git.ipfire.org Git - thirdparty/openssl.git/commit

author	Simo Sorce <simo@redhat.com>
	Mon, 1 Dec 2025 21:36:40 +0000 (16:36 -0500)
committer	Dmitry Belyavskiy <beldmit@gmail.com>
	Fri, 13 Feb 2026 09:53:50 +0000 (10:53 +0100)
commit	c5f9e88fa6442992722bcae365d730db62d1ec0a
tree	0550a22176abd03f7d791f2e91dd2b6578f6700e	tree
parent	7f788e575aa181eea96d2a14b0f6e94490c1a03b	commit \| diff

Add support for deferred FIPS self-tests

Add a new -defer_tests option to openssl fipsinstall and a corresponding
defer-tests configuration parameter for the FIPS provider.

This allows the execution of self-tests to be postponed until the
first time an algorithm is used, instead of running all tests
during module initialization. This reduces startup time.

Update the self-test framework to handle the new SELF_TEST_STATE_DEFER
state, ensuring deferred tests are skipped at load and run on demand.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29222)

CHANGES.md		diff \| blob \| blame \| history
apps/fipsinstall.c		diff \| blob \| blame \| history
doc/man1/openssl-fipsinstall.pod.in		diff \| blob \| blame \| history
doc/man5/fips_config.pod		diff \| blob \| blame \| history
include/openssl/fips_names.h		diff \| blob \| blame \| history
providers/fips/fipsprov.c		diff \| blob \| blame \| history
providers/fips/include/fips_selftest_params.inc		diff \| blob \| blame \| history
providers/fips/self_test.c		diff \| blob \| blame \| history
providers/fips/self_test.h		diff \| blob \| blame \| history
providers/fips/self_test_kats.c		diff \| blob \| blame \| history
test/recipes/00-prep_fipsmodule_cnf.t	[changed mode: 0644->0755]	diff \| blob \| blame \| history