diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-05-19 18:09:02 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-05-19 18:09:02 +0000 |
commit | 086e32a6c7df4588834bc4d033a00382fd313b58 (patch) | |
tree | 6ceaf1e1c7be5fbf9251356fd73a0d26bcdbff29 /ssl/ssltest.c | |
parent | 05b4fc6c220d539b3485507fcbb7efed4edc2adc (diff) |
Implement FIPS_mode and FIPS_mode_set
Diffstat (limited to 'ssl/ssltest.c')
-rw-r--r-- | ssl/ssltest.c | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 977e12b878..cebd4e7c8f 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -395,6 +395,9 @@ static void sv_usage(void) { fprintf(stderr,"usage: ssltest [args ...]\n"); fprintf(stderr,"\n"); +#ifdef OPENSSL_FIPS + fprintf(stderr,"-F - run test in FIPS mode\n"); +#endif fprintf(stderr," -server_auth - check server certificate\n"); fprintf(stderr," -client_auth - do client authentication\n"); fprintf(stderr," -proxy - allow proxy certificates\n"); @@ -630,6 +633,9 @@ int main(int argc, char *argv[]) STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; #endif int test_cipherlist = 0; +#ifdef OPENSSL_FIPS + int fips_mode=0; +#endif verbose = 0; debug = 0; @@ -661,7 +667,16 @@ int main(int argc, char *argv[]) while (argc >= 1) { - if (strcmp(*argv,"-server_auth") == 0) + if(!strcmp(*argv,"-F")) + { +#ifdef OPENSSL_FIPS + fips_mode=1; +#else + fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n"); + EXIT(0); +#endif + } + else if (strcmp(*argv,"-server_auth") == 0) server_auth=1; else if (strcmp(*argv,"-client_auth") == 0) client_auth=1; @@ -885,6 +900,20 @@ bad: EXIT(1); } +#ifdef OPENSSL_FIPS + if(fips_mode) + { + if(!FIPS_mode_set(1)) + { + ERR_load_crypto_strings(); + ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); + EXIT(1); + } + else + fprintf(stderr,"*** IN FIPS MODE ***\n"); + } +#endif + if (print_time) { if (!bio_pair) |