Add a new test recipe to verify the generated test fipsmodule.cnf

Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14320)
2025-05-06 22:49:40 +00:00 · 2021-02-26 10:46:27 +01:00 · 2021-02-26 10:46:27 +01:00 · 33ac7b324b
commit 33ac7b324b
parent c9b0214ede
1 changed files with 37 additions and 0 deletions
--- a/test/recipes/01-test_fipsmodule_cnf.t
+++ b/test/recipes/01-test_fipsmodule_cnf.t
@ -0,0 +1,37 @@
+#! /usr/bin/env perl
+# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# This is a sanity checker to see that the fipsmodule.cnf that's been
+# generated for testing is valid.
+
+use strict;
+use warnings;
+
+use OpenSSL::Test qw/:DEFAULT srctop_dir bldtop_dir bldtop_file srctop_file data_file/;
+use OpenSSL::Test::Utils;
+
+BEGIN {
+    setup("test_fipsmodule");
+}
+
+use lib srctop_dir('Configurations');
+use lib bldtop_dir('.');
+use platform;
+
+my $no_check = disabled("fips");
+plan skip_all => "Test only supported in a fips build"
+    if $no_check;
+plan tests => 1;
+
+my $fipsmodule = bldtop_file('providers', platform->dso('fips'));
+my $fipsmoduleconf = bldtop_file('providers', 'fipsmodule.cnf');
+
+# verify the $fipsconf file
+ok(run(app(['openssl', 'fipsinstall',
+            '-in',  $fipsmoduleconf, '-module', $fipsmodule, '-verify'])),
+   "fipsinstall verify");