int MAIN(int argc, char **argv)
{
- ENGINE *e = NULL;
+ ENGINE *e = NULL, *impl = NULL;
unsigned char *buf=NULL;
int i,err=1;
const EVP_MD *md=NULL,*m;
char *passargin = NULL, *passin = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+ int engine_impl = 0;
#endif
char *hmac_key=NULL;
char *mac_name=NULL;
- STACK_OF(STRING) *sigopts = NULL, *macopts = NULL;
+ int non_fips_allow = 0;
+ STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
apps_startup();
if ((*argv)[0] != '-') break;
if (strcmp(*argv,"-c") == 0)
separator=1;
+ else if (strcmp(*argv,"-r") == 0)
+ separator=2;
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) break;
engine= *(++argv);
e = setup_engine(bio_err, engine, 0);
}
+ else if (strcmp(*argv,"-engine_impl") == 0)
+ engine_impl = 1;
#endif
else if (strcmp(*argv,"-hex") == 0)
out_bin = 0;
out_bin = 1;
else if (strcmp(*argv,"-d") == 0)
debug=1;
+ else if (!strcmp(*argv,"-fips-fingerprint"))
+ hmac_key = "etaonrishdlcupfm";
+ else if (strcmp(*argv,"-non-fips-allow") == 0)
+ non_fips_allow=1;
else if (!strcmp(*argv,"-hmac"))
{
if (--argc < 1)
if (--argc < 1)
break;
if (!sigopts)
- sigopts = sk_STRING_new_null();
- if (!sigopts || !sk_STRING_push(sigopts, *(++argv)))
+ sigopts = sk_OPENSSL_STRING_new_null();
+ if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
break;
}
else if (strcmp(*argv,"-macopt") == 0)
if (--argc < 1)
break;
if (!macopts)
- macopts = sk_STRING_new_null();
- if (!macopts || !sk_STRING_push(macopts, *(++argv)))
+ macopts = sk_OPENSSL_STRING_new_null();
+ if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv)))
break;
}
else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
BIO_printf(bio_err,"unknown option '%s'\n",*argv);
BIO_printf(bio_err,"options are\n");
BIO_printf(bio_err,"-c to output the digest with separating colons\n");
+ BIO_printf(bio_err,"-r to output the digest in coreutils format\n");
BIO_printf(bio_err,"-d to output debug info\n");
BIO_printf(bio_err,"-hex output as hex dump\n");
BIO_printf(bio_err,"-binary output in binary form\n");
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
+ if (engine_impl)
+ impl = e;
+#endif
+
in=BIO_new(BIO_s_file());
bmd=BIO_new(BIO_f_md());
if (debug)
{
EVP_PKEY_CTX *mac_ctx = NULL;
int r = 0;
- if (!init_gen_str(bio_err, &mac_ctx, mac_name,e, 0))
+ if (!init_gen_str(bio_err, &mac_ctx, mac_name, impl, 0))
goto mac_end;
if (macopts)
{
char *macopt;
- for (i = 0; i < sk_STRING_num(macopts); i++)
+ for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++)
{
- macopt = sk_STRING_value(macopts, i);
+ macopt = sk_OPENSSL_STRING_value(macopts, i);
if (pkey_ctrl_string(mac_ctx, macopt) <= 0)
{
BIO_printf(bio_err,
goto end;
}
+ if (non_fips_allow)
+ {
+ EVP_MD_CTX *md_ctx;
+ BIO_get_md_ctx(bmd,&md_ctx);
+ EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ }
+
if (hmac_key)
{
- sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e,
+ sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl,
(unsigned char *)hmac_key, -1);
if (!sigkey)
goto end;
goto end;
}
if (do_verify)
- r = EVP_DigestVerifyInit(mctx, &pctx, md, e, sigkey);
+ r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
else
- r = EVP_DigestSignInit(mctx, &pctx, md, e, sigkey);
+ r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
if (!r)
{
BIO_printf(bio_err, "Error setting context\n");
if (sigopts)
{
char *sigopt;
- for (i = 0; i < sk_STRING_num(sigopts); i++)
+ for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++)
{
- sigopt = sk_STRING_value(sigopts, i);
+ sigopt = sk_OPENSSL_STRING_value(sigopts, i);
if (pkey_ctrl_string(pctx, sigopt) <= 0)
{
BIO_printf(bio_err,
/* we use md as a filter, reading from 'in' */
else
{
+ EVP_MD_CTX *mctx = NULL;
+ if (!BIO_get_md_ctx(bmd, &mctx))
+ {
+ BIO_printf(bio_err, "Error getting context\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
if (md == NULL)
md = EVP_md5();
- if (!BIO_set_md(bmd,md))
+ if (!EVP_DigestInit_ex(mctx, md, impl))
{
BIO_printf(bio_err, "Error setting digest %s\n", pname);
ERR_print_errors(bio_err);
EVP_PKEY_asn1_get0_info(NULL, NULL,
NULL, NULL, &sig_name, ameth);
}
- md_name = EVP_MD_name(md);
+ if (md)
+ md_name = EVP_MD_name(md);
}
err = 0;
for (i=0; i<argc; i++)
BIO_free_all(out);
EVP_PKEY_free(sigkey);
if (sigopts)
- sk_STRING_free(sigopts);
+ sk_OPENSSL_STRING_free(sigopts);
if (macopts)
- sk_STRING_free(macopts);
+ sk_OPENSSL_STRING_free(macopts);
if(sigbuf) OPENSSL_free(sigbuf);
if (bmd != NULL) BIO_free(bmd);
apps_shutdown();
else
{
len=BIO_gets(bp,(char *)buf,BUFSIZE);
- if (len <0)
+ if ((int)len <0)
{
ERR_print_errors(bio_err);
return 1;
}
if(binout) BIO_write(out, buf, len);
+ else if (sep == 2)
+ {
+ for (i=0; i<(int)len; i++)
+ BIO_printf(out, "%02x",buf[i]);
+ BIO_printf(out, " *%s\n", file);
+ }
else
{
if (sig_name)
- BIO_printf(out, "%s-%s(%s)= ", sig_name, md_name, file);
+ {
+ BIO_puts(out, sig_name);
+ if (md_name)
+ BIO_printf(out, "-%s", md_name);
+ BIO_printf(out, "(%s)= ", file);
+ }
else if (md_name)
BIO_printf(out, "%s(%s)= ", md_name, file);
else