git.ipfire.org Git - thirdparty/openssl.git/commit

author	Simo Sorce <simo@redhat.com>
	Tue, 30 Sep 2025 20:12:03 +0000 (16:12 -0400)
committer	Dmitry Belyavskiy <beldmit@gmail.com>
	Sat, 25 Oct 2025 08:45:21 +0000 (10:45 +0200)
commit	eb58322dc9d0013bffc662ab0360c6184abc8319
tree	270a88bd57153b4bdd930b0c6a81602c2482cd4e	tree \| snapshot
parent	e9e643bc580e4ba0c6f8f9b4dd2ce59397b1b786	commit \| diff

Allow running individual FIPS self-tests

This introduces a new function, `SELF_TEST_kats_single()`, to the FIPS
provider. This allows for deferring running the Known Answer Tests (KATs)
for a specific algorithm. This is useful to avoid running
computationally costly tests upfront and instead run them only if the
algorithm is actually going to be used.

To support this, a `deferred` flag has been added to the test data
structures. The main self-test function, `SELF_TEST_kats()`, is updated to
skip tests marked for deferred execution, preserving its existing startup
behavior for all other tests.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28725)

include/internal/fips.h		diff \| blob \| blame \| history
include/internal/threads_common.h		diff \| blob \| blame \| history
providers/fips/fipsprov.c		diff \| blob \| blame \| history
providers/fips/self_test.h		diff \| blob \| blame \| history
providers/fips/self_test_data.inc		diff \| blob \| blame \| history
providers/fips/self_test_kats.c		diff \| blob \| blame \| history