From bfa6aaab45c30ced2da851ee92f8ac5942f08078 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 5 Aug 2020 14:46:48 +0100
Subject: Test that EVP_default_properties_is_fips_enabled() works early

We check that EVP_default_properties_is_fips_enabled() is working even
before other function calls have auto-loaded the config file.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12567)
---
 test/fips.cnf | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'test/fips.cnf')

diff --git a/test/fips.cnf b/test/fips.cnf
index d6c3c6be14..fa131a8bf6 100644
--- a/test/fips.cnf
+++ b/test/fips.cnf
@@ -4,6 +4,13 @@ openssl_conf = openssl_init
 
 [openssl_init]
 providers = provider_sect
+alg_section = evp_properties
+
+[evp_properties]
+# Ensure FIPS non-approved algorithms in the FIPS module are suppressed (e.g.
+# TEST-RAND). This also means that EVP_default_properties_is_fips_enabled()
+# returns the expected value
+default_properties = "fips=yes"
 
 [provider_sect]
 fips = fips_sect
-- 
cgit v1.2.3