Add new feature to force failure if environment variable is set

ColtonWilley · ColtonWilley · commit f82cf7511cb9 · 2025-02-12T12:46:42.000-08:00
diff --git a/include/wolfprovider/settings.h b/include/wolfprovider/settings.h
@@ -155,6 +155,9 @@
 #ifdef HAVE_ED448
      #define WP_HAVE_ED448
 #endif
+#ifndef WP_NO_FORCE_FAIL
+    #define WP_CHECK_FORCE_FAIL
+#endif
 
 #endif /* WOLFPROV_SETTINGS_H */
 
diff --git a/src/wp_wolfprov.c b/src/wp_wolfprov.c
@@ -51,6 +51,10 @@ static const OSSL_PARAM wolfssl_param_types[] = {
     OSSL_PARAM_END
 };
 
+#ifdef WP_CHECK_FORCE_FAIL
+static int forceFail = 0;
+#endif
+
 /*
  * Get he table of parameters supported by wolfProv.
  *
@@ -74,6 +78,12 @@ static const OSSL_PARAM* wolfprov_gettable_params(void* provCtx)
  */
 int wolfssl_prov_is_running(void)
 {
+#ifdef WP_CHECK_FORCE_FAIL
+    if (forceFail) {
+      WOLFPROV_LEAVE(WP_LOG_PROVIDER, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 0);
+      return 0;
+    }
+#endif
     /* Always running. */
     WOLFPROV_LEAVE(WP_LOG_PROVIDER, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
     return 1;
@@ -1185,6 +1195,19 @@ int wolfssl_provider_init(const OSSL_CORE_HANDLE* handle,
     wolfCrypt_SetCb_fips(wp_fipsCb);
 #endif
 
+#ifdef WP_CHECK_FORCE_FAIL
+    char *forceFailEnv = NULL;
+#if defined(XGETENV) && !defined(NO_GETENV)
+    forceFailEnv = XGETENV("WOLFPROV_FORCE_FAIL");
+    if (forceFailEnv != NULL && XATOI(forceFailEnv) == 1) {
+      WOLFPROV_MSG(WP_LOG_PROVIDER, "WOLFPROV_FORCE_FAIL=1, Forcing failure\n");
+      forceFail = 1;
+    }
+#else
+#error "Force failure check enabled but impossible to perform without XGETENV, use -DWP_NO_FORCE_FAIL"
+#endif
+#endif
+
     for (; in->function_id != 0; in++) {
         switch (in->function_id) {
             case OSSL_FUNC_CORE_GETTABLE_PARAMS:
