> For an application linked to FIPS capable OpenSSL,
> 1) After calls to FIPS_mode_set() and FIPS_mode() both succeed, is it good practice to call FIPS_selftest()? Or is this redundant call?
> 2) Did come across documentation which only hinted that FIPS_mode_set() calls FIPS_selftest() internally. Is this correct?
Indeed, FIPS_mode_set() calls FIPS_selftest() internally(*), and if the selftest fails, FIPS mode will not be enabled. So there is no
need to run the selftest immediately after FIPS_mode_set() again. If your program is a long-running service, it might be a good idea
to re-run the selftest on a regular base, but I have no particular recommendations about how often would be reasonable.
(*) It is stated explicitly in the manual pages, which are printed in Appendix D.2 of the OpenSSL FIPS 2.0 User Guide:
>Appendix D.2 FIPS_mode_set(), FIPS_selftest()
> FIPS_mode_set() enables the FIPS mode of operation for applications
> that have complied with all the provisions of the OpenSSL FIPS 140-2 Security
> Policy. Successful execution of this function call with non-zero ONOFF is the
> only way to enable FIPS mode. After verifying the integrity of the executable
> object code using the stored digest FIPS_mode_set() performs the power-up self-test.