Certifiable Deferred Execution of FIPS Conditional Self-Tests (S13c)
FIPS 140 conditional self-tests, can introduce significant performance bottlenecks at module startup. This talk analyzes the technical requirements for implementing the deferred execution of these tests in a certifiable manner. This approach allows a module to become operational quickly while guaranteeing that tests are always run before the first use of any cryptographic service. The speakers will explore the critical design challenges inherent in this model, including:
– Ensuring thread-safety and correct locking semantics.
– Managing test dependencies and test equivalency.
– Implementing robust status representation and error handling for services “pending test.”
This discussion is grounded in the practical experience of implementing this deferred approach in the OpenSSL FIPS provider. the speakers will demonstrate how this method not only mitigates the startup performance impact but also creates opportunities for enhanced test coverage and provides a standards-compliant foundation for periodic testing.