reject zero length point format list or supported curves extensions
[openssl.git] / ssl / ssltest.c
index 977e12b..faffbca 100644 (file)
@@ -266,12 +266,6 @@ static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
        return BUF_strdup((char *)srp_client_arg->srppassin);
        }
 
-static char * MS_CALLBACK missing_srp_username_callback(SSL *s, void *arg)
-       {
-       SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
-       return BUF_strdup(srp_client_arg->srplogin);
-       }
-
 /* SRP server */
 /* This is a context that we pass to SRP server callbacks */
 typedef struct srp_server_arg_st
@@ -395,6 +389,9 @@ static void sv_usage(void)
        {
        fprintf(stderr,"usage: ssltest [args ...]\n");
        fprintf(stderr,"\n");
+#ifdef OPENSSL_FIPS
+       fprintf(stderr,"-F             - run test in FIPS mode\n");
+#endif
        fprintf(stderr," -server_auth  - check server certificate\n");
        fprintf(stderr," -client_auth  - do client authentication\n");
        fprintf(stderr," -proxy        - allow proxy certificates\n");
@@ -614,7 +611,6 @@ int main(int argc, char *argv[])
 #endif
 #ifndef OPENSSL_NO_SRP
        /* client */
-       int srp_lateuser = 0;
        SRP_CLIENT_ARG srp_client_arg = {NULL,NULL};
        /* server */
        SRP_SERVER_ARG srp_server_arg = {NULL,NULL};
@@ -630,6 +626,9 @@ int main(int argc, char *argv[])
        STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
 #endif
        int test_cipherlist = 0;
+#ifdef OPENSSL_FIPS
+       int fips_mode=0;
+#endif
 
        verbose = 0;
        debug = 0;
@@ -661,7 +660,16 @@ int main(int argc, char *argv[])
 
        while (argc >= 1)
                {
-               if      (strcmp(*argv,"-server_auth") == 0)
+               if(!strcmp(*argv,"-F"))
+                       {
+#ifdef OPENSSL_FIPS
+                       fips_mode=1;
+#else
+                       fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
+                       EXIT(0);
+#endif
+                       }
+               else if (strcmp(*argv,"-server_auth") == 0)
                        server_auth=1;
                else if (strcmp(*argv,"-client_auth") == 0)
                        client_auth=1;
@@ -885,6 +893,20 @@ bad:
                EXIT(1);
                }
 
+#ifdef OPENSSL_FIPS
+       if(fips_mode)
+               {
+               if(!FIPS_mode_set(1))
+                       {
+                       ERR_load_crypto_strings();
+                       ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+                       EXIT(1);
+                       }
+               else
+                       fprintf(stderr,"*** IN FIPS MODE ***\n");
+               }
+#endif
+
        if (print_time)
                {
                if (!bio_pair)
@@ -1118,9 +1140,7 @@ bad:
 #ifndef OPENSSL_NO_SRP
         if (srp_client_arg.srplogin)
                {
-               if (srp_lateuser) 
-                       SSL_CTX_set_srp_missing_srp_username_callback(c_ctx,missing_srp_username_callback);
-               else if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin))
+               if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin))
                        {
                        BIO_printf(bio_err,"Unable to set SRP username\n");
                        goto end;