You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
91 lines
2.4 KiB
91 lines
2.4 KiB
4 years ago
|
From 5b2ec9a54037d7b007324bf53e067e73511cdfe4 Mon Sep 17 00:00:00 2001
|
||
|
From: Tomas Mraz <tmraz@fedoraproject.org>
|
||
|
Date: Thu, 26 Nov 2020 14:00:16 +0100
|
||
|
Subject: Add FIPS_mode() compatibility macro
|
||
|
|
||
|
The macro calls EVP_default_properties_is_fips_enabled() on the
|
||
|
default context.
|
||
|
---
|
||
|
include/openssl/crypto.h.in | 1 +
|
||
|
include/openssl/fips.h | 25 +++++++++++++++++++++++++
|
||
|
test/property_test.c | 13 +++++++++++++
|
||
|
3 files changed, 39 insertions(+)
|
||
|
create mode 100644 include/openssl/fips.h
|
||
|
|
||
|
diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in
|
||
|
index 1036da9a2b..9d4896fcaf 100644
|
||
|
--- a/include/openssl/crypto.h.in
|
||
|
+++ b/include/openssl/crypto.h.in
|
||
|
@@ -38,6 +38,7 @@ use OpenSSL::stackhash qw(generate_stack_macros);
|
||
|
# include <openssl/types.h>
|
||
|
# include <openssl/opensslconf.h>
|
||
|
# include <openssl/cryptoerr.h>
|
||
|
+# include <openssl/fips.h>
|
||
|
|
||
|
# ifdef CHARSET_EBCDIC
|
||
|
# include <openssl/ebcdic.h>
|
||
|
diff --git a/include/openssl/fips.h b/include/openssl/fips.h
|
||
|
new file mode 100644
|
||
|
index 0000000000..c64f0f8e8f
|
||
|
--- /dev/null
|
||
|
+++ b/include/openssl/fips.h
|
||
|
@@ -0,0 +1,25 @@
|
||
|
+/*
|
||
|
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||
|
+ *
|
||
|
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
|
||
|
+ * this file except in compliance with the License. You can obtain a copy
|
||
|
+ * in the file LICENSE in the source distribution or at
|
||
|
+ * https://www.openssl.org/source/license.html
|
||
|
+ */
|
||
|
+
|
||
|
+#ifndef OPENSSL_FIPS_H
|
||
|
+# define OPENSSL_FIPS_H
|
||
|
+# pragma once
|
||
|
+
|
||
|
+# include <openssl/macros.h>
|
||
|
+
|
||
|
+# ifdef __cplusplus
|
||
|
+extern "C" {
|
||
|
+# endif
|
||
|
+
|
||
|
+# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL)
|
||
|
+
|
||
|
+# ifdef __cplusplus
|
||
|
+}
|
||
|
+# endif
|
||
|
+#endif
|
||
|
diff --git a/test/property_test.c b/test/property_test.c
|
||
|
index ab61d01107..1cedc85f78 100644
|
||
|
--- a/test/property_test.c
|
||
|
+++ b/test/property_test.c
|
||
|
@@ -412,6 +412,18 @@ err:
|
||
|
return ret;
|
||
|
}
|
||
|
|
||
|
+static int test_downstream_FIPS_mode(void)
|
||
|
+{
|
||
|
+ int ret = 0;
|
||
|
+
|
||
|
+ ret = TEST_true(EVP_set_default_properties(NULL, "fips=yes"))
|
||
|
+ && TEST_true(FIPS_mode())
|
||
|
+ && TEST_true(EVP_set_default_properties(NULL, "fips=no"))
|
||
|
+ && TEST_false(FIPS_mode());
|
||
|
+
|
||
|
+ return ret;
|
||
|
+}
|
||
|
+
|
||
|
|
||
|
int setup_tests(void)
|
||
|
{
|
||
|
@@ -424,5 +436,6 @@ int setup_tests(void)
|
||
|
ADD_TEST(test_property);
|
||
|
ADD_TEST(test_query_cache_stochastic);
|
||
|
ADD_TEST(test_fips_mode);
|
||
|
+ ADD_TEST(test_downstream_FIPS_mode);
|
||
|
return 1;
|
||
|
}
|
||
|
--
|
||
|
2.26.2
|
||
|
|