1 files changed, 23 insertions, 6 deletions

diff --git a/deps/openssl/openssl/apps/dgst.c b/deps/openssl/openssl/apps/dgst.c
index bd23b76996e..5f36cbcb779 100644
--- a/deps/openssl/openssl/apps/dgst.c
+++ b/deps/openssl/openssl/apps/dgst.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -66,7 +66,7 @@ const OPTIONS dgst_options[] = {
     {"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"},
     {"hex", OPT_HEX, '-', "Print as hex dump"},
     {"binary", OPT_BINARY, '-', "Print in binary form"},
-    {"xoflen", OPT_XOFLEN, 'p', "Output length for XOF algorithms"},
+    {"xoflen", OPT_XOFLEN, 'p', "Output length for XOF algorithms. To obtain the maximum security strength set this to 32 (or greater) for SHAKE128, and 64 (or greater) for SHAKE256"},
     {"d", OPT_DEBUG, '-', "Print debug info"},
     {"debug", OPT_DEBUG, '-', "Print debug info"},
 
@@ -321,8 +321,10 @@ int dgst_main(int argc, char **argv)
     }
 
     if (hmac_key != NULL) {
-        if (md == NULL)
+        if (md == NULL) {
             md = (EVP_MD *)EVP_sha256();
+            digestname = SN_sha256;
+        }
         sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl,
                                               (unsigned char *)hmac_key,
                                               strlen(hmac_key));
@@ -340,9 +342,19 @@ int dgst_main(int argc, char **argv)
             goto end;
         }
         if (do_verify)
-            res = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
+            if (impl == NULL)
+                res = EVP_DigestVerifyInit_ex(mctx, &pctx, digestname,
+                                              app_get0_libctx(),
+                                              app_get0_propq(), sigkey, NULL);
+            else
+                res = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
         else
-            res = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
+            if (impl == NULL)
+                res = EVP_DigestSignInit_ex(mctx, &pctx, digestname,
+                                            app_get0_libctx(),
+                                            app_get0_propq(), sigkey, NULL);
+            else
+                res = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
         if (res == 0) {
             BIO_printf(bio_err, "Error setting context\n");
             goto end;
@@ -406,6 +418,11 @@ int dgst_main(int argc, char **argv)
             BIO_printf(bio_err, "Length can only be specified for XOF\n");
             goto end;
         }
+        /*
+         * Signing using XOF is not supported by any algorithms currently since
+         * each algorithm only calls EVP_DigestFinal_ex() in their sign_final
+         * and verify_final methods.
+         */
         if (sigkey != NULL) {
             BIO_printf(bio_err, "Signing key cannot be specified for XOF\n");
             goto end;
@@ -467,7 +484,7 @@ static void show_digests(const OBJ_NAME *name, void *arg)
         return;
 
     /* Filter out message digests that we cannot use */
-    md = EVP_get_digestbyname(name->name);
+    md = EVP_MD_fetch(app_get0_libctx(), name->name, app_get0_propq());
     if (md == NULL)
         return;