generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make ssl code consistent with FIPS branch. The new code has no effect

Browse Source 
at present because it asserts either noop flags or is inside
OPENSSL_FIPS #ifdef's.
This commit is contained in:
Dr. Stephen Henson
2008-06-16 16:56:43 +00:00
parent ff2ab9e6bb
commit 14748adb09
17 changed files with 122 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
ssl/ssltest.c
View File

@@ -229,6 +229,9 @@ static void sv_usage(void)
{
fprintf(stderr,"usage: ssltest [args ...]\n");
fprintf(stderr,"\n");
#ifdef OPENSSL_FIPS
fprintf(stderr,"-F - run test in FIPS mode\n");
#endif
fprintf(stderr," -server_auth - check server certificate\n");
fprintf(stderr," -client_auth - do client authentication\n");
fprintf(stderr," -proxy - allow proxy certificates\n");
@@ -410,7 +413,7 @@ int main(int argc, char *argv[])
long bytes=256L;
#ifndef OPENSSL_NO_DH
DH *dh;
int dhe1024 = 0, dhe1024dsa = 0;
int dhe1024 = 1, dhe1024dsa = 0;
#endif
#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh = NULL;
@@ -425,6 +428,9 @@ int main(int argc, char *argv[])
#endif
STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
int test_cipherlist = 0;
#ifdef OPENSSL_FIPS
int fips_mode=0;
#endif
verbose = 0;
debug = 0;
@@ -456,7 +462,16 @@ int main(int argc, char *argv[])
while (argc >= 1)
{
if (strcmp(*argv,"-server_auth") == 0)
if(!strcmp(*argv,"-F"))
{
#ifdef OPENSSL_FIPS
fips_mode=1;
#else
fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
EXIT(0);
#endif
}
else if (strcmp(*argv,"-server_auth") == 0)
server_auth=1;
else if (strcmp(*argv,"-client_auth") == 0)
client_auth=1;
@@ -638,6 +653,20 @@ bad:
EXIT(1);
}
#ifdef OPENSSL_FIPS
if(fips_mode)
{
if(!FIPS_mode_set(1))
{
ERR_load_crypto_strings();
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
EXIT(1);
}
else
fprintf(stderr,"*** IN FIPS MODE ***\n");
}
#endif
if (print_time)
{
if (!bio_pair)
@@ -2059,15 +2088,7 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
}
#ifndef OPENSSL_NO_X509_VERIFY
# ifdef OPENSSL_FIPS
if(s->version == TLS1_VERSION)
FIPS_allow_md5(1);
# endif
ok = X509_verify_cert(ctx);
# ifdef OPENSSL_FIPS
if(s->version == TLS1_VERSION)
FIPS_allow_md5(0);
# endif
#endif
if (cb_arg->proxy_auth)