← Back to branch summary

~ubuntu-branches/ubuntu/lucid/openssl/lucid-proposed

« back to all changes in this revision

Viewing changes to apps/dgst.c

  • Committer: Bazaar Package Importer
  • Author(s): Kurt Roeckx
  • Date: 2009-06-13 18:15:46 UTC
  • mto: (11.1.5 squeeze)
  • mto: This revision was merged to the branch mainline in revision 34.
  • Revision ID: james.westby@ubuntu.com-20090613181546-vbfntai3b009dl1u
Tags: upstream-0.9.8k
ImportĀ upstreamĀ versionĀ 0.9.8k

Show diffs side-by-side

added added

removed removed

Lines of Context:
apps/dgst.c
76
76
 
77
77
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
78
78
          EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
79
 
          const char *file,BIO *bmd,const char *hmac_key);
 
79
          const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow);
80
80
 
81
81
int MAIN(int, char **);
82
82
 
84
84
        {
85
85
        ENGINE *e = NULL;
86
86
        unsigned char *buf=NULL;
87
 
        int i,err=0;
 
87
        int i,err=1;
88
88
        const EVP_MD *md=NULL,*m;
89
89
        BIO *in=NULL,*inp;
90
90
        BIO *bmd=NULL;
101
101
        EVP_PKEY *sigkey = NULL;
102
102
        unsigned char *sigbuf = NULL;
103
103
        int siglen = 0;
 
104
        unsigned int sig_flags = 0;
104
105
        char *passargin = NULL, *passin = NULL;
105
106
#ifndef OPENSSL_NO_ENGINE
106
107
        char *engine=NULL;
107
108
#endif
108
109
        char *hmac_key=NULL;
 
110
        int non_fips_allow = 0;
109
111
 
110
112
        apps_startup();
111
 
 
 
113
ERR_load_crypto_strings();
112
114
        if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
113
115
                {
114
116
                BIO_printf(bio_err,"out of memory\n");
167
169
                        keyfile=*(++argv);
168
170
                        do_verify = 1;
169
171
                        }
 
172
                else if (strcmp(*argv,"-x931") == 0)
 
173
                        sig_flags = EVP_MD_CTX_FLAG_PAD_X931;
 
174
                else if (strcmp(*argv,"-pss_saltlen") == 0)
 
175
                        {
 
176
                        int saltlen;
 
177
                        if (--argc < 1) break;
 
178
                        saltlen=atoi(*(++argv));
 
179
                        if (saltlen == -1)
 
180
                                sig_flags = EVP_MD_CTX_FLAG_PSS_MREC;
 
181
                        else if (saltlen == -2)
 
182
                                sig_flags = EVP_MD_CTX_FLAG_PSS_MDLEN;
 
183
                        else if (saltlen < -2 || saltlen >= 0xFFFE)
 
184
                                {
 
185
                                BIO_printf(bio_err, "Invalid PSS salt length %d\n", saltlen);
 
186
                                goto end;
 
187
                                }
 
188
                        else
 
189
                                sig_flags = saltlen;
 
190
                        sig_flags <<= 16;
 
191
                        sig_flags |= EVP_MD_CTX_FLAG_PAD_PSS;
 
192
                        }
170
193
                else if (strcmp(*argv,"-signature") == 0)
171
194
                        {
172
195
                        if (--argc < 1) break;
190
213
                        out_bin = 1;
191
214
                else if (strcmp(*argv,"-d") == 0)
192
215
                        debug=1;
 
216
                else if (strcmp(*argv,"-non-fips-allow") == 0)
 
217
                        non_fips_allow=1;
 
218
                else if (!strcmp(*argv,"-fips-fingerprint"))
 
219
                        hmac_key = "etaonrishdlcupfm";
193
220
                else if (!strcmp(*argv,"-hmac"))
194
221
                        {
195
222
                        if (--argc < 1)
227
254
                BIO_printf(bio_err,"-keyform arg    key file format (PEM or ENGINE)\n");
228
255
                BIO_printf(bio_err,"-signature file signature to verify\n");
229
256
                BIO_printf(bio_err,"-binary         output in binary form\n");
 
257
                BIO_printf(bio_err,"-hmac key       create hashed MAC with key\n");
230
258
#ifndef OPENSSL_NO_ENGINE
231
259
                BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
232
260
#endif
353
381
                        goto end;
354
382
                }
355
383
        }
356
 
                
357
 
 
 
384
 
 
385
        if (non_fips_allow)
 
386
                {
 
387
                EVP_MD_CTX *md_ctx;
 
388
                BIO_get_md_ctx(bmd,&md_ctx);
 
389
                EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
 
390
                }
 
391
 
 
392
        if (sig_flags)
 
393
                {
 
394
                EVP_MD_CTX *md_ctx;
 
395
                BIO_get_md_ctx(bmd,&md_ctx);
 
396
                EVP_MD_CTX_set_flags(md_ctx, sig_flags);
 
397
                }
358
398
 
359
399
        /* we use md as a filter, reading from 'in' */
360
400
        if (!BIO_set_md(bmd,md))
370
410
                {
371
411
                BIO_set_fp(in,stdin,BIO_NOCLOSE);
372
412
                err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
373
 
                          siglen,"","(stdin)",bmd,hmac_key);
 
413
                          siglen,"","(stdin)",bmd,hmac_key,non_fips_allow);
374
414
                }
375
415
        else
376
416
                {
377
417
                name=OBJ_nid2sn(md->type);
 
418
                err = 0;
378
419
                for (i=0; i<argc; i++)
379
420
                        {
380
421
                        char *tmp,*tofree=NULL;
396
437
                        else
397
438
                                tmp="";
398
439
                        r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
399
 
                                siglen,tmp,argv[i],bmd,hmac_key);
 
440
                                siglen,tmp,argv[i],bmd,hmac_key,non_fips_allow);
400
441
                        if(r)
401
442
                            err=r;
402
443
                        if(tofree)
423
464
 
424
465
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
425
466
          EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
426
 
          const char *file,BIO *bmd,const char *hmac_key)
 
467
          const char *file,BIO *bmd,const char *hmac_key,int non_fips_allow)
427
468
        {
428
469
        unsigned int len;
429
470
        int i;