openssl3/contribs10/0008-Add-FIPS_mode-compatibility-macro.patch

From 5b2ec9a54037d7b007324bf53e067e73511cdfe4 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 26 Nov 2020 14:00:16 +0100
Subject: Add FIPS_mode() compatibility macro

The macro calls EVP_default_properties_is_fips_enabled() on the
default context.
---
 include/openssl/crypto.h.in |  1 +
 include/openssl/fips.h      | 25 +++++++++++++++++++++++++
 test/property_test.c        | 13 +++++++++++++
 3 files changed, 39 insertions(+)
 create mode 100644 include/openssl/fips.h

diff --git a/include/openssl/fips.h b/include/openssl/fips.h
new file mode 100644
index 0000000000..c64f0f8e8f
--- /dev/null
+++ b/include/openssl/fips.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_FIPS_H
+# define OPENSSL_FIPS_H
+# pragma once
+
+# include <openssl/evp.h>
+# include <openssl/macros.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL)
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1/test/property_test.c
--- openssl-3.0.0-beta1/test/property_test.c.fips-macro 2021-06-29 12:14:58.851557698 +0200
+++ openssl-3.0.0-beta1/test/property_test.c    2021-06-29 12:17:14.630143832 +0200
@@ -488,6 +488,19 @@ static int test_property_list_to_string(
     return ret;
 }

+#include <openssl/fips.h>
+static int test_downstream_FIPS_mode(void)
+{
+    int ret = 0;
+
+    ret = TEST_true(EVP_set_default_properties(NULL, "fips=yes"))
+          && TEST_true(FIPS_mode())
+          && TEST_true(EVP_set_default_properties(NULL, "fips=no"))
+          && TEST_false(FIPS_mode());
+
+    return ret;
+}
+
 int setup_tests(void)
 {
     ADD_TEST(test_property_string);
@@ -500,6 +512,7 @@ int setup_tests(void)
     ADD_TEST(test_property);
     ADD_TEST(test_query_cache_stochastic);
     ADD_TEST(test_fips_mode);
+    ADD_TEST(test_downstream_FIPS_mode);
     ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests));
     return 1;
 }
1	From 5b2ec9a54037d7b007324bf53e067e73511cdfe4 Mon Sep 17 00:00:00 2001
2	From: Tomas Mraz <tmraz@fedoraproject.org>
3	Date: Thu, 26 Nov 2020 14:00:16 +0100
4	Subject: Add FIPS_mode() compatibility macro
5
6	The macro calls EVP_default_properties_is_fips_enabled() on the
7	default context.
8	---
9	include/openssl/crypto.h.in \| 1 +
10	include/openssl/fips.h \| 25 +++++++++++++++++++++++++
11	test/property_test.c \| 13 +++++++++++++
12	3 files changed, 39 insertions(+)
13	create mode 100644 include/openssl/fips.h
14
15	diff --git a/include/openssl/fips.h b/include/openssl/fips.h
16	new file mode 100644
17	index 0000000000..c64f0f8e8f
18	--- /dev/null
19	+++ b/include/openssl/fips.h
20	@@ -0,0 +1,26 @@
21	+/*
22	+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
23	+ *
24	+ * Licensed under the Apache License 2.0 (the "License"). You may not use
25	+ * this file except in compliance with the License. You can obtain a copy
26	+ * in the file LICENSE in the source distribution or at
27	+ * https://www.openssl.org/source/license.html
28	+ */
29	+
30	+#ifndef OPENSSL_FIPS_H
31	+# define OPENSSL_FIPS_H
32	+# pragma once
33	+
34	+# include <openssl/evp.h>
35	+# include <openssl/macros.h>
36	+
37	+# ifdef __cplusplus
38	+extern "C" {
39	+# endif
40	+
41	+# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL)
42	+
43	+# ifdef __cplusplus
44	+}
45	+# endif
46	+#endif
47	diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1/test/property_test.c
48	--- openssl-3.0.0-beta1/test/property_test.c.fips-macro 2021-06-29 12:14:58.851557698 +0200
49	+++ openssl-3.0.0-beta1/test/property_test.c 2021-06-29 12:17:14.630143832 +0200
50	@@ -488,6 +488,19 @@ static int test_property_list_to_string(
51	return ret;
52	}
53
54	+#include <openssl/fips.h>
55	+static int test_downstream_FIPS_mode(void)
56	+{
57	+ int ret = 0;
58	+
59	+ ret = TEST_true(EVP_set_default_properties(NULL, "fips=yes"))
60	+ && TEST_true(FIPS_mode())
61	+ && TEST_true(EVP_set_default_properties(NULL, "fips=no"))
62	+ && TEST_false(FIPS_mode());
63	+
64	+ return ret;
65	+}
66	+
67	int setup_tests(void)
68	{
69	ADD_TEST(test_property_string);
70	@@ -500,6 +512,7 @@ int setup_tests(void)
71	ADD_TEST(test_property);
72	ADD_TEST(test_query_cache_stochastic);
73	ADD_TEST(test_fips_mode);
74	+ ADD_TEST(test_downstream_FIPS_mode);
75	ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests));
76	return 1;
77	}