fips: add function to detect if the self tests are running

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26838)

diff --git a/include/internal/fips.h b/include/internal/fips.h
new file mode 100644 (file)
index 0000000..3f70c0d
--- /dev/null
+++ b/include/internal/fips.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_INTERNAL_FIPS_H
+# define OSSL_INTERNAL_FIPS_H
+# pragma once
+
+# ifdef FIPS_MODULE
+
+/* Return 1 if the FIPS self tests are running and 0 otherwise */
+int ossl_fips_self_testing(void);
+
+# endif /* FIPS_MODULE */
+
+#endif

diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
index c966f24b362995e65bed2bdf571592959b2aeffd..5938b55b46e0651b96b6d80fc6d1b4be026b1223 100644 (file)
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
@@ -17,6 +17,7 @@
 #include <openssl/proverr.h>
 #include <openssl/rand.h>
 #include "internal/e_os.h"
+#include "internal/fips.h"
 #include "internal/tsan_assist.h"
 #include "prov/providercommon.h"
 #include "crypto/rand.h"
@@ -301,6 +302,12 @@ static void set_fips_state(int state)
     tsan_store(&FIPS_state, state);
 }
 
+/* Return 1 if the FIPS self tests are running and 0 otherwise */
+int ossl_fips_self_testing(void)
+{
+    return tsan_load(&FIPS_state) == FIPS_STATE_SELFTEST;
+}
+
 /* This API is triggered either on loading of the FIPS module or on demand */
 int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
 {