[PATCH 2/2] bcrypt/tests: Added conformance test for BCryptGetFipsAlgorithmMode

[Kai Blaschke]

Am 24.01.2014 01:20, schrieb Bruno Jesus:
> Hi, Kai.
>
> If the value depends on a registry entry how can you be sure it will
> always return 0? If the registry key is the only parameter required to
> return in this function IMO you should read the registry here and
> check against that instead of a fixed value. Best wishes, Bruno 
I thought about this - ideally, the test should test the function
setting different values in the registry and checking the function's
return value accordingly, but this value is a local security policy
setting, which we cannot guarantee to be writeable for the user
executing the test. I'll add some code which checks if one of the two
possible keys exist and then use the actual value to check the result.

Interestingly, the original implementation uses the same "wrong", but
simple logic I used in the implementation, just returning the lower 8
bits of the DWORD value to determine the enable state. The only
difference is that the Microsoft implementation only returns either 0 or
1. Setting the value to 0x100 or any multiple of that causes
BCryptGetFipsAlgorithmMode to return 0 on a Windows machine.

I'll send in new and hopefully final patches with these changes.

--
Kai