projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
PR: 1828
[oweals/openssl.git]
/
ssl
/
ssltest.c
diff --git
a/ssl/ssltest.c
b/ssl/ssltest.c
index 137b68b857351fa16cf55030c1daf3ad2599a726..b09c542087ba9afe42cdc9ff5c0c09aa25731544 100644
(file)
--- a/
ssl/ssltest.c
+++ b/
ssl/ssltest.c
@@
-229,6
+229,9
@@
static void sv_usage(void)
{
fprintf(stderr,"usage: ssltest [args ...]\n");
fprintf(stderr,"\n");
{
fprintf(stderr,"usage: ssltest [args ...]\n");
fprintf(stderr,"\n");
+#ifdef OPENSSL_FIPS
+ fprintf(stderr,"-F - run test in FIPS mode\n");
+#endif
fprintf(stderr," -server_auth - check server certificate\n");
fprintf(stderr," -client_auth - do client authentication\n");
fprintf(stderr," -proxy - allow proxy certificates\n");
fprintf(stderr," -server_auth - check server certificate\n");
fprintf(stderr," -client_auth - do client authentication\n");
fprintf(stderr," -proxy - allow proxy certificates\n");
@@
-410,7
+413,7
@@
int main(int argc, char *argv[])
long bytes=256L;
#ifndef OPENSSL_NO_DH
DH *dh;
long bytes=256L;
#ifndef OPENSSL_NO_DH
DH *dh;
- int dhe1024 =
0
, dhe1024dsa = 0;
+ int dhe1024 =
1
, dhe1024dsa = 0;
#endif
#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh = NULL;
#endif
#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh = NULL;
@@
-425,6
+428,9
@@
int main(int argc, char *argv[])
#endif
STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
int test_cipherlist = 0;
#endif
STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
int test_cipherlist = 0;
+#ifdef OPENSSL_FIPS
+ int fips_mode=0;
+#endif
verbose = 0;
debug = 0;
verbose = 0;
debug = 0;
@@
-456,7
+462,16
@@
int main(int argc, char *argv[])
while (argc >= 1)
{
while (argc >= 1)
{
- if (strcmp(*argv,"-server_auth") == 0)
+ if(!strcmp(*argv,"-F"))
+ {
+#ifdef OPENSSL_FIPS
+ fips_mode=1;
+#else
+ fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
+ EXIT(0);
+#endif
+ }
+ else if (strcmp(*argv,"-server_auth") == 0)
server_auth=1;
else if (strcmp(*argv,"-client_auth") == 0)
client_auth=1;
server_auth=1;
else if (strcmp(*argv,"-client_auth") == 0)
client_auth=1;
@@
-638,6
+653,20
@@
bad:
EXIT(1);
}
EXIT(1);
}
+#ifdef OPENSSL_FIPS
+ if(fips_mode)
+ {
+ if(!FIPS_mode_set(1))
+ {
+ ERR_load_crypto_strings();
+ ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+ EXIT(1);
+ }
+ else
+ fprintf(stderr,"*** IN FIPS MODE ***\n");
+ }
+#endif
+
if (print_time)
{
if (!bio_pair)
if (print_time)
{
if (!bio_pair)
@@
-2059,20
+2088,12
@@
static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
}
#ifndef OPENSSL_NO_X509_VERIFY
}
#ifndef OPENSSL_NO_X509_VERIFY
-# ifdef OPENSSL_FIPS
- if(s->version == TLS1_VERSION)
- FIPS_allow_md5(1);
-# endif
ok = X509_verify_cert(ctx);
ok = X509_verify_cert(ctx);
-# ifdef OPENSSL_FIPS
- if(s->version == TLS1_VERSION)
- FIPS_allow_md5(0);
-# endif
#endif
if (cb_arg->proxy_auth)
{
#endif
if (cb_arg->proxy_auth)
{
- if (ok)
+ if (ok
> 0
)
{
const char *cond_end = NULL;
{
const char *cond_end = NULL;
@@
-2234,6
+2255,7
@@
static DH *get_dh1024dsa()
dh->length = 160;
return(dh);
}
dh->length = 160;
return(dh);
}
+#endif
static int do_test_cipherlist(void)
{
static int do_test_cipherlist(void)
{
@@
-2291,4
+2313,3
@@
static int do_test_cipherlist(void)
return 1;
}
return 1;
}
-#endif