2 #include <openssl/evp.h>
3 #include <openssl/provider.h>
8 static int test_is_fips_enabled(void)
10 int is_fips_enabled, is_fips_loaded;
11 EVP_MD *sha256 = NULL;
14 * Check we're in FIPS mode when we're supposed to be. We do this early to
15 * confirm that EVP_default_properties_is_fips_enabled() works even before
16 * other function calls have auto-loaded the config file.
18 is_fips_enabled = EVP_default_properties_is_fips_enabled(NULL);
19 is_fips_loaded = OSSL_PROVIDER_available(NULL, "fips");
22 * Check we're in an expected state. EVP_default_properties_is_fips_enabled
23 * can return true even if the FIPS provider isn't loaded - it is only based
24 * on the default properties. However we only set those properties if also
25 * loading the FIPS provider.
27 if (!TEST_int_eq(is_fips, is_fips_enabled)
28 || !TEST_int_eq(is_fips, is_fips_loaded))
32 * Fetching an algorithm shouldn't change the state and should come from
35 sha256 = EVP_MD_fetch(NULL, "SHA2-256", NULL);
36 if (!TEST_ptr(sha256))
39 && !TEST_str_eq(OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(sha256)),
46 /* State should still be consistent */
47 is_fips_enabled = EVP_default_properties_is_fips_enabled(NULL);
48 if (!TEST_int_eq(is_fips, is_fips_enabled))
58 if (!test_skip_common_options()) {
59 TEST_error("Error parsing test options\n");
63 argc = test_get_argument_count();
69 if (strcmp(test_get_argument(0), "fips") == 0) {
75 TEST_error("Invalid argument\n");
79 /* Must be the first test before any other libcrypto calls are made */
80 ADD_TEST(test_is_fips_enabled);