Templatize util/domd

[openssl.git] / apps / dgst.c

diff --git a/apps/dgst.c b/apps/dgst.c
index 21b8c7fc66c7d319d4b012199ddbd1692e2967b4..09396e6fa04d59a772cc02ec10d7b883467dac4b 100644 (file)
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -80,7 +80,7 @@ typedef enum OPTION_choice {
     OPT_C, OPT_R, OPT_RAND, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
     OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
     OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
-    OPT_NON_FIPS_ALLOW, OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT,
+    OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT,
     OPT_DIGEST
 } OPTION_CHOICE;
 
@@ -101,21 +101,20 @@ OPTIONS dgst_options[] = {
      "Verify a signature using private key in file"},
     {"signature", OPT_SIGNATURE, '<', "File with signature to verify"},
     {"keyform", OPT_KEYFORM, 'f', "Key file format (PEM or ENGINE)"},
-#ifndef OPENSSL_NO_ENGINE
-    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
-#endif
-    {"engine_impl", OPT_ENGINE_IMPL, '-'},
     {"hex", OPT_HEX, '-', "Print as hex dump"},
     {"binary", OPT_BINARY, '-', "Print in binary form"},
     {"d", OPT_DEBUG, '-', "Print debug info"},
     {"debug", OPT_DEBUG, '-'},
     {"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-'},
-    {"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'},
     {"hmac", OPT_HMAC, 's', "Create hashed MAC with key"},
     {"mac", OPT_MAC, 's', "Create MAC (not neccessarily HMAC)"},
-    {"sigop", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
-    {"macop", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
+    {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
+    {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
     {"", OPT_DIGEST, '-', "Any supported digest"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+    {"engine_impl", OPT_ENGINE_IMPL, '-'},
+#endif
     {NULL}
 };
 
@@ -133,19 +132,12 @@ int dgst_main(int argc, char **argv)
     const char *sigfile = NULL, *randfile = NULL;
     OPTION_CHOICE o;
     int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0;
-    int i, ret = 1, out_bin = -1, want_pub = 0, do_verify =
-        0, non_fips_allow = 0;
+    int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
     unsigned char *buf = NULL, *sigbuf = NULL;
-#ifndef OPENSSL_NO_ENGINE
-    char *engine = NULL;
     int engine_impl = 0;
-#endif
 
     prog = opt_progname(argv[0]);
-    if ((buf = (unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) {
-        BIO_printf(bio_err, "%s: out of memory\n", prog);
-        goto end;
-    }
+    buf = app_malloc(BUFSIZE, "I/O buffer");
     md = EVP_get_digestbyname(prog);
 
     prog = opt_init(argc, argv, dgst_options);
@@ -193,15 +185,12 @@ int dgst_main(int argc, char **argv)
             if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
                 goto opthelp;
             break;
-#ifndef OPENSSL_NO_ENGINE
         case OPT_ENGINE:
-            engine = opt_arg();
-            e = setup_engine(engine, 0);
+            e = setup_engine(opt_arg(), 0);
             break;
         case OPT_ENGINE_IMPL:
             engine_impl = 1;
             break;
-#endif
         case OPT_HEX:
             out_bin = 0;
             break;
@@ -214,9 +203,6 @@ int dgst_main(int argc, char **argv)
         case OPT_FIPS_FINGERPRINT:
             hmac_key = "etaonrishdlcupfm";
             break;
-        case OPT_NON_FIPS_ALLOW:
-            non_fips_allow = 1;
-            break;
         case OPT_HMAC:
             hmac_key = opt_arg();
             break;
@@ -250,10 +236,8 @@ int dgst_main(int argc, char **argv)
                    "No signature to verify: use the -signature option\n");
         goto end;
     }
-#ifndef OPENSSL_NO_ENGINE
     if (engine_impl)
         impl = e;
-#endif
 
     in = BIO_new(BIO_s_file());
     bmd = BIO_new(BIO_f_md());
@@ -283,7 +267,7 @@ int dgst_main(int argc, char **argv)
     if (randfile)
         app_RAND_load_file(randfile, 0);
 
-    out = bio_open_default(outfile, out_bin ? "wb" : "w");
+    out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT);
     if (out == NULL)
         goto end;
 
@@ -334,12 +318,6 @@ int dgst_main(int argc, char **argv)
             goto end;
     }
 
-    if (non_fips_allow) {
-        EVP_MD_CTX *md_ctx;
-        BIO_get_md_ctx(bmd, &md_ctx);
-        EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-    }
-
     if (hmac_key) {
         sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl,
                                       (unsigned char *)hmac_key, -1);
@@ -386,7 +364,7 @@ int dgst_main(int argc, char **argv)
             goto end;
         }
         if (md == NULL)
-            md = EVP_md5();
+            md = EVP_sha256();
         if (!EVP_DigestInit_ex(mctx, md, impl)) {
             BIO_printf(bio_err, "Error setting digest\n");
             ERR_print_errors(bio_err);
@@ -402,11 +380,7 @@ int dgst_main(int argc, char **argv)
             goto end;
         }
         siglen = EVP_PKEY_size(sigkey);
-        sigbuf = OPENSSL_malloc(siglen);
-        if (!sigbuf) {
-            BIO_printf(bio_err, "Out of memory\n");
-            goto end;
-        }
+        sigbuf = app_malloc(siglen, "signature buffer");
         siglen = BIO_read(sigbio, sigbuf, siglen);
         BIO_free(sigbio);
         if (siglen <= 0) {
@@ -456,21 +430,14 @@ int dgst_main(int argc, char **argv)
         }
     }
  end:
-    if (buf != NULL) {
-        OPENSSL_cleanse(buf, BUFSIZE);
-        OPENSSL_free(buf);
-    }
+    OPENSSL_clear_free(buf, BUFSIZE);
     BIO_free(in);
-    if (passin)
-        OPENSSL_free(passin);
+    OPENSSL_free(passin);
     BIO_free_all(out);
     EVP_PKEY_free(sigkey);
-    if (sigopts)
-        sk_OPENSSL_STRING_free(sigopts);
-    if (macopts)
-        sk_OPENSSL_STRING_free(macopts);
-    if (sigbuf)
-        OPENSSL_free(sigbuf);
+    sk_OPENSSL_STRING_free(sigopts);
+    sk_OPENSSL_STRING_free(macopts);
+    OPENSSL_free(sigbuf);
     BIO_free(bmd);
     return (ret);
 }