Test that EVP_default_properties_is_fips_enabled() works early

We check that EVP_default_properties_is_fips_enabled() is working even before other function calls have auto-loaded the config file. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12567)
author: Matt Caswell <matt@openssl.org> 2020-08-05 14:46:48 +0100
committer: Matt Caswell <matt@openssl.org> 2020-08-17 11:27:51 +0100
commit: bfa6aaab45c30ced2da851ee92f8ac5942f08078 (patch)
tree: ffdb18915c6a46038a36918c093aeb4cdf33ab16 /test/fips.cnf
parent: e6c54619d151eeec32055bbd713cda11a9182246 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/test/fips.cnf b/test/fips.cnf
index d6c3c6be14..fa131a8bf6 100644
--- a/test/fips.cnf
+++ b/test/fips.cnf
@@ -4,6 +4,13 @@ openssl_conf = openssl_init
 
 [openssl_init]
 providers = provider_sect
+alg_section = evp_properties
+
+[evp_properties]
+# Ensure FIPS non-approved algorithms in the FIPS module are suppressed (e.g.
+# TEST-RAND). This also means that EVP_default_properties_is_fips_enabled()
+# returns the expected value
+default_properties = "fips=yes"
 
 [provider_sect]
 fips = fips_sect
author	Matt Caswell <matt@openssl.org>	2020-08-05 14:46:48 +0100
committer	Matt Caswell <matt@openssl.org>	2020-08-17 11:27:51 +0100
commit	bfa6aaab45c30ced2da851ee92f8ac5942f08078 (patch)
tree	ffdb18915c6a46038a36918c093aeb4cdf33ab16 /test/fips.cnf
parent	e6c54619d151eeec32055bbd713cda11a9182246 (diff)