diff options
Diffstat (limited to 'src/lib/libssl/src/ssl/ssltest.c')
| -rw-r--r-- | src/lib/libssl/src/ssl/ssltest.c | 41 |
1 files changed, 31 insertions, 10 deletions
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c index e786b428cd..f409f3dc76 100644 --- a/src/lib/libssl/src/ssl/ssltest.c +++ b/src/lib/libssl/src/ssl/ssltest.c | |||
| @@ -231,6 +231,9 @@ static void sv_usage(void) | |||
| 231 | { | 231 | { |
| 232 | fprintf(stderr,"usage: ssltest [args ...]\n"); | 232 | fprintf(stderr,"usage: ssltest [args ...]\n"); |
| 233 | fprintf(stderr,"\n"); | 233 | fprintf(stderr,"\n"); |
| 234 | #ifdef OPENSSL_FIPS | ||
| 235 | fprintf(stderr,"-F - run test in FIPS mode\n"); | ||
| 236 | #endif | ||
| 234 | fprintf(stderr," -server_auth - check server certificate\n"); | 237 | fprintf(stderr," -server_auth - check server certificate\n"); |
| 235 | fprintf(stderr," -client_auth - do client authentication\n"); | 238 | fprintf(stderr," -client_auth - do client authentication\n"); |
| 236 | fprintf(stderr," -proxy - allow proxy certificates\n"); | 239 | fprintf(stderr," -proxy - allow proxy certificates\n"); |
| @@ -412,7 +415,7 @@ int main(int argc, char *argv[]) | |||
| 412 | long bytes=256L; | 415 | long bytes=256L; |
| 413 | #ifndef OPENSSL_NO_DH | 416 | #ifndef OPENSSL_NO_DH |
| 414 | DH *dh; | 417 | DH *dh; |
| 415 | int dhe1024 = 0, dhe1024dsa = 0; | 418 | int dhe1024 = 1, dhe1024dsa = 0; |
| 416 | #endif | 419 | #endif |
| 417 | #ifndef OPENSSL_NO_ECDH | 420 | #ifndef OPENSSL_NO_ECDH |
| 418 | EC_KEY *ecdh = NULL; | 421 | EC_KEY *ecdh = NULL; |
| @@ -427,6 +430,9 @@ int main(int argc, char *argv[]) | |||
| 427 | #endif | 430 | #endif |
| 428 | STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; | 431 | STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; |
| 429 | int test_cipherlist = 0; | 432 | int test_cipherlist = 0; |
| 433 | #ifdef OPENSSL_FIPS | ||
| 434 | int fips_mode=0; | ||
| 435 | #endif | ||
| 430 | 436 | ||
| 431 | verbose = 0; | 437 | verbose = 0; |
| 432 | debug = 0; | 438 | debug = 0; |
| @@ -458,7 +464,16 @@ int main(int argc, char *argv[]) | |||
| 458 | 464 | ||
| 459 | while (argc >= 1) | 465 | while (argc >= 1) |
| 460 | { | 466 | { |
| 461 | if (strcmp(*argv,"-server_auth") == 0) | 467 | if(!strcmp(*argv,"-F")) |
| 468 | { | ||
| 469 | #ifdef OPENSSL_FIPS | ||
| 470 | fips_mode=1; | ||
| 471 | #else | ||
| 472 | fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n"); | ||
| 473 | EXIT(0); | ||
| 474 | #endif | ||
| 475 | } | ||
| 476 | else if (strcmp(*argv,"-server_auth") == 0) | ||
| 462 | server_auth=1; | 477 | server_auth=1; |
| 463 | else if (strcmp(*argv,"-client_auth") == 0) | 478 | else if (strcmp(*argv,"-client_auth") == 0) |
| 464 | client_auth=1; | 479 | client_auth=1; |
| @@ -640,6 +655,20 @@ bad: | |||
| 640 | EXIT(1); | 655 | EXIT(1); |
| 641 | } | 656 | } |
| 642 | 657 | ||
| 658 | #ifdef OPENSSL_FIPS | ||
| 659 | if(fips_mode) | ||
| 660 | { | ||
| 661 | if(!FIPS_mode_set(1)) | ||
| 662 | { | ||
| 663 | ERR_load_crypto_strings(); | ||
| 664 | ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); | ||
| 665 | EXIT(1); | ||
| 666 | } | ||
| 667 | else | ||
| 668 | fprintf(stderr,"*** IN FIPS MODE ***\n"); | ||
| 669 | } | ||
| 670 | #endif | ||
| 671 | |||
| 643 | if (print_time) | 672 | if (print_time) |
| 644 | { | 673 | { |
| 645 | if (!bio_pair) | 674 | if (!bio_pair) |
| @@ -2061,15 +2090,7 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg) | |||
| 2061 | } | 2090 | } |
| 2062 | 2091 | ||
| 2063 | #ifndef OPENSSL_NO_X509_VERIFY | 2092 | #ifndef OPENSSL_NO_X509_VERIFY |
| 2064 | # ifdef OPENSSL_FIPS | ||
| 2065 | if(s->version == TLS1_VERSION) | ||
| 2066 | FIPS_allow_md5(1); | ||
| 2067 | # endif | ||
| 2068 | ok = X509_verify_cert(ctx); | 2093 | ok = X509_verify_cert(ctx); |
| 2069 | # ifdef OPENSSL_FIPS | ||
| 2070 | if(s->version == TLS1_VERSION) | ||
| 2071 | FIPS_allow_md5(0); | ||
| 2072 | # endif | ||
| 2073 | #endif | 2094 | #endif |
| 2074 | 2095 | ||
| 2075 | if (cb_arg->proxy_auth) | 2096 | if (cb_arg->proxy_auth) |