diff options
Diffstat (limited to 'apps')
-rw-r--r-- | apps/fipsinstall.c | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c index e0fe43e8b7..e76e615bc6 100644 --- a/apps/fipsinstall.c +++ b/apps/fipsinstall.c @@ -15,6 +15,7 @@ #include <openssl/fips_names.h> #include <openssl/core_names.h> #include <openssl/self_test.h> +#include <openssl/fipskey.h> #include "apps.h" #include "progs.h" @@ -266,7 +267,7 @@ end: int fipsinstall_main(int argc, char **argv) { - int ret = 1, verify = 0; + int ret = 1, verify = 0, gotkey = 0, gotdigest = 0; BIO *module_bio = NULL, *mem_bio = NULL, *fout = NULL; char *in_fname = NULL, *out_fname = NULL, *prog, *section_name = NULL; char *prov_name = NULL, *module_fname = NULL; @@ -283,6 +284,8 @@ int fipsinstall_main(int argc, char **argv) CONF *conf = NULL; section_name = DEFAULT_FIPS_SECTION; + if ((opts = sk_OPENSSL_STRING_new_null()) == NULL) + goto end; prog = opt_init(argc, argv, fipsinstall_options); while ((o = opt_next()) != OPT_EOF) { @@ -327,10 +330,12 @@ opthelp: mac_name = opt_arg(); break; case OPT_MACOPT: - if (opts == NULL) - opts = sk_OPENSSL_STRING_new_null(); - if (opts == NULL || !sk_OPENSSL_STRING_push(opts, opt_arg())) + if (!sk_OPENSSL_STRING_push(opts, opt_arg())) goto opthelp; + if (strncmp(opt_arg(), "hexkey:", 7) == 0) + gotkey = 1; + else if (strncmp(opt_arg(), "digest:", 7) == 0) + gotdigest = 1; break; case OPT_VERIFY: verify = 1; @@ -341,7 +346,6 @@ opthelp: if (module_fname == NULL || (verify && in_fname == NULL) || (!verify && (out_fname == NULL || prov_name == NULL)) - || opts == NULL || argc != 0) goto opthelp; @@ -350,6 +354,12 @@ opthelp: || self_test_corrupt_type != NULL) OSSL_SELF_TEST_set_callback(NULL, self_test_events, NULL); + /* Use the default FIPS HMAC digest and key if not specified. */ + if (!gotdigest && !sk_OPENSSL_STRING_push(opts, "digest:SHA256")) + goto end; + if (!gotkey && !sk_OPENSSL_STRING_push(opts, "hexkey:" FIPS_KEY_STRING)) + goto end; + module_bio = bio_open_default(module_fname, 'r', FORMAT_BINARY); if (module_bio == NULL) { BIO_printf(bio_err, "Failed to open module file\n"); |