]>
git.ipfire.org Git - thirdparty/openssl.git/blob - test/defltfips_test.c
2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include <openssl/evp.h>
12 #include <openssl/provider.h>
18 static int test_is_fips_enabled(void)
20 int is_fips_enabled
, is_fips_loaded
;
21 EVP_MD
*sha256
= NULL
;
24 * Check we're in FIPS mode when we're supposed to be. We do this early to
25 * confirm that EVP_default_properties_is_fips_enabled() works even before
26 * other function calls have auto-loaded the config file.
28 is_fips_enabled
= EVP_default_properties_is_fips_enabled(NULL
);
29 is_fips_loaded
= OSSL_PROVIDER_available(NULL
, "fips");
32 * Check we're in an expected state. EVP_default_properties_is_fips_enabled
33 * can return true even if the FIPS provider isn't loaded - it is only based
34 * on the default properties. However we only set those properties if also
35 * loading the FIPS provider.
37 if (!TEST_int_eq(is_fips
|| bad_fips
, is_fips_enabled
)
38 || !TEST_int_eq(is_fips
&& !bad_fips
, is_fips_loaded
))
42 * Fetching an algorithm shouldn't change the state and should come from
45 sha256
= EVP_MD_fetch(NULL
, "SHA2-256", NULL
);
47 if (!TEST_ptr_null(sha256
)) {
52 if (!TEST_ptr(sha256
))
55 && !TEST_str_eq(OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(sha256
)),
63 /* State should still be consistent */
64 is_fips_enabled
= EVP_default_properties_is_fips_enabled(NULL
);
65 if (!TEST_int_eq(is_fips
|| bad_fips
, is_fips_enabled
))
76 if (!test_skip_common_options()) {
77 TEST_error("Error parsing test options\n");
81 argc
= test_get_argument_count();
88 arg1
= test_get_argument(0);
89 if (strcmp(arg1
, "fips") == 0) {
93 } else if (strcmp(arg1
, "badfips") == 0) {
94 /* Configured for FIPS, but the module fails to load */
101 TEST_error("Invalid argument\n");
105 /* Must be the first test before any other libcrypto calls are made */
106 ADD_TEST(test_is_fips_enabled
);