s2n_is_fips

aws · Mar 11, 2024 · d3c88a7 · d3c88a7
1 parent 33b38be
commit d3c88a7
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 20 deletions.
diff --git a/api/s2n.h b/api/s2n.h
@@ -252,10 +252,10 @@ S2N_API extern int s2n_cleanup(void);
  * requirements. Applications desiring FIPS compliance should use this API to ensure that s2n-tls
  * has been properly linked with a FIPS libcrypto and has successfully entered FIPS mode.
  *
- * @param fips_mode Set to true if s2n-tls is in FIPS mode, set to false otherwise.
+ * @param fips Set to true if s2n-tls is in FIPS mode, set to false otherwise.
  * @returns S2N_SUCCESS on success. S2N_FAILURE on failure.
  */
-S2N_API extern int s2n_get_fips_mode(bool *fips_mode);
+S2N_API extern int s2n_is_fips(bool *fips);
 
 /**
  * Creates a new s2n_config object. This object can (and should) be associated with many connection

diff --git a/crypto/s2n_fips.c b/crypto/s2n_fips.c
@@ -64,14 +64,14 @@ int s2n_is_in_fips_mode(void)
     return s2n_fips_mode;
 }
 
-int s2n_get_fips_mode(bool *fips_mode)
+int s2n_is_fips(bool *fips)
 {
-    POSIX_ENSURE_REF(fips_mode);
-    *fips_mode = false;
+    POSIX_ENSURE_REF(fips);
+    *fips = false;
     POSIX_ENSURE(s2n_is_initialized(), S2N_ERR_NOT_INITIALIZED);
 
     if (s2n_is_in_fips_mode()) {
-        *fips_mode = true;
+        *fips = true;
     }
 
     return S2N_SUCCESS;

diff --git a/tests/unit/s2n_build_test.c b/tests/unit/s2n_build_test.c
@@ -86,13 +86,13 @@ int main()
 
     /* Ensure that FIPS mode is enabled when linked to AWS-LC-FIPS, and disabled when linked to AWS-LC */
     if (strstr(s2n_libcrypto, "awslc") != NULL) {
-        bool fips_mode = false;
-        EXPECT_SUCCESS(s2n_get_fips_mode(&fips_mode));
+        bool fips = false;
+        EXPECT_SUCCESS(s2n_is_fips(&fips));
 
         if (strstr(s2n_libcrypto, "fips") != NULL) {
-            EXPECT_TRUE(fips_mode);
+            EXPECT_TRUE(fips);
         } else {
-            EXPECT_FALSE(fips_mode);
+            EXPECT_FALSE(fips);
         }
     }
 

diff --git a/tests/unit/s2n_fips_mode_test.c b/tests/unit/s2n_fips_mode_test.c
@@ -21,25 +21,25 @@ int main()
 {
     BEGIN_TEST_NO_INIT();
 
-    /* s2n_get_fips_mode() fails before init */
+    /* s2n_is_fips() fails before init */
     {
-        bool fips_mode = true;
-        EXPECT_FAILURE_WITH_ERRNO(s2n_get_fips_mode(&fips_mode), S2N_ERR_NOT_INITIALIZED);
-        EXPECT_FALSE(fips_mode);
+        bool fips = true;
+        EXPECT_FAILURE_WITH_ERRNO(s2n_is_fips(&fips), S2N_ERR_NOT_INITIALIZED);
+        EXPECT_FALSE(fips);
     }
 
     EXPECT_SUCCESS(s2n_init());
 
-    /* Test s2n_get_fips_mode() after init */
+    /* Test s2n_is_fips() after init */
     {
         /* Safety */
-        EXPECT_FAILURE_WITH_ERRNO(s2n_get_fips_mode(NULL), S2N_ERR_NULL);
+        EXPECT_FAILURE_WITH_ERRNO(s2n_is_fips(NULL), S2N_ERR_NULL);
 
-        /* FIPS mode matches s2n_is_in_fips_mode() */
+        /* FIPS value matches s2n_is_in_fips_mode() */
         {
-            bool fips_mode = false;
-            EXPECT_SUCCESS(s2n_get_fips_mode(&fips_mode));
-            EXPECT_EQUAL(fips_mode, s2n_is_in_fips_mode());
+            bool fips = false;
+            EXPECT_SUCCESS(s2n_is_fips(&fips));
+            EXPECT_EQUAL(fips, s2n_is_in_fips_mode());
         }
     }