| OLD | NEW |
|---|
| 1 /* apps/dgst.c */ | 1 /* apps/dgst.c */ |
| 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 * All rights reserved. | 3 * All rights reserved. |
| 4 * | 4 * |
| 5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
| 6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
| 7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
| 8 * | 8 * |
| 9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
| 10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 68 #include <openssl/pem.h> | 68 #include <openssl/pem.h> |
| 69 #include <openssl/hmac.h> | 69 #include <openssl/hmac.h> |
| 70 | 70 |
| 71 #undef BUFSIZE | 71 #undef BUFSIZE |
| 72 #define BUFSIZE 1024*8 | 72 #define BUFSIZE 1024*8 |
| 73 | 73 |
| 74 #undef PROG | 74 #undef PROG |
| 75 #define PROG dgst_main | 75 #define PROG dgst_main |
| 76 | 76 |
| 77 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, | 77 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, |
| 78 » EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, | 78 » EVP_PKEY *key, unsigned char *sigin, int siglen, |
| 79 » const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow); | 79 » const char *sig_name, const char *md_name, |
| 80 » const char *file,BIO *bmd); |
| 81 |
| 82 static void list_md_fn(const EVP_MD *m, |
| 83 » » » const char *from, const char *to, void *arg) |
| 84 » { |
| 85 » const char *mname; |
| 86 » /* Skip aliases */ |
| 87 » if (!m) |
| 88 » » return; |
| 89 » mname = OBJ_nid2ln(EVP_MD_type(m)); |
| 90 » /* Skip shortnames */ |
| 91 » if (strcmp(from, mname)) |
| 92 » » return; |
| 93 » /* Skip clones */ |
| 94 » if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST) |
| 95 » » return; |
| 96 » if (strchr(mname, ' ')) |
| 97 » » mname= EVP_MD_name(m); |
| 98 » BIO_printf(arg, "-%-14s to use the %s message digest algorithm\n", |
| 99 » » » mname, mname); |
| 100 » } |
| 80 | 101 |
| 81 int MAIN(int, char **); | 102 int MAIN(int, char **); |
| 82 | 103 |
| 83 int MAIN(int argc, char **argv) | 104 int MAIN(int argc, char **argv) |
| 84 { | 105 { |
| 85 ENGINE *e = NULL; | 106 ENGINE *e = NULL; |
| 86 unsigned char *buf=NULL; | 107 unsigned char *buf=NULL; |
| 87 int i,err=1; | 108 int i,err=1; |
| 88 const EVP_MD *md=NULL,*m; | 109 const EVP_MD *md=NULL,*m; |
| 89 BIO *in=NULL,*inp; | 110 BIO *in=NULL,*inp; |
| 90 BIO *bmd=NULL; | 111 BIO *bmd=NULL; |
| 91 BIO *out = NULL; | 112 BIO *out = NULL; |
| 92 const char *name; | |
| 93 #define PROG_NAME_SIZE 39 | 113 #define PROG_NAME_SIZE 39 |
| 94 char pname[PROG_NAME_SIZE+1]; | 114 char pname[PROG_NAME_SIZE+1]; |
| 95 int separator=0; | 115 int separator=0; |
| 96 int debug=0; | 116 int debug=0; |
| 97 int keyform=FORMAT_PEM; | 117 int keyform=FORMAT_PEM; |
| 98 const char *outfile = NULL, *keyfile = NULL; | 118 const char *outfile = NULL, *keyfile = NULL; |
| 99 const char *sigfile = NULL, *randfile = NULL; | 119 const char *sigfile = NULL, *randfile = NULL; |
| 100 int out_bin = -1, want_pub = 0, do_verify = 0; | 120 int out_bin = -1, want_pub = 0, do_verify = 0; |
| 101 EVP_PKEY *sigkey = NULL; | 121 EVP_PKEY *sigkey = NULL; |
| 102 unsigned char *sigbuf = NULL; | 122 unsigned char *sigbuf = NULL; |
| 103 int siglen = 0; | 123 int siglen = 0; |
| 104 unsigned int sig_flags = 0; | |
| 105 char *passargin = NULL, *passin = NULL; | 124 char *passargin = NULL, *passin = NULL; |
| 106 #ifndef OPENSSL_NO_ENGINE | 125 #ifndef OPENSSL_NO_ENGINE |
| 107 char *engine=NULL; | 126 char *engine=NULL; |
| 108 #endif | 127 #endif |
| 109 char *hmac_key=NULL; | 128 char *hmac_key=NULL; |
| 110 » int non_fips_allow = 0; | 129 » char *mac_name=NULL; |
| 130 » STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL; |
| 111 | 131 |
| 112 apps_startup(); | 132 apps_startup(); |
| 113 ERR_load_crypto_strings(); | 133 |
| 114 if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) | 134 if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) |
| 115 { | 135 { |
| 116 BIO_printf(bio_err,"out of memory\n"); | 136 BIO_printf(bio_err,"out of memory\n"); |
| 117 goto end; | 137 goto end; |
| 118 } | 138 } |
| 119 if (bio_err == NULL) | 139 if (bio_err == NULL) |
| 120 if ((bio_err=BIO_new(BIO_s_file())) != NULL) | 140 if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
| 121 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); | 141 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
| 122 | 142 |
| 123 if (!load_config(bio_err, NULL)) | 143 if (!load_config(bio_err, NULL)) |
| 124 goto end; | 144 goto end; |
| 125 | 145 |
| 126 /* first check the program name */ | 146 /* first check the program name */ |
| 127 program_name(argv[0],pname,sizeof pname); | 147 program_name(argv[0],pname,sizeof pname); |
| 128 | 148 |
| 129 md=EVP_get_digestbyname(pname); | 149 md=EVP_get_digestbyname(pname); |
| 130 | 150 |
| 131 argc--; | 151 argc--; |
| 132 argv++; | 152 argv++; |
| 133 while (argc > 0) | 153 while (argc > 0) |
| 134 { | 154 { |
| 135 if ((*argv)[0] != '-') break; | 155 if ((*argv)[0] != '-') break; |
| 136 if (strcmp(*argv,"-c") == 0) | 156 if (strcmp(*argv,"-c") == 0) |
| 137 separator=1; | 157 separator=1; |
| 158 else if (strcmp(*argv,"-r") == 0) |
| 159 separator=2; |
| 138 else if (strcmp(*argv,"-rand") == 0) | 160 else if (strcmp(*argv,"-rand") == 0) |
| 139 { | 161 { |
| 140 if (--argc < 1) break; | 162 if (--argc < 1) break; |
| 141 randfile=*(++argv); | 163 randfile=*(++argv); |
| 142 } | 164 } |
| 143 else if (strcmp(*argv,"-out") == 0) | 165 else if (strcmp(*argv,"-out") == 0) |
| 144 { | 166 { |
| 145 if (--argc < 1) break; | 167 if (--argc < 1) break; |
| 146 outfile=*(++argv); | 168 outfile=*(++argv); |
| 147 } | 169 } |
| (...skipping 14 matching lines...) Expand all Loading... |
| 162 keyfile=*(++argv); | 184 keyfile=*(++argv); |
| 163 want_pub = 1; | 185 want_pub = 1; |
| 164 do_verify = 1; | 186 do_verify = 1; |
| 165 } | 187 } |
| 166 else if (strcmp(*argv,"-prverify") == 0) | 188 else if (strcmp(*argv,"-prverify") == 0) |
| 167 { | 189 { |
| 168 if (--argc < 1) break; | 190 if (--argc < 1) break; |
| 169 keyfile=*(++argv); | 191 keyfile=*(++argv); |
| 170 do_verify = 1; | 192 do_verify = 1; |
| 171 } | 193 } |
| 172 else if (strcmp(*argv,"-x931") == 0) | |
| 173 sig_flags = EVP_MD_CTX_FLAG_PAD_X931; | |
| 174 else if (strcmp(*argv,"-pss_saltlen") == 0) | |
| 175 { | |
| 176 int saltlen; | |
| 177 if (--argc < 1) break; | |
| 178 saltlen=atoi(*(++argv)); | |
| 179 if (saltlen == -1) | |
| 180 sig_flags = EVP_MD_CTX_FLAG_PSS_MREC; | |
| 181 else if (saltlen == -2) | |
| 182 sig_flags = EVP_MD_CTX_FLAG_PSS_MDLEN; | |
| 183 else if (saltlen < -2 || saltlen >= 0xFFFE) | |
| 184 { | |
| 185 BIO_printf(bio_err, "Invalid PSS salt length %d\
n", saltlen); | |
| 186 goto end; | |
| 187 } | |
| 188 else | |
| 189 sig_flags = saltlen; | |
| 190 sig_flags <<= 16; | |
| 191 sig_flags |= EVP_MD_CTX_FLAG_PAD_PSS; | |
| 192 } | |
| 193 else if (strcmp(*argv,"-signature") == 0) | 194 else if (strcmp(*argv,"-signature") == 0) |
| 194 { | 195 { |
| 195 if (--argc < 1) break; | 196 if (--argc < 1) break; |
| 196 sigfile=*(++argv); | 197 sigfile=*(++argv); |
| 197 } | 198 } |
| 198 else if (strcmp(*argv,"-keyform") == 0) | 199 else if (strcmp(*argv,"-keyform") == 0) |
| 199 { | 200 { |
| 200 if (--argc < 1) break; | 201 if (--argc < 1) break; |
| 201 keyform=str2fmt(*(++argv)); | 202 keyform=str2fmt(*(++argv)); |
| 202 } | 203 } |
| 203 #ifndef OPENSSL_NO_ENGINE | 204 #ifndef OPENSSL_NO_ENGINE |
| 204 else if (strcmp(*argv,"-engine") == 0) | 205 else if (strcmp(*argv,"-engine") == 0) |
| 205 { | 206 { |
| 206 if (--argc < 1) break; | 207 if (--argc < 1) break; |
| 207 engine= *(++argv); | 208 engine= *(++argv); |
| 209 e = setup_engine(bio_err, engine, 0); |
| 208 } | 210 } |
| 209 #endif | 211 #endif |
| 210 else if (strcmp(*argv,"-hex") == 0) | 212 else if (strcmp(*argv,"-hex") == 0) |
| 211 out_bin = 0; | 213 out_bin = 0; |
| 212 else if (strcmp(*argv,"-binary") == 0) | 214 else if (strcmp(*argv,"-binary") == 0) |
| 213 out_bin = 1; | 215 out_bin = 1; |
| 214 else if (strcmp(*argv,"-d") == 0) | 216 else if (strcmp(*argv,"-d") == 0) |
| 215 debug=1; | 217 debug=1; |
| 216 else if (strcmp(*argv,"-non-fips-allow") == 0) | |
| 217 non_fips_allow=1; | |
| 218 else if (!strcmp(*argv,"-fips-fingerprint")) | |
| 219 hmac_key = "etaonrishdlcupfm"; | |
| 220 else if (!strcmp(*argv,"-hmac")) | 218 else if (!strcmp(*argv,"-hmac")) |
| 221 { | 219 { |
| 222 if (--argc < 1) | 220 if (--argc < 1) |
| 223 break; | 221 break; |
| 224 hmac_key=*++argv; | 222 hmac_key=*++argv; |
| 225 } | 223 } |
| 224 else if (!strcmp(*argv,"-mac")) |
| 225 { |
| 226 if (--argc < 1) |
| 227 break; |
| 228 mac_name=*++argv; |
| 229 } |
| 230 else if (strcmp(*argv,"-sigopt") == 0) |
| 231 { |
| 232 if (--argc < 1) |
| 233 break; |
| 234 if (!sigopts) |
| 235 sigopts = sk_OPENSSL_STRING_new_null(); |
| 236 if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++arg
v))) |
| 237 break; |
| 238 } |
| 239 else if (strcmp(*argv,"-macopt") == 0) |
| 240 { |
| 241 if (--argc < 1) |
| 242 break; |
| 243 if (!macopts) |
| 244 macopts = sk_OPENSSL_STRING_new_null(); |
| 245 if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++arg
v))) |
| 246 break; |
| 247 } |
| 226 else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL) | 248 else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL) |
| 227 md=m; | 249 md=m; |
| 228 else | 250 else |
| 229 break; | 251 break; |
| 230 argc--; | 252 argc--; |
| 231 argv++; | 253 argv++; |
| 232 } | 254 } |
| 233 | 255 |
| 234 if (md == NULL) | |
| 235 md=EVP_md5(); | |
| 236 | 256 |
| 237 if(do_verify && !sigfile) { | 257 if(do_verify && !sigfile) { |
| 238 BIO_printf(bio_err, "No signature to verify: use the -signature
option\n"); | 258 BIO_printf(bio_err, "No signature to verify: use the -signature
option\n"); |
| 239 err = 1; | |
| 240 goto end; | 259 goto end; |
| 241 } | 260 } |
| 242 | 261 |
| 243 if ((argc > 0) && (argv[0][0] == '-')) /* bad option */ | 262 if ((argc > 0) && (argv[0][0] == '-')) /* bad option */ |
| 244 { | 263 { |
| 245 BIO_printf(bio_err,"unknown option '%s'\n",*argv); | 264 BIO_printf(bio_err,"unknown option '%s'\n",*argv); |
| 246 BIO_printf(bio_err,"options are\n"); | 265 BIO_printf(bio_err,"options are\n"); |
| 247 BIO_printf(bio_err,"-c to output the digest with se
parating colons\n"); | 266 BIO_printf(bio_err,"-c to output the digest with se
parating colons\n"); |
| 267 BIO_printf(bio_err,"-r to output the digest in core
utils format\n"); |
| 248 BIO_printf(bio_err,"-d to output debug info\n"); | 268 BIO_printf(bio_err,"-d to output debug info\n"); |
| 249 BIO_printf(bio_err,"-hex output as hex dump\n"); | 269 BIO_printf(bio_err,"-hex output as hex dump\n"); |
| 250 BIO_printf(bio_err,"-binary output in binary form\n"); | 270 BIO_printf(bio_err,"-binary output in binary form\n"); |
| 251 BIO_printf(bio_err,"-sign file sign digest using private ke
y in file\n"); | 271 BIO_printf(bio_err,"-sign file sign digest using private ke
y in file\n"); |
| 252 BIO_printf(bio_err,"-verify file verify a signature using pub
lic key in file\n"); | 272 BIO_printf(bio_err,"-verify file verify a signature using pub
lic key in file\n"); |
| 253 BIO_printf(bio_err,"-prverify file verify a signature using pri
vate key in file\n"); | 273 BIO_printf(bio_err,"-prverify file verify a signature using pri
vate key in file\n"); |
| 254 BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGI
NE)\n"); | 274 BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGI
NE)\n"); |
| 275 BIO_printf(bio_err,"-out filename output to filename rather th
an stdout\n"); |
| 255 BIO_printf(bio_err,"-signature file signature to verify\n"); | 276 BIO_printf(bio_err,"-signature file signature to verify\n"); |
| 256 » » BIO_printf(bio_err,"-binary output in binary form\n"); | 277 » » BIO_printf(bio_err,"-sigopt nm:v signature parameter\n"); |
| 257 BIO_printf(bio_err,"-hmac key create hashed MAC with key\n
"); | 278 BIO_printf(bio_err,"-hmac key create hashed MAC with key\n
"); |
| 279 BIO_printf(bio_err,"-mac algorithm create MAC (not neccessarily
HMAC)\n"); |
| 280 BIO_printf(bio_err,"-macopt nm:v MAC algorithm parameters or
key\n"); |
| 258 #ifndef OPENSSL_NO_ENGINE | 281 #ifndef OPENSSL_NO_ENGINE |
| 259 BIO_printf(bio_err,"-engine e use engine e, possibly a har
dware device.\n"); | 282 BIO_printf(bio_err,"-engine e use engine e, possibly a har
dware device.\n"); |
| 260 #endif | 283 #endif |
| 261 | 284 |
| 262 » » BIO_printf(bio_err,"-%-14s to use the %s message digest algorith
m (default)\n", | 285 » » EVP_MD_do_all_sorted(list_md_fn, bio_err); |
| 263 » » » LN_md5,LN_md5); | |
| 264 » » BIO_printf(bio_err,"-%-14s to use the %s message digest algorith
m\n", | |
| 265 » » » LN_md4,LN_md4); | |
| 266 » » BIO_printf(bio_err,"-%-14s to use the %s message digest algorith
m\n", | |
| 267 » » » LN_md2,LN_md2); | |
| 268 #ifndef OPENSSL_NO_SHA | |
| 269 » » BIO_printf(bio_err,"-%-14s to use the %s message digest algorith
m\n", | |
| 270 » » » LN_sha1,LN_sha1); | |
| 271 » » BIO_printf(bio_err,"-%-14s to use the %s message digest algorith
m\n", | |
| 272 » » » LN_sha,LN_sha); | |
| 273 #ifndef OPENSSL_NO_SHA256 | |
| 274 » » BIO_printf(bio_err,"-%-14s to use the %s message digest algorith
m\n", | |
| 275 » » » LN_sha224,LN_sha224); | |
| 276 » » BIO_printf(bio_err,"-%-14s to use the %s message digest algorith
m\n", | |
| 277 » » » LN_sha256,LN_sha256); | |
| 278 #endif | |
| 279 #ifndef OPENSSL_NO_SHA512 | |
| 280 » » BIO_printf(bio_err,"-%-14s to use the %s message digest algorith
m\n", | |
| 281 » » » LN_sha384,LN_sha384); | |
| 282 » » BIO_printf(bio_err,"-%-14s to use the %s message digest algorith
m\n", | |
| 283 » » » LN_sha512,LN_sha512); | |
| 284 #endif | |
| 285 #endif | |
| 286 » » BIO_printf(bio_err,"-%-14s to use the %s message digest algorith
m\n", | |
| 287 » » » LN_mdc2,LN_mdc2); | |
| 288 » » BIO_printf(bio_err,"-%-14s to use the %s message digest algorith
m\n", | |
| 289 » » » LN_ripemd160,LN_ripemd160); | |
| 290 » » err=1; | |
| 291 goto end; | 286 goto end; |
| 292 } | 287 } |
| 293 | 288 |
| 294 #ifndef OPENSSL_NO_ENGINE | |
| 295 e = setup_engine(bio_err, engine, 0); | |
| 296 #endif | |
| 297 | |
| 298 in=BIO_new(BIO_s_file()); | 289 in=BIO_new(BIO_s_file()); |
| 299 bmd=BIO_new(BIO_f_md()); | 290 bmd=BIO_new(BIO_f_md()); |
| 300 if (debug) | 291 if (debug) |
| 301 { | 292 { |
| 302 BIO_set_callback(in,BIO_debug_callback); | 293 BIO_set_callback(in,BIO_debug_callback); |
| 303 /* needed for windows 3.1 */ | 294 /* needed for windows 3.1 */ |
| 304 BIO_set_callback_arg(in,(char *)bio_err); | 295 BIO_set_callback_arg(in,(char *)bio_err); |
| 305 } | 296 } |
| 306 | 297 |
| 307 if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) | 298 if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) |
| 308 { | 299 { |
| 309 BIO_printf(bio_err, "Error getting password\n"); | 300 BIO_printf(bio_err, "Error getting password\n"); |
| 310 goto end; | 301 goto end; |
| 311 } | 302 } |
| 312 | 303 |
| 313 if ((in == NULL) || (bmd == NULL)) | 304 if ((in == NULL) || (bmd == NULL)) |
| 314 { | 305 { |
| 315 ERR_print_errors(bio_err); | 306 ERR_print_errors(bio_err); |
| 316 goto end; | 307 goto end; |
| 317 } | 308 } |
| 318 | 309 |
| 319 if(out_bin == -1) { | 310 if(out_bin == -1) { |
| 320 » » if(keyfile) out_bin = 1; | 311 » » if(keyfile) |
| 321 » » else out_bin = 0; | 312 » » » out_bin = 1; |
| 313 » » else |
| 314 » » » out_bin = 0; |
| 322 } | 315 } |
| 323 | 316 |
| 324 if(randfile) | 317 if(randfile) |
| 325 app_RAND_load_file(randfile, bio_err, 0); | 318 app_RAND_load_file(randfile, bio_err, 0); |
| 326 | 319 |
| 327 if(outfile) { | 320 if(outfile) { |
| 328 if(out_bin) | 321 if(out_bin) |
| 329 out = BIO_new_file(outfile, "wb"); | 322 out = BIO_new_file(outfile, "wb"); |
| 330 else out = BIO_new_file(outfile, "w"); | 323 else out = BIO_new_file(outfile, "w"); |
| 331 } else { | 324 } else { |
| 332 out = BIO_new_fp(stdout, BIO_NOCLOSE); | 325 out = BIO_new_fp(stdout, BIO_NOCLOSE); |
| 333 #ifdef OPENSSL_SYS_VMS | 326 #ifdef OPENSSL_SYS_VMS |
| 334 { | 327 { |
| 335 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); | 328 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
| 336 out = BIO_push(tmpbio, out); | 329 out = BIO_push(tmpbio, out); |
| 337 } | 330 } |
| 338 #endif | 331 #endif |
| 339 } | 332 } |
| 340 | 333 |
| 341 if(!out) { | 334 if(!out) { |
| 342 BIO_printf(bio_err, "Error opening output file %s\n", | 335 BIO_printf(bio_err, "Error opening output file %s\n", |
| 343 outfile ? outfile : "(stdout)"); | 336 outfile ? outfile : "(stdout)"); |
| 344 ERR_print_errors(bio_err); | 337 ERR_print_errors(bio_err); |
| 345 goto end; | 338 goto end; |
| 346 } | 339 } |
| 340 if ((!!mac_name + !!keyfile + !!hmac_key) > 1) |
| 341 { |
| 342 BIO_printf(bio_err, "MAC and Signing key cannot both be specifie
d\n"); |
| 343 goto end; |
| 344 } |
| 347 | 345 |
| 348 if(keyfile) | 346 if(keyfile) |
| 349 { | 347 { |
| 350 if (want_pub) | 348 if (want_pub) |
| 351 sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL, | 349 sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL, |
| 352 e, "key file"); | 350 e, "key file"); |
| 353 else | 351 else |
| 354 sigkey = load_key(bio_err, keyfile, keyform, 0, passin, | 352 sigkey = load_key(bio_err, keyfile, keyform, 0, passin, |
| 355 e, "key file"); | 353 e, "key file"); |
| 356 if (!sigkey) | 354 if (!sigkey) |
| 357 { | 355 { |
| 358 /* load_[pub]key() has already printed an appropriate | 356 /* load_[pub]key() has already printed an appropriate |
| 359 message */ | 357 message */ |
| 360 goto end; | 358 goto end; |
| 361 } | 359 } |
| 362 } | 360 } |
| 363 | 361 |
| 362 if (mac_name) |
| 363 { |
| 364 EVP_PKEY_CTX *mac_ctx = NULL; |
| 365 int r = 0; |
| 366 if (!init_gen_str(bio_err, &mac_ctx, mac_name,e, 0)) |
| 367 goto mac_end; |
| 368 if (macopts) |
| 369 { |
| 370 char *macopt; |
| 371 for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) |
| 372 { |
| 373 macopt = sk_OPENSSL_STRING_value(macopts, i); |
| 374 if (pkey_ctrl_string(mac_ctx, macopt) <= 0) |
| 375 { |
| 376 BIO_printf(bio_err, |
| 377 "MAC parameter error \"%s\"\n", |
| 378 macopt); |
| 379 ERR_print_errors(bio_err); |
| 380 goto mac_end; |
| 381 } |
| 382 } |
| 383 } |
| 384 if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) |
| 385 { |
| 386 BIO_puts(bio_err, "Error generating key\n"); |
| 387 ERR_print_errors(bio_err); |
| 388 goto mac_end; |
| 389 } |
| 390 r = 1; |
| 391 mac_end: |
| 392 if (mac_ctx) |
| 393 EVP_PKEY_CTX_free(mac_ctx); |
| 394 if (r == 0) |
| 395 goto end; |
| 396 } |
| 397 |
| 398 if (hmac_key) |
| 399 { |
| 400 sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e, |
| 401 (unsigned char *)hmac_key, -1); |
| 402 if (!sigkey) |
| 403 goto end; |
| 404 } |
| 405 |
| 406 if (sigkey) |
| 407 { |
| 408 EVP_MD_CTX *mctx = NULL; |
| 409 EVP_PKEY_CTX *pctx = NULL; |
| 410 int r; |
| 411 if (!BIO_get_md_ctx(bmd, &mctx)) |
| 412 { |
| 413 BIO_printf(bio_err, "Error getting context\n"); |
| 414 ERR_print_errors(bio_err); |
| 415 goto end; |
| 416 } |
| 417 if (do_verify) |
| 418 r = EVP_DigestVerifyInit(mctx, &pctx, md, e, sigkey); |
| 419 else |
| 420 r = EVP_DigestSignInit(mctx, &pctx, md, e, sigkey); |
| 421 if (!r) |
| 422 { |
| 423 BIO_printf(bio_err, "Error setting context\n"); |
| 424 ERR_print_errors(bio_err); |
| 425 goto end; |
| 426 } |
| 427 if (sigopts) |
| 428 { |
| 429 char *sigopt; |
| 430 for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) |
| 431 { |
| 432 sigopt = sk_OPENSSL_STRING_value(sigopts, i); |
| 433 if (pkey_ctrl_string(pctx, sigopt) <= 0) |
| 434 { |
| 435 BIO_printf(bio_err, |
| 436 "parameter error \"%s\"\n", |
| 437 sigopt); |
| 438 ERR_print_errors(bio_err); |
| 439 goto end; |
| 440 } |
| 441 } |
| 442 } |
| 443 } |
| 444 /* we use md as a filter, reading from 'in' */ |
| 445 else |
| 446 { |
| 447 if (md == NULL) |
| 448 md = EVP_md5(); |
| 449 if (!BIO_set_md(bmd,md)) |
| 450 { |
| 451 BIO_printf(bio_err, "Error setting digest %s\n", pname); |
| 452 ERR_print_errors(bio_err); |
| 453 goto end; |
| 454 } |
| 455 } |
| 456 |
| 364 if(sigfile && sigkey) { | 457 if(sigfile && sigkey) { |
| 365 BIO *sigbio; | 458 BIO *sigbio; |
| 366 sigbio = BIO_new_file(sigfile, "rb"); | 459 sigbio = BIO_new_file(sigfile, "rb"); |
| 367 siglen = EVP_PKEY_size(sigkey); | 460 siglen = EVP_PKEY_size(sigkey); |
| 368 sigbuf = OPENSSL_malloc(siglen); | 461 sigbuf = OPENSSL_malloc(siglen); |
| 369 if(!sigbio) { | 462 if(!sigbio) { |
| 370 BIO_printf(bio_err, "Error opening signature file %s\n", | 463 BIO_printf(bio_err, "Error opening signature file %s\n", |
| 371 sigfile); | 464 sigfile); |
| 372 ERR_print_errors(bio_err); | 465 ERR_print_errors(bio_err); |
| 373 goto end; | 466 goto end; |
| 374 } | 467 } |
| 375 siglen = BIO_read(sigbio, sigbuf, siglen); | 468 siglen = BIO_read(sigbio, sigbuf, siglen); |
| 376 BIO_free(sigbio); | 469 BIO_free(sigbio); |
| 377 if(siglen <= 0) { | 470 if(siglen <= 0) { |
| 378 BIO_printf(bio_err, "Error reading signature file %s\n", | 471 BIO_printf(bio_err, "Error reading signature file %s\n", |
| 379 sigfile); | 472 sigfile); |
| 380 ERR_print_errors(bio_err); | 473 ERR_print_errors(bio_err); |
| 381 goto end; | 474 goto end; |
| 382 } | 475 } |
| 383 } | 476 } |
| 477 inp=BIO_push(bmd,in); |
| 384 | 478 |
| 385 » if (non_fips_allow) | 479 » if (md == NULL) |
| 386 { | 480 { |
| 387 » » EVP_MD_CTX *md_ctx; | 481 » » EVP_MD_CTX *tctx; |
| 388 » » BIO_get_md_ctx(bmd,&md_ctx); | 482 » » BIO_get_md_ctx(bmd, &tctx); |
| 389 » » EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | 483 » » md = EVP_MD_CTX_md(tctx); |
| 390 } | 484 } |
| 391 | 485 |
| 392 if (sig_flags) | |
| 393 { | |
| 394 EVP_MD_CTX *md_ctx; | |
| 395 BIO_get_md_ctx(bmd,&md_ctx); | |
| 396 EVP_MD_CTX_set_flags(md_ctx, sig_flags); | |
| 397 } | |
| 398 | |
| 399 /* we use md as a filter, reading from 'in' */ | |
| 400 if (!BIO_set_md(bmd,md)) | |
| 401 { | |
| 402 BIO_printf(bio_err, "Error setting digest %s\n", pname); | |
| 403 ERR_print_errors(bio_err); | |
| 404 goto end; | |
| 405 } | |
| 406 | |
| 407 inp=BIO_push(bmd,in); | |
| 408 | |
| 409 if (argc == 0) | 486 if (argc == 0) |
| 410 { | 487 { |
| 411 BIO_set_fp(in,stdin,BIO_NOCLOSE); | 488 BIO_set_fp(in,stdin,BIO_NOCLOSE); |
| 412 err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, | 489 err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, |
| 413 » » » siglen,"","(stdin)",bmd,hmac_key,non_fips_allow); | 490 » » » siglen,NULL,NULL,"stdin",bmd); |
| 414 } | 491 } |
| 415 else | 492 else |
| 416 { | 493 { |
| 417 » » name=OBJ_nid2sn(md->type); | 494 » » const char *md_name = NULL, *sig_name = NULL; |
| 495 » » if(!out_bin) |
| 496 » » » { |
| 497 » » » if (sigkey) |
| 498 » » » » { |
| 499 » » » » const EVP_PKEY_ASN1_METHOD *ameth; |
| 500 » » » » ameth = EVP_PKEY_get0_asn1(sigkey); |
| 501 » » » » if (ameth) |
| 502 » » » » » EVP_PKEY_asn1_get0_info(NULL, NULL, |
| 503 » » » » » » NULL, NULL, &sig_name, ameth); |
| 504 » » » » } |
| 505 » » » md_name = EVP_MD_name(md); |
| 506 » » » } |
| 418 err = 0; | 507 err = 0; |
| 419 for (i=0; i<argc; i++) | 508 for (i=0; i<argc; i++) |
| 420 { | 509 { |
| 421 char *tmp,*tofree=NULL; | |
| 422 int r; | 510 int r; |
| 423 | |
| 424 if (BIO_read_filename(in,argv[i]) <= 0) | 511 if (BIO_read_filename(in,argv[i]) <= 0) |
| 425 { | 512 { |
| 426 perror(argv[i]); | 513 perror(argv[i]); |
| 427 err++; | 514 err++; |
| 428 continue; | 515 continue; |
| 429 } | 516 } |
| 430 if(!out_bin) | |
| 431 { | |
| 432 size_t len = strlen(name)+strlen(argv[i])+(hmac_
key ? 5 : 0)+5; | |
| 433 tmp=tofree=OPENSSL_malloc(len); | |
| 434 BIO_snprintf(tmp,len,"%s%s(%s)= ", | |
| 435 hmac_key ? "HMAC-" : ""
,name,argv[i]); | |
| 436 } | |
| 437 else | 517 else |
| 438 tmp=""; | |
| 439 r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf, | 518 r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf, |
| 440 » » » » siglen,tmp,argv[i],bmd,hmac_key,non_fips_allow); | 519 » » » » siglen,sig_name,md_name, argv[i],bmd); |
| 441 if(r) | 520 if(r) |
| 442 err=r; | 521 err=r; |
| 443 if(tofree) | |
| 444 OPENSSL_free(tofree); | |
| 445 (void)BIO_reset(bmd); | 522 (void)BIO_reset(bmd); |
| 446 } | 523 } |
| 447 } | 524 } |
| 448 end: | 525 end: |
| 449 if (buf != NULL) | 526 if (buf != NULL) |
| 450 { | 527 { |
| 451 OPENSSL_cleanse(buf,BUFSIZE); | 528 OPENSSL_cleanse(buf,BUFSIZE); |
| 452 OPENSSL_free(buf); | 529 OPENSSL_free(buf); |
| 453 } | 530 } |
| 454 if (in != NULL) BIO_free(in); | 531 if (in != NULL) BIO_free(in); |
| 455 if (passin) | 532 if (passin) |
| 456 OPENSSL_free(passin); | 533 OPENSSL_free(passin); |
| 457 BIO_free_all(out); | 534 BIO_free_all(out); |
| 458 EVP_PKEY_free(sigkey); | 535 EVP_PKEY_free(sigkey); |
| 536 if (sigopts) |
| 537 sk_OPENSSL_STRING_free(sigopts); |
| 538 if (macopts) |
| 539 sk_OPENSSL_STRING_free(macopts); |
| 459 if(sigbuf) OPENSSL_free(sigbuf); | 540 if(sigbuf) OPENSSL_free(sigbuf); |
| 460 if (bmd != NULL) BIO_free(bmd); | 541 if (bmd != NULL) BIO_free(bmd); |
| 461 apps_shutdown(); | 542 apps_shutdown(); |
| 462 OPENSSL_EXIT(err); | 543 OPENSSL_EXIT(err); |
| 463 } | 544 } |
| 464 | 545 |
| 465 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, | 546 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, |
| 466 » EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, | 547 » EVP_PKEY *key, unsigned char *sigin, int siglen, |
| 467 » const char *file,BIO *bmd,const char *hmac_key,int non_fips_allow) | 548 » const char *sig_name, const char *md_name, |
| 549 » const char *file,BIO *bmd) |
| 468 { | 550 { |
| 469 » unsigned int len; | 551 » size_t len; |
| 470 int i; | 552 int i; |
| 471 EVP_MD_CTX *md_ctx; | |
| 472 HMAC_CTX hmac_ctx; | |
| 473 | 553 |
| 474 if (hmac_key) | |
| 475 { | |
| 476 EVP_MD *md; | |
| 477 | |
| 478 BIO_get_md(bmd,&md); | |
| 479 HMAC_CTX_init(&hmac_ctx); | |
| 480 HMAC_Init_ex(&hmac_ctx,hmac_key,strlen(hmac_key),md, NULL); | |
| 481 BIO_get_md_ctx(bmd,&md_ctx); | |
| 482 BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx); | |
| 483 } | |
| 484 for (;;) | 554 for (;;) |
| 485 { | 555 { |
| 486 i=BIO_read(bp,(char *)buf,BUFSIZE); | 556 i=BIO_read(bp,(char *)buf,BUFSIZE); |
| 487 if(i < 0) | 557 if(i < 0) |
| 488 { | 558 { |
| 489 BIO_printf(bio_err, "Read Error in %s\n",file); | 559 BIO_printf(bio_err, "Read Error in %s\n",file); |
| 490 ERR_print_errors(bio_err); | 560 ERR_print_errors(bio_err); |
| 491 return 1; | 561 return 1; |
| 492 } | 562 } |
| 493 if (i == 0) break; | 563 if (i == 0) break; |
| 494 } | 564 } |
| 495 if(sigin) | 565 if(sigin) |
| 496 { | 566 { |
| 497 EVP_MD_CTX *ctx; | 567 EVP_MD_CTX *ctx; |
| 498 BIO_get_md_ctx(bp, &ctx); | 568 BIO_get_md_ctx(bp, &ctx); |
| 499 » » i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key); | 569 » » i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen); |
| 500 if(i > 0) | 570 if(i > 0) |
| 501 BIO_printf(out, "Verified OK\n"); | 571 BIO_printf(out, "Verified OK\n"); |
| 502 else if(i == 0) | 572 else if(i == 0) |
| 503 { | 573 { |
| 504 BIO_printf(out, "Verification Failure\n"); | 574 BIO_printf(out, "Verification Failure\n"); |
| 505 return 1; | 575 return 1; |
| 506 } | 576 } |
| 507 else | 577 else |
| 508 { | 578 { |
| 509 BIO_printf(bio_err, "Error Verifying Data\n"); | 579 BIO_printf(bio_err, "Error Verifying Data\n"); |
| 510 ERR_print_errors(bio_err); | 580 ERR_print_errors(bio_err); |
| 511 return 1; | 581 return 1; |
| 512 } | 582 } |
| 513 return 0; | 583 return 0; |
| 514 } | 584 } |
| 515 if(key) | 585 if(key) |
| 516 { | 586 { |
| 517 EVP_MD_CTX *ctx; | 587 EVP_MD_CTX *ctx; |
| 518 BIO_get_md_ctx(bp, &ctx); | 588 BIO_get_md_ctx(bp, &ctx); |
| 519 » » if(!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key)) | 589 » » len = BUFSIZE; |
| 590 » » if(!EVP_DigestSignFinal(ctx, buf, &len)) |
| 520 { | 591 { |
| 521 BIO_printf(bio_err, "Error Signing Data\n"); | 592 BIO_printf(bio_err, "Error Signing Data\n"); |
| 522 ERR_print_errors(bio_err); | 593 ERR_print_errors(bio_err); |
| 523 return 1; | 594 return 1; |
| 524 } | 595 } |
| 525 } | 596 } |
| 526 » else if(hmac_key) | 597 » else |
| 527 { | 598 { |
| 528 » » HMAC_Final(&hmac_ctx,buf,&len); | 599 » » len=BIO_gets(bp,(char *)buf,BUFSIZE); |
| 529 » » HMAC_CTX_cleanup(&hmac_ctx); | 600 » » if ((int)len <0) |
| 601 » » » { |
| 602 » » » ERR_print_errors(bio_err); |
| 603 » » » return 1; |
| 604 » » » } |
| 530 } | 605 } |
| 531 else | |
| 532 len=BIO_gets(bp,(char *)buf,BUFSIZE); | |
| 533 | 606 |
| 534 if(binout) BIO_write(out, buf, len); | 607 if(binout) BIO_write(out, buf, len); |
| 608 else if (sep == 2) |
| 609 { |
| 610 for (i=0; i<(int)len; i++) |
| 611 BIO_printf(out, "%02x",buf[i]); |
| 612 BIO_printf(out, " *%s\n", file); |
| 613 } |
| 535 else | 614 else |
| 536 { | 615 { |
| 537 » » BIO_write(out,title,strlen(title)); | 616 » » if (sig_name) |
| 617 » » » BIO_printf(out, "%s-%s(%s)= ", sig_name, md_name, file); |
| 618 » » else if (md_name) |
| 619 » » » BIO_printf(out, "%s(%s)= ", md_name, file); |
| 620 » » else |
| 621 » » » BIO_printf(out, "(%s)= ", file); |
| 538 for (i=0; i<(int)len; i++) | 622 for (i=0; i<(int)len; i++) |
| 539 { | 623 { |
| 540 if (sep && (i != 0)) | 624 if (sep && (i != 0)) |
| 541 BIO_printf(out, ":"); | 625 BIO_printf(out, ":"); |
| 542 BIO_printf(out, "%02x",buf[i]); | 626 BIO_printf(out, "%02x",buf[i]); |
| 543 } | 627 } |
| 544 BIO_printf(out, "\n"); | 628 BIO_printf(out, "\n"); |
| 545 } | 629 } |
| 546 if (hmac_key) | |
| 547 { | |
| 548 BIO_set_md_ctx(bmd,md_ctx); | |
| 549 } | |
| 550 return 0; | 630 return 0; |
| 551 } | 631 } |
| 552 | 632 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/