I am having a hard time finding out what factors go into determining whether BCryptGetFipsAlgorithmMode() returns TRUE or FALSE. Does it just return the status of:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled
or is it something else?
As I understand it: basically yes.
It's the C/C++ way to ascertain whether the system you're running on has FIPS Compliance specified in group policy. Using this function, rather than the registry keys allows Microsoft to move the registry key around as they see fit, as well as determine other ways in which this rule may be enforced. I suspect that's why they've provided a function and not just details of a key to check.