1e0c4386eSCy Schubert#! /usr/bin/env perl 2*a7148ab3SEnji Cooper# Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. 3e0c4386eSCy Schubert# 4e0c4386eSCy Schubert# Licensed under the Apache License 2.0 (the "License"). You may not use 5e0c4386eSCy Schubert# this file except in compliance with the License. You can obtain a copy 6e0c4386eSCy Schubert# in the file LICENSE in the source distribution or at 7e0c4386eSCy Schubert# https://www.openssl.org/source/license.html 8e0c4386eSCy Schubert 9e0c4386eSCy Schubertuse strict; 10e0c4386eSCy Schubertuse warnings; 11e0c4386eSCy Schubert 12e0c4386eSCy Schubertuse File::Spec::Functions qw(:DEFAULT abs2rel); 13e0c4386eSCy Schubertuse File::Copy; 14e0c4386eSCy Schubertuse OpenSSL::Glob; 15e0c4386eSCy Schubertuse OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file/; 16e0c4386eSCy Schubertuse OpenSSL::Test::Utils; 17e0c4386eSCy Schubert 18e0c4386eSCy SchubertBEGIN { 19e0c4386eSCy Schubert setup("test_fipsinstall"); 20e0c4386eSCy Schubert} 21e0c4386eSCy Schubertuse lib srctop_dir('Configurations'); 22e0c4386eSCy Schubertuse lib bldtop_dir('.'); 23e0c4386eSCy Schubertuse platform; 24e0c4386eSCy Schubert 25e0c4386eSCy Schubertplan skip_all => "Test only supported in a fips build" if disabled("fips"); 26e0c4386eSCy Schubert 27e0c4386eSCy Schubertplan tests => 29; 28e0c4386eSCy Schubert 29e0c4386eSCy Schubertmy $infile = bldtop_file('providers', platform->dso('fips')); 30e0c4386eSCy Schubertmy $fipskey = $ENV{FIPSKEY} // config('FIPSKEY') // '00'; 31e0c4386eSCy Schubertmy $provconf = srctop_file("test", "fips-and-base.cnf"); 32e0c4386eSCy Schubert 33*a7148ab3SEnji Cooperrun(test(["fips_version_test", "-config", $provconf, "<3.4.0"]), 34*a7148ab3SEnji Cooper capture => 1, statusvar => \my $indicatorpost); 35*a7148ab3SEnji Cooper 36e0c4386eSCy Schubert# Read in a text $infile and replace the regular expression in $srch with the 37e0c4386eSCy Schubert# value in $repl and output to a new file $outfile. 38e0c4386eSCy Schubertsub replace_line_file_internal { 39e0c4386eSCy Schubert 40e0c4386eSCy Schubert my ($infile, $srch, $repl, $outfile) = @_; 41e0c4386eSCy Schubert my $msg; 42e0c4386eSCy Schubert 43e0c4386eSCy Schubert open(my $in, "<", $infile) or return 0; 44e0c4386eSCy Schubert read($in, $msg, 1024); 45e0c4386eSCy Schubert close $in; 46e0c4386eSCy Schubert 47e0c4386eSCy Schubert $msg =~ s/$srch/$repl/; 48e0c4386eSCy Schubert 49e0c4386eSCy Schubert open(my $fh, ">", $outfile) or return 0; 50e0c4386eSCy Schubert print $fh $msg; 51e0c4386eSCy Schubert close $fh; 52e0c4386eSCy Schubert return 1; 53e0c4386eSCy Schubert} 54e0c4386eSCy Schubert 55e0c4386eSCy Schubert# Read in the text input file 'fips.cnf' 56e0c4386eSCy Schubert# and replace a single Key = Value line with a new value in $value. 57e0c4386eSCy Schubert# OR remove the Key = Value line if the passed in $value is empty. 58e0c4386eSCy Schubert# and then output a new file $outfile. 59e0c4386eSCy Schubert# $key is the Key to find 60e0c4386eSCy Schubertsub replace_line_file { 61e0c4386eSCy Schubert my ($key, $value, $outfile) = @_; 62e0c4386eSCy Schubert 63e0c4386eSCy Schubert my $srch = qr/$key\s*=\s*\S*\n/; 64e0c4386eSCy Schubert my $rep; 65e0c4386eSCy Schubert if ($value eq "") { 66e0c4386eSCy Schubert $rep = ""; 67e0c4386eSCy Schubert } else { 68e0c4386eSCy Schubert $rep = "$key = $value\n"; 69e0c4386eSCy Schubert } 70e0c4386eSCy Schubert return replace_line_file_internal('fips.cnf', $srch, $rep, $outfile); 71e0c4386eSCy Schubert} 72e0c4386eSCy Schubert 73e0c4386eSCy Schubert# Read in the text input file 'test/fips.cnf' 74e0c4386eSCy Schubert# and replace the .cnf file used in 75e0c4386eSCy Schubert# .include fipsmodule.cnf with a new value in $value. 76e0c4386eSCy Schubert# and then output a new file $outfile. 77e0c4386eSCy Schubert# $key is the Key to find 78e0c4386eSCy Schubertsub replace_parent_line_file { 79e0c4386eSCy Schubert my ($value, $outfile) = @_; 80e0c4386eSCy Schubert my $srch = qr/fipsmodule.cnf/; 81e0c4386eSCy Schubert my $rep = "$value"; 82e0c4386eSCy Schubert return replace_line_file_internal(srctop_file("test", 'fips.cnf'), 83e0c4386eSCy Schubert $srch, $rep, $outfile); 84e0c4386eSCy Schubert} 85e0c4386eSCy Schubert 86e0c4386eSCy Schubert# fail if no module name 87e0c4386eSCy Schubertok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', 88e0c4386eSCy Schubert '-provider_name', 'fips', 89e0c4386eSCy Schubert '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 90e0c4386eSCy Schubert '-section_name', 'fips_sect'])), 91e0c4386eSCy Schubert "fipsinstall fail"); 92e0c4386eSCy Schubert 93e0c4386eSCy Schubert# fail to verify if the configuration file is missing 94e0c4386eSCy Schubertok(!run(app(['openssl', 'fipsinstall', '-in', 'dummy.tmp', '-module', $infile, 95e0c4386eSCy Schubert '-provider_name', 'fips', '-mac_name', 'HMAC', 96e0c4386eSCy Schubert '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 97e0c4386eSCy Schubert '-section_name', 'fips_sect', '-verify'])), 98e0c4386eSCy Schubert "fipsinstall verify fail"); 99e0c4386eSCy Schubert 100e0c4386eSCy Schubert 101e0c4386eSCy Schubert# output a fips.cnf file containing mac data 102e0c4386eSCy Schubertok(run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, 103e0c4386eSCy Schubert '-provider_name', 'fips', '-mac_name', 'HMAC', 104e0c4386eSCy Schubert '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 105e0c4386eSCy Schubert '-section_name', 'fips_sect'])), 106e0c4386eSCy Schubert "fipsinstall"); 107e0c4386eSCy Schubert 108e0c4386eSCy Schubert# verify the fips.cnf file 109e0c4386eSCy Schubertok(run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile, 110e0c4386eSCy Schubert '-provider_name', 'fips', '-mac_name', 'HMAC', 111e0c4386eSCy Schubert '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 112e0c4386eSCy Schubert '-section_name', 'fips_sect', '-verify'])), 113e0c4386eSCy Schubert "fipsinstall verify"); 114e0c4386eSCy Schubert 115e0c4386eSCy Schubertok(replace_line_file('module-mac', '', 'fips_no_module_mac.cnf') 116e0c4386eSCy Schubert && !run(app(['openssl', 'fipsinstall', 117e0c4386eSCy Schubert '-in', 'fips_no_module_mac.cnf', 118e0c4386eSCy Schubert '-module', $infile, 119e0c4386eSCy Schubert '-provider_name', 'fips', '-mac_name', 'HMAC', 120e0c4386eSCy Schubert '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", 121e0c4386eSCy Schubert '-section_name', 'fips_sect', '-verify'])), 122e0c4386eSCy Schubert "fipsinstall verify fail no module mac"); 123e0c4386eSCy Schubert 124e0c4386eSCy Schubertok(replace_line_file('install-mac', '', 'fips_no_install_mac.cnf') 125e0c4386eSCy Schubert && !run(app(['openssl', 'fipsinstall', 126e0c4386eSCy Schubert '-in', 'fips_no_install_mac.cnf', 127e0c4386eSCy Schubert '-module', $infile, 128e0c4386eSCy Schubert '-provider_name', 'fips', '-mac_name', 'HMAC', 129e0c4386eSCy Schubert '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", 130e0c4386eSCy Schubert '-section_name', 'fips_sect', '-verify'])), 131e0c4386eSCy Schubert "fipsinstall verify fail no install indicator mac"); 132e0c4386eSCy Schubert 133e0c4386eSCy Schubertok(replace_line_file('module-mac', '00:00:00:00:00:00', 134e0c4386eSCy Schubert 'fips_bad_module_mac.cnf') 135e0c4386eSCy Schubert && !run(app(['openssl', 'fipsinstall', 136e0c4386eSCy Schubert '-in', 'fips_bad_module_mac.cnf', 137e0c4386eSCy Schubert '-module', $infile, 138e0c4386eSCy Schubert '-provider_name', 'fips', '-mac_name', 'HMAC', 139e0c4386eSCy Schubert '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", 140e0c4386eSCy Schubert '-section_name', 'fips_sect', '-verify'])), 141e0c4386eSCy Schubert "fipsinstall verify fail if invalid module integrity value"); 142e0c4386eSCy Schubert 143e0c4386eSCy Schubertok(replace_line_file('install-mac', '00:00:00:00:00:00', 144e0c4386eSCy Schubert 'fips_bad_install_mac.cnf') 145e0c4386eSCy Schubert && !run(app(['openssl', 'fipsinstall', 146e0c4386eSCy Schubert '-in', 'fips_bad_install_mac.cnf', 147e0c4386eSCy Schubert '-module', $infile, 148e0c4386eSCy Schubert '-provider_name', 'fips', '-mac_name', 'HMAC', 149e0c4386eSCy Schubert '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", 150e0c4386eSCy Schubert '-section_name', 'fips_sect', '-verify'])), 151e0c4386eSCy Schubert "fipsinstall verify fail if invalid install indicator integrity value"); 152e0c4386eSCy Schubert 153e0c4386eSCy Schubertok(replace_line_file('install-status', 'INCORRECT_STATUS_STRING', 154e0c4386eSCy Schubert 'fips_bad_indicator.cnf') 155e0c4386eSCy Schubert && !run(app(['openssl', 'fipsinstall', 156e0c4386eSCy Schubert '-in', 'fips_bad_indicator.cnf', 157e0c4386eSCy Schubert '-module', $infile, 158e0c4386eSCy Schubert '-provider_name', 'fips', '-mac_name', 'HMAC', 159e0c4386eSCy Schubert '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", 160e0c4386eSCy Schubert '-section_name', 'fips_sect', '-verify'])), 161e0c4386eSCy Schubert "fipsinstall verify fail if invalid install indicator status"); 162e0c4386eSCy Schubert 163e0c4386eSCy Schubert# fail to verify the fips.cnf file if a different key is used 164e0c4386eSCy Schubertok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile, 165e0c4386eSCy Schubert '-provider_name', 'fips', '-mac_name', 'HMAC', 166e0c4386eSCy Schubert '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", 167e0c4386eSCy Schubert '-section_name', 'fips_sect', '-verify'])), 168e0c4386eSCy Schubert "fipsinstall verify fail bad key"); 169e0c4386eSCy Schubert 170e0c4386eSCy Schubert# fail to verify the fips.cnf file if a different mac digest is used 171e0c4386eSCy Schubertok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile, 172e0c4386eSCy Schubert '-provider_name', 'fips', '-mac_name', 'HMAC', 173e0c4386eSCy Schubert '-macopt', 'digest:SHA512', '-macopt', "hexkey:$fipskey", 174e0c4386eSCy Schubert '-section_name', 'fips_sect', '-verify'])), 175e0c4386eSCy Schubert "fipsinstall verify fail incorrect digest"); 176e0c4386eSCy Schubert 177e0c4386eSCy Schubert# corrupt the module hmac 178e0c4386eSCy Schubertok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, 179e0c4386eSCy Schubert '-provider_name', 'fips', '-mac_name', 'HMAC', 180e0c4386eSCy Schubert '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 181e0c4386eSCy Schubert '-section_name', 'fips_sect', '-corrupt_desc', 'HMAC'])), 182e0c4386eSCy Schubert "fipsinstall fails when the module integrity is corrupted"); 183e0c4386eSCy Schubert 184e0c4386eSCy Schubert# corrupt the first digest 185e0c4386eSCy Schubertok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile, 186e0c4386eSCy Schubert '-provider_name', 'fips', '-mac_name', 'HMAC', 187e0c4386eSCy Schubert '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 188*a7148ab3SEnji Cooper '-section_name', 'fips_sect', '-corrupt_desc', 'SHA2'])), 189e0c4386eSCy Schubert "fipsinstall fails when the digest result is corrupted"); 190e0c4386eSCy Schubert 191e0c4386eSCy Schubert# corrupt another digest 192e0c4386eSCy Schubertok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile, 193e0c4386eSCy Schubert '-provider_name', 'fips', '-mac_name', 'HMAC', 194e0c4386eSCy Schubert '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 195e0c4386eSCy Schubert '-section_name', 'fips_sect', '-corrupt_desc', 'SHA3'])), 196e0c4386eSCy Schubert "fipsinstall fails when the digest result is corrupted"); 197e0c4386eSCy Schubert 198e0c4386eSCy Schubert# corrupt cipher encrypt test 199e0c4386eSCy Schubertok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile, 200e0c4386eSCy Schubert '-provider_name', 'fips', '-mac_name', 'HMAC', 201e0c4386eSCy Schubert '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 202e0c4386eSCy Schubert '-section_name', 'fips_sect', '-corrupt_desc', 'AES_GCM'])), 203e0c4386eSCy Schubert "fipsinstall fails when the AES_GCM result is corrupted"); 204e0c4386eSCy Schubert 205e0c4386eSCy Schubert# corrupt cipher decrypt test 206e0c4386eSCy Schubertok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile, 207e0c4386eSCy Schubert '-provider_name', 'fips', '-mac_name', 'HMAC', 208e0c4386eSCy Schubert '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 209e0c4386eSCy Schubert '-section_name', 'fips_sect', '-corrupt_desc', 'AES_ECB_Decrypt'])), 210e0c4386eSCy Schubert "fipsinstall fails when the AES_ECB result is corrupted"); 211e0c4386eSCy Schubert 212e0c4386eSCy Schubert# corrupt DRBG 213e0c4386eSCy Schubertok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile, 214e0c4386eSCy Schubert '-provider_name', 'fips', '-mac_name', 'HMAC', 215e0c4386eSCy Schubert '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 216e0c4386eSCy Schubert '-section_name', 'fips_sect', '-corrupt_desc', 'CTR'])), 217e0c4386eSCy Schubert "fipsinstall fails when the DRBG CTR result is corrupted"); 218e0c4386eSCy Schubert 219e0c4386eSCy Schubert# corrupt a KAS test 220e0c4386eSCy SchubertSKIP: { 221e0c4386eSCy Schubert skip "Skipping KAS DH corruption test because of no dh in this build", 1 222e0c4386eSCy Schubert if disabled("dh"); 223e0c4386eSCy Schubert 224e0c4386eSCy Schubert ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, 225e0c4386eSCy Schubert '-provider_name', 'fips', '-mac_name', 'HMAC', 226e0c4386eSCy Schubert '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 227e0c4386eSCy Schubert '-section_name', 'fips_sect', 228e0c4386eSCy Schubert '-corrupt_desc', 'DH', 229e0c4386eSCy Schubert '-corrupt_type', 'KAT_KA'])), 230e0c4386eSCy Schubert "fipsinstall fails when the kas result is corrupted"); 231e0c4386eSCy Schubert} 232e0c4386eSCy Schubert 233e0c4386eSCy Schubert# corrupt a Signature test 234e0c4386eSCy SchubertSKIP: { 235e0c4386eSCy Schubert skip "Skipping Signature DSA corruption test because of no dsa in this build", 1 236e0c4386eSCy Schubert if disabled("dsa"); 237e0c4386eSCy Schubert 238e0c4386eSCy Schubert run(test(["fips_version_test", "-config", $provconf, "<3.1.0"]), 239e0c4386eSCy Schubert capture => 1, statusvar => \my $exit); 240e0c4386eSCy Schubert skip "FIPS provider version is too new for PCT DSA signature test", 1 241e0c4386eSCy Schubert if !$exit; 242e0c4386eSCy Schubert 243e0c4386eSCy Schubert ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, 244e0c4386eSCy Schubert '-provider_name', 'fips', '-mac_name', 'HMAC', 245e0c4386eSCy Schubert '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 246e0c4386eSCy Schubert '-section_name', 'fips_sect', 247e0c4386eSCy Schubert '-corrupt_desc', 'DSA', 248e0c4386eSCy Schubert '-corrupt_type', 'PCT_Signature'])), 249e0c4386eSCy Schubert "fipsinstall fails when the signature result is corrupted"); 250e0c4386eSCy Schubert} 251e0c4386eSCy Schubert 252e0c4386eSCy Schubert# corrupt an Asymmetric cipher test 253e0c4386eSCy SchubertSKIP: { 254e0c4386eSCy Schubert skip "Skipping Asymmetric RSA corruption test because of no rsa in this build", 1 255e0c4386eSCy Schubert if disabled("rsa"); 256e0c4386eSCy Schubert ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, 257e0c4386eSCy Schubert '-corrupt_desc', 'RSA_Encrypt', 258e0c4386eSCy Schubert '-corrupt_type', 'KAT_AsymmetricCipher'])), 259e0c4386eSCy Schubert "fipsinstall fails when the asymmetric cipher result is corrupted"); 260e0c4386eSCy Schubert} 261e0c4386eSCy Schubert 262e0c4386eSCy Schubert# 'local' ensures that this change is only done in this file. 263e0c4386eSCy Schubertlocal $ENV{OPENSSL_CONF_INCLUDE} = abs2rel(curdir()); 264e0c4386eSCy Schubert 265e0c4386eSCy Schubertok(replace_parent_line_file('fips.cnf', 'fips_parent.cnf') 266e0c4386eSCy Schubert && run(app(['openssl', 'fipsinstall', '-config', 'fips_parent.cnf'])), 267e0c4386eSCy Schubert "verify fips provider loads from a configuration file"); 268e0c4386eSCy Schubert 269e0c4386eSCy Schubertok(replace_parent_line_file('fips_no_module_mac.cnf', 270e0c4386eSCy Schubert 'fips_parent_no_module_mac.cnf') 271e0c4386eSCy Schubert && !run(app(['openssl', 'fipsinstall', 272e0c4386eSCy Schubert '-config', 'fips_parent_no_module_mac.cnf'])), 273e0c4386eSCy Schubert "verify load config fail no module mac"); 274e0c4386eSCy Schubert 275*a7148ab3SEnji Cooper 276*a7148ab3SEnji CooperSKIP: { 277*a7148ab3SEnji Cooper skip "Newer FIPS provider version does not support this feature", 3 278*a7148ab3SEnji Cooper if !$indicatorpost; 279*a7148ab3SEnji Cooper 280e0c4386eSCy Schubert ok(replace_parent_line_file('fips_no_install_mac.cnf', 281e0c4386eSCy Schubert 'fips_parent_no_install_mac.cnf') 282e0c4386eSCy Schubert && !run(app(['openssl', 'fipsinstall', 283e0c4386eSCy Schubert '-config', 'fips_parent_no_install_mac.cnf'])), 284e0c4386eSCy Schubert "verify load config fail no install mac"); 285e0c4386eSCy Schubert ok(replace_parent_line_file('fips_bad_indicator.cnf', 286e0c4386eSCy Schubert 'fips_parent_bad_indicator.cnf') 287e0c4386eSCy Schubert && !run(app(['openssl', 'fipsinstall', 288e0c4386eSCy Schubert '-config', 'fips_parent_bad_indicator.cnf'])), 289e0c4386eSCy Schubert "verify load config fail bad indicator"); 290e0c4386eSCy Schubert ok(replace_parent_line_file('fips_bad_install_mac.cnf', 291e0c4386eSCy Schubert 'fips_parent_bad_install_mac.cnf') 292e0c4386eSCy Schubert && !run(app(['openssl', 'fipsinstall', 293e0c4386eSCy Schubert '-config', 'fips_parent_bad_install_mac.cnf'])), 294e0c4386eSCy Schubert "verify load config fail bad install mac"); 295*a7148ab3SEnji Cooper} 296e0c4386eSCy Schubert 297e0c4386eSCy Schubertok(replace_parent_line_file('fips_bad_module_mac.cnf', 298e0c4386eSCy Schubert 'fips_parent_bad_module_mac.cnf') 299e0c4386eSCy Schubert && !run(app(['openssl', 'fipsinstall', 300e0c4386eSCy Schubert '-config', 'fips_parent_bad_module_mac.cnf'])), 301e0c4386eSCy Schubert "verify load config fail bad module mac"); 302e0c4386eSCy Schubert 303e0c4386eSCy Schubert 304e0c4386eSCy Schubertmy $stconf = "fipsmodule_selftest.cnf"; 305e0c4386eSCy Schubert 306e0c4386eSCy Schubertok(run(app(['openssl', 'fipsinstall', '-out', $stconf, 307e0c4386eSCy Schubert '-module', $infile, '-self_test_onload'])), 308e0c4386eSCy Schubert "fipsinstall config saved without self test indicator"); 309e0c4386eSCy Schubert 310e0c4386eSCy Schubertok(!run(app(['openssl', 'fipsinstall', '-in', $stconf, 311e0c4386eSCy Schubert '-module', $infile, '-verify'])), 312e0c4386eSCy Schubert "fipsinstall config verify fails without self test indicator"); 313e0c4386eSCy Schubert 314e0c4386eSCy Schubertok(run(app(['openssl', 'fipsinstall', '-in', $stconf, 315e0c4386eSCy Schubert '-module', $infile, '-self_test_onload', '-verify'])), 316e0c4386eSCy Schubert "fipsinstall config verify passes when self test indicator is not present"); 317