From: Dr. Stephen Henson Date: Fri, 10 Feb 2012 16:46:19 +0000 (+0000) Subject: add fips hmac option and fips blocking overrides to command line utilities X-Git-Tag: OpenSSL_1_0_1-beta3~22 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=c944a9696e67f9583fe7595740a3c5cc0a6b022c;p=oweals%2Fopenssl.git add fips hmac option and fips blocking overrides to command line utilities --- diff --git a/apps/dgst.c b/apps/dgst.c index 9bf38ce73b..b08e9a7c78 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -127,6 +127,7 @@ int MAIN(int argc, char **argv) #endif char *hmac_key=NULL; char *mac_name=NULL; + int non_fips_allow = 0; STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL; apps_startup(); @@ -215,6 +216,10 @@ int MAIN(int argc, char **argv) out_bin = 1; else if (strcmp(*argv,"-d") == 0) debug=1; + else if (strcmp(*argv,"-non-fips-allow") == 0) + non_fips_allow=1; + else if (!strcmp(*argv,"-fips-fingerprint")) + hmac_key = "etaonrishdlcupfm"; else if (!strcmp(*argv,"-hmac")) { if (--argc < 1) @@ -395,6 +400,13 @@ int MAIN(int argc, char **argv) goto end; } + if (non_fips_allow) + { + EVP_MD_CTX *md_ctx; + BIO_get_md_ctx(bmd,&md_ctx); + EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + } + if (hmac_key) { sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e, diff --git a/apps/enc.c b/apps/enc.c index 076225c4cb..719acc3250 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -129,6 +129,7 @@ int MAIN(int argc, char **argv) char *engine = NULL; #endif const EVP_MD *dgst=NULL; + int non_fips_allow = 0; apps_startup(); @@ -281,6 +282,8 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; md= *(++argv); } + else if (strcmp(*argv,"-non-fips-allow") == 0) + non_fips_allow = 1; else if ((argv[0][0] == '-') && ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) { @@ -589,6 +592,11 @@ bad: */ BIO_get_cipher_ctx(benc, &ctx); + + if (non_fips_allow) + EVP_CIPHER_CTX_set_flags(ctx, + EVP_CIPH_FLAG_NON_FIPS_ALLOW); + if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) { BIO_printf(bio_err, "Error setting cipher %s\n",