Tomáš Mráz
Tomáš Mráz
IMO this is too much. I really do not think we want to test all the provider versions ever released. Let's take an example we make some mistake causing regression...
I still see no point in running the tests with the intermediate versions of legacy or even of the fips provider. Although you're right that in most cases the version...
There is one more potential issue with testing the legacy provider that might complicate its testing in these scenarios. The legacy provider calls into libcrypto and is not completely isolated...
> Correct. The in-progress vote only talks about doing it on release. I suspect we may do it a little more frequently than that in practice. I'd say we might...
Running the full set daily would be more than enough.
Still OK
Please look at the apps/fipsinstall.c. The `OSSL_SELF_TEST_set_callback(NULL, self_test_events, NULL);` call along with the self_test_events() callback function provide the self-test result printing.
> Does this mean that the sample application is suppose to explicitly call OSSL_SELF_TEST_set_callback API to know the self test result ? You can find out the result of the...
> Would randomising the extensions prevent fingerprinting? Over multiple connections, it would be easy to detect such permutation and deduce the stack being used (sans all stacks doing it and...
That would really require OMC exception as this is clearly a new feature.