FIPS self-test refactoring
OpenSSL 3.5 brings post-quantum algorithms in FIPS provider.
Unfortunately, it means significant slow-down of FIPS startup (especially because of SLH-DSA variants).
The way forward we see is refactoring of FIPS POST so the algorithms would be tested on demand (on fetch). I would like to get feedback from the distro and large business communities and put it to the TAC agenda
Dmitry Belyavsky Mon 13 Oct 2025 1:12PM
@Lucas Mülling https://github.com/openssl/openssl/pull/28725 is the proposed implementation
Angel Yankov Fri 24 Oct 2025 7:30AM
Do you want to do this also for the classical algos?
Lucas Mülling · Mon 13 Oct 2025 12:24PM
Agreed, could you clarify if this change is to test only the algorithms what where used in a certain context?