add fips blocking overrides to command line utilities

author: Dr. Stephen Henson <steve@openssl.org> 2012-02-10 16:47:40 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-02-10 16:47:40 +0000
commit: 7951c2699f1b78d5480b9f41a71233fcaf98d18f (patch)
tree: 9bd9e1529a8b5331183220e8a57a830c734afd48 /apps/dgst.c
parent: 5997efca83fedd16dff26549a2840a1e63a92e26 (diff)
download: openssl-7951c2699f1b78d5480b9f41a71233fcaf98d18f.zip
openssl-7951c2699f1b78d5480b9f41a71233fcaf98d18f.tar.gz
openssl-7951c2699f1b78d5480b9f41a71233fcaf98d18f.tar.bz2
1 files changed, 10 insertions, 0 deletions
diff --git a/apps/dgst.c b/apps/dgst.c
index 8a5609f..d471dbd 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -128,6 +128,7 @@ int MAIN(int argc, char **argv)
 #endif
 	char *hmac_key=NULL;
 	char *mac_name=NULL;
+	int non_fips_allow = 0;
 	STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
 
 	apps_startup();
@@ -220,6 +221,8 @@ int MAIN(int argc, char **argv)
 			debug=1;
 		else if (!strcmp(*argv,"-fips-fingerprint"))
 			hmac_key = "etaonrishdlcupfm";
+		else if (strcmp(*argv,"-non-fips-allow") == 0)
+			non_fips_allow=1;
 		else if (!strcmp(*argv,"-hmac"))
 			{
 			if (--argc < 1)
@@ -405,6 +408,13 @@ int MAIN(int argc, char **argv)
 			goto end;
 		}
 
+	if (non_fips_allow)
+		{
+		EVP_MD_CTX *md_ctx;
+		BIO_get_md_ctx(bmd,&md_ctx);
+		EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+		}
+
 	if (hmac_key)
 		{
 		sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl,
author	Dr. Stephen Henson <steve@openssl.org>	2012-02-10 16:47:40 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-02-10 16:47:40 +0000
commit	7951c2699f1b78d5480b9f41a71233fcaf98d18f (patch)
tree	9bd9e1529a8b5331183220e8a57a830c734afd48 /apps/dgst.c
parent	5997efca83fedd16dff26549a2840a1e63a92e26 (diff)
download	openssl-7951c2699f1b78d5480b9f41a71233fcaf98d18f.zip openssl-7951c2699f1b78d5480b9f41a71233fcaf98d18f.tar.gz openssl-7951c2699f1b78d5480b9f41a71233fcaf98d18f.tar.bz2