Don't try to use unvalidated composite ciphers in FIPS mode

[oweals/openssl.git] / test / Makefile

diff --git a/test/Makefile b/test/Makefile
index 12694dc40ab921b60cf83c37c0abbdd150698743..09e68487644844e3d0ad6c6a892220427338faea 100644 (file)
--- a/test/Makefile
+++ b/test/Makefile
@@ -275,6 +275,9 @@ test_engine:
 test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \
                intP1.ss intP2.ss
        @echo "test SSL protocol"
+       @if [ -n "$(FIPSCANLIB)" ]; then \
+         sh ./testfipsssl keyU.ss certU.ss certCA.ss; \
+       fi
        ../util/shlib_wrap.sh ./$(SSLTEST) -test_cipherlist
        @sh ./testssl keyU.ss certU.ss certCA.ss
        @sh ./testsslproxy keyP1.ss certP1.ss intP1.ss
@@ -344,8 +347,17 @@ BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
                shlib_target="$(SHLIB_TARGET)"; \
        fi; \
        LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \
+       $(MAKE) -f $(TOP)/Makefile.shared -e \
+               CC="$${CC}" APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
+               LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
+               link_app.$${shlib_target}
+
+FIPS_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
+               shlib_target="$(SHLIB_TARGET)"; \
+       fi; \
+       LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \
        if [ -z "$(SHARED_LIBS)" -a -n "$(FIPSCANLIB)" ] ; then \
-               FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)bin/fipsld; export CC FIPSLD_CC; \
+               FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; export CC FIPSLD_CC; \
        fi; \
        $(MAKE) -f $(TOP)/Makefile.shared -e \
                CC="$${CC}" APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
@@ -431,7 +443,7 @@ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
        @target=$(METHTEST); $(BUILD_CMD)
 
 $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
-       @target=$(SSLTEST); $(BUILD_CMD)
+       @target=$(SSLTEST); $(FIPS_BUILD_CMD)
 
 $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
        @target=$(ENGINETEST); $(BUILD_CMD)
@@ -704,11 +716,12 @@ ssltest.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ssltest.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
 ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 ssltest.o: ../include/openssl/sha.h ../include/openssl/srp.h
-ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssltest.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssltest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssltest.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssltest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h ssltest.c
+ssltest.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ssltest.o: ../include/openssl/x509v3.h ssltest.c
 wp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 wp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 wp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h