summaryrefslogtreecommitdiff
path: root/main/openssl/apps/dgst.c
diff options
context:
space:
mode:
authorArne Schwabe <arne@rfc2549.org>2014-04-23 09:56:37 +0200
committerArne Schwabe <arne@rfc2549.org>2014-04-23 09:56:37 +0200
commite436c963f0976b885a7db04681344779e26dd3b5 (patch)
tree240663106f32e02e1c34080656f4ef21a2e1776e /main/openssl/apps/dgst.c
parent6a99715a9b072fa249e79c98cd9f03991f0f1219 (diff)
Update OpenSSL to 1.0.1g and statically link OpenVPN with it
Diffstat (limited to 'main/openssl/apps/dgst.c')
-rw-r--r--main/openssl/apps/dgst.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/main/openssl/apps/dgst.c b/main/openssl/apps/dgst.c
index 9bf38ce7..81bd870f 100644
--- a/main/openssl/apps/dgst.c
+++ b/main/openssl/apps/dgst.c
@@ -127,6 +127,7 @@ int MAIN(int argc, char **argv)
#endif
char *hmac_key=NULL;
char *mac_name=NULL;
+ int non_fips_allow = 0;
STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
apps_startup();
@@ -215,6 +216,10 @@ int MAIN(int argc, char **argv)
out_bin = 1;
else if (strcmp(*argv,"-d") == 0)
debug=1;
+ else if (!strcmp(*argv,"-fips-fingerprint"))
+ hmac_key = "etaonrishdlcupfm";
+ else if (strcmp(*argv,"-non-fips-allow") == 0)
+ non_fips_allow=1;
else if (!strcmp(*argv,"-hmac"))
{
if (--argc < 1)
@@ -395,6 +400,13 @@ int MAIN(int argc, char **argv)
goto end;
}
+ if (non_fips_allow)
+ {
+ EVP_MD_CTX *md_ctx;
+ BIO_get_md_ctx(bmd,&md_ctx);
+ EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ }
+
if (hmac_key)
{
sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e,