projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Additional workaround for PR#2771
[oweals/openssl.git]
/
ssl
/
ssltest.c
diff --git
a/ssl/ssltest.c
b/ssl/ssltest.c
index 994522effea41547d4585504e0c0731c3ba34e3e..0f8fd3902da52b8e3243d1f6ef927322eb54b22c 100644
(file)
--- a/
ssl/ssltest.c
+++ b/
ssl/ssltest.c
@@
-266,12
+266,6
@@
static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
return BUF_strdup((char *)srp_client_arg->srppassin);
}
return BUF_strdup((char *)srp_client_arg->srppassin);
}
-static char * MS_CALLBACK missing_srp_username_callback(SSL *s, void *arg)
- {
- SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
- return BUF_strdup(srp_client_arg->srplogin);
- }
-
/* SRP server */
/* This is a context that we pass to SRP server callbacks */
typedef struct srp_server_arg_st
/* SRP server */
/* This is a context that we pass to SRP server callbacks */
typedef struct srp_server_arg_st
@@
-320,6
+314,9
@@
static void sv_usage(void)
{
fprintf(stderr,"usage: ssltest [args ...]\n");
fprintf(stderr,"\n");
{
fprintf(stderr,"usage: ssltest [args ...]\n");
fprintf(stderr,"\n");
+#ifdef OPENSSL_FIPS
+ fprintf(stderr,"-F - run test in FIPS mode\n");
+#endif
fprintf(stderr," -server_auth - check server certificate\n");
fprintf(stderr," -client_auth - do client authentication\n");
fprintf(stderr," -proxy - allow proxy certificates\n");
fprintf(stderr," -server_auth - check server certificate\n");
fprintf(stderr," -client_auth - do client authentication\n");
fprintf(stderr," -proxy - allow proxy certificates\n");
@@
-534,7
+531,6
@@
int main(int argc, char *argv[])
#endif
#ifndef OPENSSL_NO_SRP
/* client */
#endif
#ifndef OPENSSL_NO_SRP
/* client */
- int srp_lateuser = 0;
SRP_CLIENT_ARG srp_client_arg = {NULL,NULL};
/* server */
SRP_SERVER_ARG srp_server_arg = {NULL,NULL};
SRP_CLIENT_ARG srp_client_arg = {NULL,NULL};
/* server */
SRP_SERVER_ARG srp_server_arg = {NULL,NULL};
@@
-550,6
+546,9
@@
int main(int argc, char *argv[])
#endif
STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
int test_cipherlist = 0;
#endif
STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
int test_cipherlist = 0;
+#ifdef OPENSSL_FIPS
+ int fips_mode=0;
+#endif
verbose = 0;
debug = 0;
verbose = 0;
debug = 0;
@@
-581,7
+580,16
@@
int main(int argc, char *argv[])
while (argc >= 1)
{
while (argc >= 1)
{
- if (strcmp(*argv,"-server_auth") == 0)
+ if(!strcmp(*argv,"-F"))
+ {
+#ifdef OPENSSL_FIPS
+ fips_mode=1;
+#else
+ fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
+ EXIT(0);
+#endif
+ }
+ else if (strcmp(*argv,"-server_auth") == 0)
server_auth=1;
else if (strcmp(*argv,"-client_auth") == 0)
client_auth=1;
server_auth=1;
else if (strcmp(*argv,"-client_auth") == 0)
client_auth=1;
@@
-791,6
+799,20
@@
bad:
EXIT(1);
}
EXIT(1);
}
+#ifdef OPENSSL_FIPS
+ if(fips_mode)
+ {
+ if(!FIPS_mode_set(1))
+ {
+ ERR_load_crypto_strings();
+ ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+ EXIT(1);
+ }
+ else
+ fprintf(stderr,"*** IN FIPS MODE ***\n");
+ }
+#endif
+
if (print_time)
{
if (!bio_pair)
if (print_time)
{
if (!bio_pair)
@@
-914,7
+936,11
@@
bad:
}
}
else
}
}
else
+#ifdef OPENSSL_NO_EC2M
+ nid = NID_X9_62_prime256v1;
+#else
nid = NID_sect163r2;
nid = NID_sect163r2;
+#endif
ecdh = EC_KEY_new_by_curve_name(nid);
if (ecdh == NULL)
ecdh = EC_KEY_new_by_curve_name(nid);
if (ecdh == NULL)
@@
-1020,9
+1046,7
@@
bad:
#ifndef OPENSSL_NO_SRP
if (srp_client_arg.srplogin)
{
#ifndef OPENSSL_NO_SRP
if (srp_client_arg.srplogin)
{
- if (srp_lateuser)
- SSL_CTX_set_srp_missing_srp_username_callback(c_ctx,missing_srp_username_callback);
- else if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin))
+ if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin))
{
BIO_printf(bio_err,"Unable to set SRP username\n");
goto end;
{
BIO_printf(bio_err,"Unable to set SRP username\n");
goto end;