add fips blocking overrides to command line utilities

diff --git a/apps/dgst.c b/apps/dgst.c
index 8a5609f326903f8fcef86914f2f6e458f625eb52..d471dbdabda49e244f5ad13be5a059731fb46b44 100644 (file)
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -128,6 +128,7 @@ int MAIN(int argc, char **argv)
 #endif
        char *hmac_key=NULL;
        char *mac_name=NULL;
 #endif
        char *hmac_key=NULL;
        char *mac_name=NULL;

+       int non_fips_allow = 0;

        STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
 
        apps_startup();
        STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
 
        apps_startup();


@@ -220,6 +221,8 @@ int MAIN(int argc, char **argv)
                        debug=1;
                else if (!strcmp(*argv,"-fips-fingerprint"))
                        hmac_key = "etaonrishdlcupfm";
                        debug=1;
                else if (!strcmp(*argv,"-fips-fingerprint"))
                        hmac_key = "etaonrishdlcupfm";

+               else if (strcmp(*argv,"-non-fips-allow") == 0)
+                       non_fips_allow=1;

                else if (!strcmp(*argv,"-hmac"))
                        {
                        if (--argc < 1)
                else if (!strcmp(*argv,"-hmac"))
                        {
                        if (--argc < 1)


@@ -405,6 +408,13 @@ int MAIN(int argc, char **argv)
                        goto end;
                }
 
                        goto end;
                }
 

+       if (non_fips_allow)
+               {
+               EVP_MD_CTX *md_ctx;
+               BIO_get_md_ctx(bmd,&md_ctx);
+               EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+               }
+

        if (hmac_key)
                {
                sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl,
        if (hmac_key)
                {
                sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl,

diff --git a/apps/enc.c b/apps/enc.c
index 8c5527783b22550e6648065d4a7645fbef1a03ea..aef8978a9a52c0883530cf4c07711bd13ff420e5 100644 (file)
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -129,6 +129,7 @@ int MAIN(int argc, char **argv)
        char *engine = NULL;
 #endif
        const EVP_MD *dgst=NULL;
        char *engine = NULL;
 #endif
        const EVP_MD *dgst=NULL;

+       int non_fips_allow = 0;

 
        apps_startup();
 
 
        apps_startup();
 


@@ -281,6 +282,8 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        md= *(++argv);
                        }
                        if (--argc < 1) goto bad;
                        md= *(++argv);
                        }

+               else if (strcmp(*argv,"-non-fips-allow") == 0)
+                       non_fips_allow = 1;

                else if ((argv[0][0] == '-') &&
                        ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
                        {
                else if ((argv[0][0] == '-') &&
                        ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
                        {


@@ -593,6 +596,11 @@ bad:
                 */
 
                BIO_get_cipher_ctx(benc, &ctx);
                 */
 
                BIO_get_cipher_ctx(benc, &ctx);

+
+               if (non_fips_allow)
+                       EVP_CIPHER_CTX_set_flags(ctx,
+                               EVP_CIPH_FLAG_NON_FIPS_ALLOW);
+

                if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
                        {
                        BIO_printf(bio_err, "Error setting cipher %s\n",
                if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
                        {
                        BIO_printf(bio_err, "Error setting cipher %s\n",