2 #include <openssl/evp.h>
3 #include <openssl/provider.h>
9 static int test_is_fips_enabled(void)
11 int is_fips_enabled, is_fips_loaded;
12 EVP_MD *sha256 = NULL;
15 * Check we're in FIPS mode when we're supposed to be. We do this early to
16 * confirm that EVP_default_properties_is_fips_enabled() works even before
17 * other function calls have auto-loaded the config file.
19 is_fips_enabled = EVP_default_properties_is_fips_enabled(NULL);
20 is_fips_loaded = OSSL_PROVIDER_available(NULL, "fips");
23 * Check we're in an expected state. EVP_default_properties_is_fips_enabled
24 * can return true even if the FIPS provider isn't loaded - it is only based
25 * on the default properties. However we only set those properties if also
26 * loading the FIPS provider.
28 if (!TEST_int_eq(is_fips || bad_fips, is_fips_enabled)
29 || !TEST_int_eq(is_fips && !bad_fips, is_fips_loaded))
33 * Fetching an algorithm shouldn't change the state and should come from
36 sha256 = EVP_MD_fetch(NULL, "SHA2-256", NULL);
38 if (!TEST_ptr_null(sha256)) {
43 if (!TEST_ptr(sha256))
46 && !TEST_str_eq(OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(sha256)),
54 /* State should still be consistent */
55 is_fips_enabled = EVP_default_properties_is_fips_enabled(NULL);
56 if (!TEST_int_eq(is_fips || bad_fips, is_fips_enabled))
67 if (!test_skip_common_options()) {
68 TEST_error("Error parsing test options\n");
72 argc = test_get_argument_count();
79 arg1 = test_get_argument(0);
80 if (strcmp(arg1, "fips") == 0) {
84 } else if (strcmp(arg1, "badfips") == 0) {
85 /* Configured for FIPS, but the module fails to load */
92 TEST_error("Invalid argument\n");
96 /* Must be the first test before any other libcrypto calls are made */
97 ADD_TEST(test_is_fips_enabled);