From 562fcd3916688041a05eff732fd3833eed3f41c3 Mon Sep 17 00:00:00 2001
From: Hayden Roche <hayden@wolfssl.com>
Date: Wed, 9 Feb 2022 13:33:31 -0800
Subject: [PATCH] Implement FIPS_mode and FIPS_mode_set in the compat layer.

---
 src/ssl.c   | 29 +++++++++++++++++------------
 tests/api.c | 18 ++++++++++++++++++
 2 files changed, 35 insertions(+), 12 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index a2fcbecd8..8f241b01b 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -48636,26 +48636,31 @@ void wolfSSL_ERR_load_crypto_strings(void)
     return;
 }
 
-#ifndef NO_WOLFSSL_STUB
 int wolfSSL_FIPS_mode(void)
 {
-    WOLFSSL_ENTER("wolfSSL_FIPS_mode");
-    WOLFSSL_STUB("FIPS_mode");
-
-    return WOLFSSL_FAILURE;
-}
+#ifdef HAVE_FIPS
+    return 1;
+#else
+    return 0;
 #endif
+}
 
-#ifndef NO_WOLFSSL_STUB
 int wolfSSL_FIPS_mode_set(int r)
 {
-    (void)r;
-    WOLFSSL_ENTER("wolfSSL_FIPS_mode_set");
-    WOLFSSL_STUB("FIPS_mode_set");
-
+#ifdef HAVE_FIPS
+    if (r == 0) {
+        WOLFSSL_MSG("Cannot disable FIPS at runtime.");
+        return WOLFSSL_FAILURE;
+    }
+    return WOLFSSL_SUCCESS;
+#else
+    if (r == 0) {
+        return WOLFSSL_SUCCESS;
+    }
+    WOLFSSL_MSG("Cannot enable FIPS. This isn't the wolfSSL FIPS code.");
     return WOLFSSL_FAILURE;
-}
 #endif
+}
 
 int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits)
 {
diff --git a/tests/api.c b/tests/api.c
index 140e16f4a..f4facf41a 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -52071,7 +52071,24 @@ static void test_openssl_FIPS_drbg(void)
 #endif
 }
 
+static void test_wolfSSL_FIPS_mode(void)
+{
+#if defined(OPENSSL_ALL)
+    printf(testingFmt, "test_wolfSSL_FIPS_mode()");
 
+#ifdef HAVE_FIPS
+    AssertIntEQ(wolfSSL_FIPS_mode(), 1);
+    AssertIntEQ(wolfSSL_FIPS_mode_set(0), WOLFSSL_FAILURE);
+    AssertIntEQ(wolfSSL_FIPS_mode_set(1), WOLFSSL_SUCCESS);
+#else
+    AssertIntEQ(wolfSSL_FIPS_mode(), 0);
+    AssertIntEQ(wolfSSL_FIPS_mode_set(0), WOLFSSL_SUCCESS);
+    AssertIntEQ(wolfSSL_FIPS_mode_set(1), WOLFSSL_FAILURE);
+#endif
+
+    printf(resultFmt, passed);
+#endif
+}
 
 /*----------------------------------------------------------------------------*
  | Main
@@ -52933,6 +52950,7 @@ void ApiTest(void)
     test_openssl_FIPS_drbg();
     test_wc_CryptoCb();
     test_wolfSSL_CTX_StaticMemory();
+    test_wolfSSL_FIPS_mode();
 
     AssertIntEQ(test_ForceZero(), 0);