diff options
| author | Andreas Schneider <asn@samba.org> | 2020-03-16 09:39:48 +0100 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2020-04-08 13:02:40 +0000 |
| commit | 5ae07ac3ea720b1351c39b36865fd25a149c62b0 (patch) | |
| tree | b4abe072b726fb5564f8166aefa7a0a14e106945 | |
| parent | ff67642dc29419c9fc80b6b9cb5b197a1586be75 (diff) | |
| download | samba-5ae07ac3ea720b1351c39b36865fd25a149c62b0.tar.gz | |
selftest: Force fips mode for openssl in ad_dc_fips
This allows us to test MIT KRB5 and OpenLDAP in FIPS mode.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
| -rw-r--r-- | selftest/target/Samba.pm | 4 | ||||
| -rwxr-xr-x | selftest/target/Samba4.pm | 8 |
2 files changed, 12 insertions, 0 deletions
diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm index 9264dfe83c6..6118f2e243a 100644 --- a/selftest/target/Samba.pm +++ b/selftest/target/Samba.pm @@ -692,6 +692,9 @@ sub get_env_for_process if (defined($env_vars->{GNUTLS_FORCE_FIPS_MODE})) { $proc_envs->{GNUTLS_FORCE_FIPS_MODE} = $env_vars->{GNUTLS_FORCE_FIPS_MODE}; } + if (defined($env_vars->{OPENSSL_FORCE_FIPS_MODE})) { + $proc_envs->{OPENSSL_FORCE_FIPS_MODE} = $env_vars->{OPENSSL_FORCE_FIPS_MODE}; + } return $proc_envs; } @@ -878,6 +881,7 @@ my @exported_envvars = ( # crypto libraries "GNUTLS_FORCE_FIPS_MODE", + "OPENSSL_FORCE_FIPS_MODE", ); sub exported_envvars_str diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index c13a454e262..2046af3b984 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -171,6 +171,9 @@ sub wait_for_start($$) if (defined($testenv_vars->{GNUTLS_FORCE_FIPS_MODE})) { $cmd .= "GNUTLS_FORCE_FIPS_MODE=$testenv_vars->{GNUTLS_FORCE_FIPS_MODE} "; } + if (defined($testenv_vars->{OPENSSL_FORCE_FIPS_MODE})) { + $cmd .= "OPENSSL_FORCE_FIPS_MODE=$testenv_vars->{OPENSSL_FORCE_FIPS_MODE} "; + } $cmd .= "$ldbsearch "; $cmd .= "$testenv_vars->{CONFIGURATION} "; @@ -387,6 +390,9 @@ sub get_cmd_env_vars if (defined($localenv->{GNUTLS_FORCE_FIPS_MODE})) { $cmd_env .= "GNUTLS_FORCE_FIPS_MODE=$localenv->{GNUTLS_FORCE_FIPS_MODE} "; } + if (defined($localenv->{OPENSSL_FORCE_FIPS_MODE})) { + $cmd_env .= "OPENSSL_FORCE_FIPS_MODE=$localenv->{OPENSSL_FORCE_FIPS_MODE} "; + } $cmd_env .= " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\" "; $cmd_env .= "KRB5CCNAME=\"$localenv->{KRB5_CCACHE}\" "; $cmd_env .= "RESOLV_CONF=\"$localenv->{RESOLV_CONF}\" "; @@ -616,6 +622,7 @@ sub provision_raw_prepare($$$$$$$$$$$$$$) } if (defined($ctx->{force_fips_mode})) { push (@provision_options, "GNUTLS_FORCE_FIPS_MODE=1"); + push (@provision_options, "OPENSSL_FORCE_FIPS_MODE=1"); } if (defined($ENV{GDB_PROVISION})) { @@ -892,6 +899,7 @@ nogroup:x:65534:nobody } if (defined($ctx->{force_fips_mode})) { $ret->{GNUTLS_FORCE_FIPS_MODE} = "1", + $ret->{OPENSSL_FORCE_FIPS_MODE} = "1", } if ($ctx->{server_role} eq "domain controller") { |