1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
#include <openssl/crypto.h>
#include <openssl/opensslv.h>
#include <stdio.h>
#include <stdlib.h>
#include <openssl/opensslconf.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif /* OPENSSL_FIPS */
#include "ica_api.h"
#include "testcase.h"
#define FIPS_FLAG "/proc/sys/crypto/fips_enabled"
int
main(void)
{
FILE *fd;
int fips, rv;
char fips_flag;
printf("Kernel FIPS flag (%s) is ", FIPS_FLAG);
if ((fd = fopen(FIPS_FLAG, "r")) != NULL) {
if (fread(&fips_flag, sizeof(fips_flag), 1, fd) == 1) {
fips_flag -= '0';
printf("%d.", fips_flag);
} else {
printf("not readable.");
}
fclose(fd);
}
else {
fips_flag = 0;
printf("not present.");
}
printf("\nKernel %s in FIPS mode.\n", fips_flag ?
"runs" : "doesn't run");
printf("Libica has ");
#ifdef ICA_FIPS
fips = ica_fips_status();
#else
fips = 0;
printf("no ");
#endif /* ICA_FIPS */
printf("built-in FIPS support.\nLibica %s in FIPS mode.\n",
fips & ICA_FIPS_MODE ? "runs" : "doesn't run");
rv = EXIT_SUCCESS;
#ifdef ICA_FIPS
if ((fips & ICA_FIPS_MODE) != fips_flag) {
printf("This shouldn't happen.\n");
rv = EXIT_FAILURE;
}
if (fips & ICA_FIPS_CRYPTOALG) {
printf("Libica FIPS powerup test failed.\n");
rv = EXIT_FAILURE;
}
if (fips & ICA_FIPS_INTEGRITY) {
printf("Libica FIPS integrity check failed.\n");
rv = EXIT_FAILURE;
}
#endif /* ICA_FIPS */
printf("OpenSSL version is '%s'.\n", OPENSSL_VERSION_TEXT);
printf("OpenSSL %s in FIPS mode.\n\n", fips ?
"runs" : "doesn't run");
if (rv)
return TEST_FAIL;
return TEST_SUCC;
}
|
