diff options
Diffstat (limited to 'lib/libssl/src/apps/dgst.c')
| -rw-r--r-- | lib/libssl/src/apps/dgst.c | 64 |
1 files changed, 34 insertions, 30 deletions
diff --git a/lib/libssl/src/apps/dgst.c b/lib/libssl/src/apps/dgst.c index 17fb87b77cb..c5ecf93d1b0 100644 --- a/lib/libssl/src/apps/dgst.c +++ b/lib/libssl/src/apps/dgst.c @@ -74,11 +74,9 @@ #undef PROG #define PROG dgst_main -static HMAC_CTX hmac_ctx; - int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, - const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow); + const char *file,BIO *bmd,const char *hmac_key); int MAIN(int, char **); @@ -108,7 +106,6 @@ int MAIN(int argc, char **argv) char *engine=NULL; #endif char *hmac_key=NULL; - int non_fips_allow = 0; apps_startup(); @@ -193,8 +190,8 @@ int MAIN(int argc, char **argv) out_bin = 1; else if (strcmp(*argv,"-d") == 0) debug=1; - else if (strcmp(*argv,"-non-fips-allow") == 0) - non_fips_allow=1; + else if (!strcmp(*argv,"-fips-fingerprint")) + hmac_key = "etaonrishdlcupfm"; else if (!strcmp(*argv,"-hmac")) { if (--argc < 1) @@ -232,30 +229,45 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n"); BIO_printf(bio_err,"-signature file signature to verify\n"); BIO_printf(bio_err,"-binary output in binary form\n"); + BIO_printf(bio_err,"-hmac key create hashed MAC with key\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); #endif - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm (default)\n", LN_md5,LN_md5); - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_md4,LN_md4); - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_md2,LN_md2); - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", +#ifndef OPENSSL_NO_SHA + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_sha1,LN_sha1); - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_sha,LN_sha); - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", +#ifndef OPENSSL_NO_SHA256 + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", + LN_sha224,LN_sha224); + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", + LN_sha256,LN_sha256); +#endif +#ifndef OPENSSL_NO_SHA512 + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", + LN_sha384,LN_sha384); + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", + LN_sha512,LN_sha512); +#endif +#endif + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_mdc2,LN_mdc2); - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_ripemd160,LN_ripemd160); err=1; goto end; } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + e = setup_engine(bio_err, engine, 0); #endif in=BIO_new(BIO_s_file()); @@ -264,7 +276,7 @@ int MAIN(int argc, char **argv) { BIO_set_callback(in,BIO_debug_callback); /* needed for windows 3.1 */ - BIO_set_callback_arg(in,bio_err); + BIO_set_callback_arg(in,(char *)bio_err); } if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) @@ -344,19 +356,13 @@ int MAIN(int argc, char **argv) goto end; } } + - if (non_fips_allow) - { - EVP_MD_CTX *md_ctx; - BIO_get_md_ctx(bmd,&md_ctx); - EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - } /* we use md as a filter, reading from 'in' */ if (!BIO_set_md(bmd,md)) { - BIO_printf(bio_err, "Error setting digest %s\n", - EVP_MD_name(md)); + BIO_printf(bio_err, "Error setting digest %s\n", pname); ERR_print_errors(bio_err); goto end; } @@ -367,7 +373,7 @@ int MAIN(int argc, char **argv) { BIO_set_fp(in,stdin,BIO_NOCLOSE); err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, - siglen,"","(stdin)",bmd,hmac_key, non_fips_allow); + siglen,"","(stdin)",bmd,hmac_key); } else { @@ -393,7 +399,7 @@ int MAIN(int argc, char **argv) else tmp=""; r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf, - siglen,tmp,argv[i],bmd,hmac_key,non_fips_allow); + siglen,tmp,argv[i],bmd,hmac_key); if(r) err=r; if(tofree) @@ -420,11 +426,12 @@ end: int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, - const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow) + const char *file,BIO *bmd,const char *hmac_key) { unsigned int len; int i; EVP_MD_CTX *md_ctx; + HMAC_CTX hmac_ctx; if (hmac_key) { @@ -432,9 +439,6 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, BIO_get_md(bmd,&md); HMAC_CTX_init(&hmac_ctx); - if (non_fips_allow) - HMAC_CTX_set_flags(&hmac_ctx, - EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); HMAC_Init_ex(&hmac_ctx,hmac_key,strlen(hmac_key),md, NULL); BIO_get_md_ctx(bmd,&md_ctx); BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx); @@ -493,7 +497,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, else { BIO_write(out,title,strlen(title)); - for (i=0; (unsigned int)i<len; i++) + for (i=0; i<(int)len; i++) { if (sep && (i != 0)) BIO_printf(out, ":"); |