git.ipfire.org Git - thirdparty/openssl.git/commit

author	Simo Sorce <simo@redhat.com>
	Tue, 9 Dec 2025 19:29:43 +0000 (14:29 -0500)
committer	Dmitry Belyavskiy <beldmit@gmail.com>
	Fri, 13 Feb 2026 09:53:41 +0000 (10:53 +0100)
commit	53fecfc80bfe8fbef5923f4e84255f07695eb92f
tree	94908eefb6e2df633a4aa485cfa41db6700977bc	tree
parent	40240719507cfc09870f0faa28cc6e70084d3ee7	commit \| diff

Refactor FIPS integrity check to use KAT framework

The FIPS module integrity check (HMAC-SHA256) is refactored to use the
generic Known Answer Test (KAT) framework instead of a standalone
function.

- Remove `integrity_self_test` and use `ST_ID_MAC_HMAC` with
`SELF_TEST_kats_single`.
- Add `self_test_mac` to `self_test_kats.c` to support MAC tests.
- Move HMAC test data to `self_test_data.c`.
- Rename the self-test type from "KAT_Integrity" to "KAT_Mac".
- Ensure on-demand tests reset state so they can be repeated.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29222)

doc/man7/OSSL_PROVIDER-FIPS.pod		diff \| blob \| blame \| history
include/internal/fips.h		diff \| blob \| blame \| history
include/openssl/self_test.h		diff \| blob \| blame \| history
providers/fips/self_test.c		diff \| blob \| blame \| history
providers/fips/self_test.h		diff \| blob \| blame \| history
providers/fips/self_test_data.c		diff \| blob \| blame \| history
providers/fips/self_test_kats.c		diff \| blob \| blame \| history