diff options
Diffstat (limited to 'apps/enc.c')
| -rw-r--r-- | apps/enc.c | 16 |
1 files changed, 14 insertions, 2 deletions
@@ -127,6 +127,7 @@ int MAIN(int argc, char **argv) char *engine = NULL; #endif const EVP_MD *dgst=NULL; + int non_fips_allow = 0; apps_startup(); @@ -261,6 +262,8 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; md= *(++argv); } + else if (strcmp(*argv,"-non-fips-allow") == 0) + non_fips_allow = 1; else if ((argv[0][0] == '-') && ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) { @@ -314,7 +317,10 @@ bad: if (dgst == NULL) { - dgst = EVP_md5(); + if (in_FIPS_mode) + dgst = EVP_sha1(); + else + dgst = EVP_md5(); } if (bufsize != NULL) @@ -527,7 +533,8 @@ bad: BIO_printf(bio_err,"invalid hex iv value\n"); goto end; } - if ((hiv == NULL) && (str == NULL)) + if ((hiv == NULL) && (str == NULL) + && EVP_CIPHER_iv_length(cipher) != 0) { /* No IV was explicitly set and no IV was generated * during EVP_BytesToKey. Hence the IV is undefined, @@ -549,6 +556,11 @@ bad: */ BIO_get_cipher_ctx(benc, &ctx); + + if (non_fips_allow) + EVP_CIPHER_CTX_set_flags(ctx, + EVP_CIPH_FLAG_NON_FIPS_ALLOW); + if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", |
