eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-15 04:40:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

tests: use utility to detect FIPS mode

Browse Source 
Also try to use crypto lib/kernel check where appropriate.

This can be useful for local testing (non-FIPS kernel) byt
should not break real FIPS systems.
This commit is contained in:
Milan Broz
2025-11-13 22:06:52 +01:00
parent e4c498d15b
commit 11a4fc6790
12 changed files with 25 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tests/api-test.c
View File

@@ -64,6 +64,7 @@
#define LUKS_PHDR_SIZE_B 1024
static int _fips_mode = 0;
static int _fips_mode_kernel = 0;
static char *DEVICE_1 = NULL;
static char *DEVICE_2 = NULL;
@@ -293,8 +294,9 @@ static int _setup(void)
return 1;
_fips_mode = fips_mode();
_fips_mode_kernel = fips_mode_kernel();
if (_debug)
printf("FIPS MODE: %d\n", _fips_mode);
printf("FIPS MODE: LIB %d, KERNEL %d\n", _fips_mode, _fips_mode_kernel);
/* Use default log callback */
crypt_set_log_callback(NULL, &global_log_callback, NULL);
@@ -1833,7 +1835,7 @@ static void TcryptTest(void)
CRYPT_FREE(cd);
// Following test uses non-FIPS algorithms in the cipher chain
if(_fips_mode)
if(_fips_mode || _fips_mode_kernel)
return;
OK_(crypt_init(&cd, tcrypt_dev2));