static int test_rand(void)
{
EVP_RAND_CTX *privctx;
+ const OSSL_PROVIDER *prov;
+ int indicator = 1;
OSSL_PARAM params[2], *p = params;
unsigned char entropy1[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 };
unsigned char entropy2[] = { 0xff, 0xfe, 0xfd };
|| !TEST_int_gt(RAND_priv_bytes(outbuf, sizeof(outbuf)), 0)
|| !TEST_mem_eq(outbuf, sizeof(outbuf), entropy2, sizeof(outbuf)))
return 0;
+
+ /* Verify that the FIPS indicator can be read and is false */
+ prov = EVP_RAND_get0_provider(EVP_RAND_CTX_get0_rand(privctx));
+ if (prov != NULL
+ && strcmp(OSSL_PROVIDER_get0_name(prov), "fips") == 0) {
+ params[0] = OSSL_PARAM_construct_int(OSSL_RAND_PARAM_FIPS_APPROVED_INDICATOR,
+ &indicator);
+ if (!TEST_true(EVP_RAND_CTX_get_params(privctx, params))
+ || !TEST_int_eq(indicator, 0))
+ return 0;
+ }
return 1;
}
int setup_tests(void)
{
- if (!TEST_true(RAND_set_DRBG_type(NULL, "TEST-RAND", NULL, NULL, NULL)))
+ char *configfile;
+
+ if (!TEST_ptr(configfile = test_get_argument(0))
+ || !TEST_true(RAND_set_DRBG_type(NULL, "TEST-RAND", "fips=no",
+ NULL, NULL))
+ || !TEST_true(OSSL_LIB_CTX_load_config(NULL, configfile)))
return 0;
+
ADD_TEST(test_rand);
ADD_TEST(test_rand_uniform);
return 1;
use warnings;
use OpenSSL::Test;
use OpenSSL::Test::Utils;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
-plan tests => 5;
+plan tests => 6;
setup("test_rand");
-ok(run(test(["rand_test"])));
+ok(run(test(["rand_test", srctop_file("test", "default.cnf")])));
+
+SKIP: {
+ skip "Skipping FIPS test in this build", 1 if disabled('fips');
+
+ ok(run(test(["rand_test", srctop_file("test", "fips.cnf")])));
+}
+
ok(run(test(["drbgtest"])));
ok(run(test(["rand_status_test"])));
projects / thirdparty / openssl.git / commitdiff
