X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Fdgst.c;h=d471dbdabda49e244f5ad13be5a059731fb46b44;hp=4c6644edd75695f6a6c2361d8fa86e647876259c;hb=7ce79a5bfdbcd53ae75f85e94eed665a05b5dea3;hpb=c869da8839ef5af9df5a4d98f518b079240a0d4b diff --git a/apps/dgst.c b/apps/dgst.c index 4c6644edd7..d471dbdabd 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -103,7 +103,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { - ENGINE *e = NULL; + ENGINE *e = NULL, *impl = NULL; unsigned char *buf=NULL; int i,err=1; const EVP_MD *md=NULL,*m; @@ -124,9 +124,11 @@ int MAIN(int argc, char **argv) char *passargin = NULL, *passin = NULL; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; + int engine_impl = 0; #endif char *hmac_key=NULL; char *mac_name=NULL; + int non_fips_allow = 0; STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL; apps_startup(); @@ -155,6 +157,8 @@ int MAIN(int argc, char **argv) if ((*argv)[0] != '-') break; if (strcmp(*argv,"-c") == 0) separator=1; + else if (strcmp(*argv,"-r") == 0) + separator=2; else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) break; @@ -206,6 +210,8 @@ int MAIN(int argc, char **argv) engine= *(++argv); e = setup_engine(bio_err, engine, 0); } + else if (strcmp(*argv,"-engine_impl") == 0) + engine_impl = 1; #endif else if (strcmp(*argv,"-hex") == 0) out_bin = 0; @@ -213,6 +219,10 @@ int MAIN(int argc, char **argv) out_bin = 1; else if (strcmp(*argv,"-d") == 0) debug=1; + else if (!strcmp(*argv,"-fips-fingerprint")) + hmac_key = "etaonrishdlcupfm"; + else if (strcmp(*argv,"-non-fips-allow") == 0) + non_fips_allow=1; else if (!strcmp(*argv,"-hmac")) { if (--argc < 1) @@ -262,6 +272,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"unknown option '%s'\n",*argv); BIO_printf(bio_err,"options are\n"); BIO_printf(bio_err,"-c to output the digest with separating colons\n"); + BIO_printf(bio_err,"-r to output the digest in coreutils format\n"); BIO_printf(bio_err,"-d to output debug info\n"); BIO_printf(bio_err,"-hex output as hex dump\n"); BIO_printf(bio_err,"-binary output in binary form\n"); @@ -283,6 +294,11 @@ int MAIN(int argc, char **argv) goto end; } +#ifndef OPENSSL_NO_ENGINE + if (engine_impl) + impl = e; +#endif + in=BIO_new(BIO_s_file()); bmd=BIO_new(BIO_f_md()); if (debug) @@ -360,7 +376,7 @@ int MAIN(int argc, char **argv) { EVP_PKEY_CTX *mac_ctx = NULL; int r = 0; - if (!init_gen_str(bio_err, &mac_ctx, mac_name,e, 0)) + if (!init_gen_str(bio_err, &mac_ctx, mac_name, impl, 0)) goto mac_end; if (macopts) { @@ -392,9 +408,16 @@ int MAIN(int argc, char **argv) goto end; } + if (non_fips_allow) + { + EVP_MD_CTX *md_ctx; + BIO_get_md_ctx(bmd,&md_ctx); + EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + } + if (hmac_key) { - sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e, + sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl, (unsigned char *)hmac_key, -1); if (!sigkey) goto end; @@ -412,9 +435,9 @@ int MAIN(int argc, char **argv) goto end; } if (do_verify) - r = EVP_DigestVerifyInit(mctx, &pctx, md, e, sigkey); + r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey); else - r = EVP_DigestSignInit(mctx, &pctx, md, e, sigkey); + r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey); if (!r) { BIO_printf(bio_err, "Error setting context\n"); @@ -441,9 +464,16 @@ int MAIN(int argc, char **argv) /* we use md as a filter, reading from 'in' */ else { + EVP_MD_CTX *mctx = NULL; + if (!BIO_get_md_ctx(bmd, &mctx)) + { + BIO_printf(bio_err, "Error getting context\n"); + ERR_print_errors(bio_err); + goto end; + } if (md == NULL) md = EVP_md5(); - if (!BIO_set_md(bmd,md)) + if (!EVP_DigestInit_ex(mctx, md, impl)) { BIO_printf(bio_err, "Error setting digest %s\n", pname); ERR_print_errors(bio_err); @@ -602,6 +632,12 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, } if(binout) BIO_write(out, buf, len); + else if (sep == 2) + { + for (i=0; i<(int)len; i++) + BIO_printf(out, "%02x",buf[i]); + BIO_printf(out, " *%s\n", file); + } else { if (sig_name)