From 4f2271d58a36b2aee125062ffb9626c6208fa394 Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Wed, 17 Jun 2020 11:33:16 +1000 Subject: Add ACVP fips module tests For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be performed. (See https://github.com/usnistgov/ACVP). These tests are very similiar to the old CAVS tests. This PR uses a hardwired subset of these test vectors to perform similiar operations, to show the usage and prove that the API's are able to perform the required operations. It may also help with communication with the lab (i.e- The lab could add a test here to show a unworking use case - which we can then address). The EVP layer performs these tests instead of calling lower level API's as was done in the old FOM. Some of these tests require access to internals that are not normally allowed/required. The config option 'acvp_tests' (enabled by default) has been added so that this access may be removed. The mechanism has been implemented as additional OSSL_PARAM values that can be set and get. A callback mechanism did not seem to add any additional benefit. These params will not be added to the gettables lists. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11572) --- Configure | 1 + 1 file changed, 1 insertion(+) (limited to 'Configure') diff --git a/Configure b/Configure index 1a22f47822..a0b9c22b6d 100755 --- a/Configure +++ b/Configure @@ -360,6 +360,7 @@ my @dtls = qw(dtls1 dtls1_2); # For developers: keep it sorted alphabetically my @disablables = ( + "acvp_tests", "afalgeng", "aria", "asan", -- cgit v1.2.1