riscv: dts: Add Tenstorrent Blackhole SoC PCIe cards"
In reply to: Eric Biggers: "Re: [PATCH] lib/crypto: Add FIPS pre-operational self-test for SHA algorithms"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Joachim Vandersmissen

Date: Mon Oct 06 2025 - 23:42:45 EST

Hi Eric,

FIPS 140-3 always classifies Cryptographic Algorithm Self-Tests (CASTs) as conditional, even if they are executed on start-up. The condition would then be "start-up" or "initialization" or something similar. IG 10.3.A explains it relatively well in the background section. For example, the Security Policy for https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5036 shows the CASTs in Table 21.

In any case the name doesn't matter too much, even if you keep it the way it is, it wouldn't really impact a validation.

Kind regards,
Joachim

On 10/6/25 10:27 PM, Eric Biggers wrote:

On Mon, Oct 06, 2025 at 10:03:44PM -0500, Joachim Vandersmissen wrote:

Hi Eric,

It's a very minor change but I suggest not using "pre-operational
self-test". That term specifically refers to a different type of self-test
in FIPS 140-3 and it could lead to some confusion here. "cryptographic
algorithm self-test" may be better (if you want to be formal), or just
"self-test" or "known-answer test".

I don't think that's quite correct. FIPS 140-3 divides self-tests into
two categories, pre-operational (executed unconditionally at start-up
time) and conditional (executed only when conditions are met, such as an
algorithm being used for the first time). This patch chooses the first
option, pre-operational.

We could just call them algorithm self-tests if we don't want to be
specific as to what time they run at, though.

- Eric