generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

In FIPS mode use SHA1 as default digest in x509 and req

Browse Source 
utilities.
This commit is contained in:
Dr. Stephen Henson
2005-02-05 18:24:50 +00:00
parent bb987c73a9
commit 20e5177105
2 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
apps/req.c
View File

@@ -175,7 +175,7 @@ int MAIN(int argc, char **argv)
char *passin = NULL, *passout = NULL; char *passin = NULL, *passout = NULL;
char *p; char *p;
char *subj = NULL; char *subj = NULL;
const EVP_MD *md_alg=NULL,*digest=EVP_md5(); const EVP_MD *md_alg=NULL,*digest;
unsigned long chtype = MBSTRING_ASC; unsigned long chtype = MBSTRING_ASC;
#ifndef MONOLITH #ifndef MONOLITH
char *to_free; char *to_free;
@@ -197,6 +197,13 @@ int MAIN(int argc, char **argv)
informat=FORMAT_PEM; informat=FORMAT_PEM;
outformat=FORMAT_PEM; outformat=FORMAT_PEM;
#ifdef OPENSSL_FIPS
if (FIPS_mode())
digest = EVP_sha1();
else
#endif
digest = EVP_md5();
prog=argv[0]; prog=argv[0];
argc--; argc--;
argv++; argv++;

9
apps/x509.c
View File

@@ -179,7 +179,7 @@ int MAIN(int argc, char **argv)
X509_REQ *rq=NULL; X509_REQ *rq=NULL;
int fingerprint=0; int fingerprint=0;
char buf[256]; char buf[256];
const EVP_MD *md_alg,*digest=EVP_md5(); const EVP_MD *md_alg,*digest;
CONF *extconf = NULL; CONF *extconf = NULL;
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL; char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
int need_rand = 0; int need_rand = 0;
@@ -216,6 +216,13 @@ int MAIN(int argc, char **argv)
if (ctx == NULL) goto end; if (ctx == NULL) goto end;
X509_STORE_set_verify_cb_func(ctx,callb); X509_STORE_set_verify_cb_func(ctx,callb);
#ifdef OPENSSL_FIPS
if (FIPS_mode())
digest = EVP_sha1();
else
#endif
digest = EVP_md5();
argc--; argc--;
argv++; argv++;
num=0; num=0;