]>
git.ipfire.org Git - thirdparty/openssl.git/blob - test/defltfips_test.c
2 #include <openssl/evp.h>
3 #include <openssl/provider.h>
8 static int test_is_fips_enabled(void)
10 int is_fips_enabled
, is_fips_loaded
;
11 EVP_MD
*sha256
= NULL
;
14 * Check we're in FIPS mode when we're supposed to be. We do this early to
15 * confirm that EVP_default_properties_is_fips_enabled() works even before
16 * other function calls have auto-loaded the config file.
18 is_fips_enabled
= EVP_default_properties_is_fips_enabled(NULL
);
19 is_fips_loaded
= OSSL_PROVIDER_available(NULL
, "fips");
22 * Check we're in an expected state. EVP_default_properties_is_fips_enabled
23 * can return true even if the FIPS provider isn't loaded - it is only based
24 * on the default properties. However we only set those properties if also
25 * loading the FIPS provider.
27 if (!TEST_int_eq(is_fips
, is_fips_enabled
)
28 || !TEST_int_eq(is_fips
, is_fips_loaded
))
32 * Fetching an algorithm shouldn't change the state and should come from
35 sha256
= EVP_MD_fetch(NULL
, "SHA2-256", NULL
);
36 if (!TEST_ptr(sha256
))
39 && !TEST_str_eq(OSSL_PROVIDER_name(EVP_MD_provider(sha256
)), "fips")) {
45 /* State should still be consistent */
46 is_fips_enabled
= EVP_default_properties_is_fips_enabled(NULL
);
47 if (!TEST_int_eq(is_fips
, is_fips_enabled
))
57 if (!test_skip_common_options()) {
58 TEST_error("Error parsing test options\n");
62 argc
= test_get_argument_count();
68 if (strcmp(test_get_argument(0), "fips") == 0) {
74 TEST_error("Invalid argument\n");
78 /* Must be the first test before any other libcrypto calls are made */
79 ADD_TEST(test_is_fips_enabled
);