OLD | NEW |
1 /* apps/dgst.c */ | 1 /* apps/dgst.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
68 #include <openssl/pem.h> | 68 #include <openssl/pem.h> |
69 #include <openssl/hmac.h> | 69 #include <openssl/hmac.h> |
70 | 70 |
71 #undef BUFSIZE | 71 #undef BUFSIZE |
72 #define BUFSIZE 1024*8 | 72 #define BUFSIZE 1024*8 |
73 | 73 |
74 #undef PROG | 74 #undef PROG |
75 #define PROG dgst_main | 75 #define PROG dgst_main |
76 | 76 |
77 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, | 77 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, |
78 » EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, | 78 » EVP_PKEY *key, unsigned char *sigin, int siglen, |
79 » const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow); | 79 » const char *sig_name, const char *md_name, |
| 80 » const char *file,BIO *bmd); |
| 81 |
| 82 static void list_md_fn(const EVP_MD *m, |
| 83 » » » const char *from, const char *to, void *arg) |
| 84 » { |
| 85 » const char *mname; |
| 86 » /* Skip aliases */ |
| 87 » if (!m) |
| 88 » » return; |
| 89 » mname = OBJ_nid2ln(EVP_MD_type(m)); |
| 90 » /* Skip shortnames */ |
| 91 » if (strcmp(from, mname)) |
| 92 » » return; |
| 93 » /* Skip clones */ |
| 94 » if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST) |
| 95 » » return; |
| 96 » if (strchr(mname, ' ')) |
| 97 » » mname= EVP_MD_name(m); |
| 98 » BIO_printf(arg, "-%-14s to use the %s message digest algorithm\n", |
| 99 » » » mname, mname); |
| 100 » } |
80 | 101 |
81 int MAIN(int, char **); | 102 int MAIN(int, char **); |
82 | 103 |
83 int MAIN(int argc, char **argv) | 104 int MAIN(int argc, char **argv) |
84 { | 105 { |
85 ENGINE *e = NULL; | 106 ENGINE *e = NULL; |
86 unsigned char *buf=NULL; | 107 unsigned char *buf=NULL; |
87 int i,err=1; | 108 int i,err=1; |
88 const EVP_MD *md=NULL,*m; | 109 const EVP_MD *md=NULL,*m; |
89 BIO *in=NULL,*inp; | 110 BIO *in=NULL,*inp; |
90 BIO *bmd=NULL; | 111 BIO *bmd=NULL; |
91 BIO *out = NULL; | 112 BIO *out = NULL; |
92 const char *name; | |
93 #define PROG_NAME_SIZE 39 | 113 #define PROG_NAME_SIZE 39 |
94 char pname[PROG_NAME_SIZE+1]; | 114 char pname[PROG_NAME_SIZE+1]; |
95 int separator=0; | 115 int separator=0; |
96 int debug=0; | 116 int debug=0; |
97 int keyform=FORMAT_PEM; | 117 int keyform=FORMAT_PEM; |
98 const char *outfile = NULL, *keyfile = NULL; | 118 const char *outfile = NULL, *keyfile = NULL; |
99 const char *sigfile = NULL, *randfile = NULL; | 119 const char *sigfile = NULL, *randfile = NULL; |
100 int out_bin = -1, want_pub = 0, do_verify = 0; | 120 int out_bin = -1, want_pub = 0, do_verify = 0; |
101 EVP_PKEY *sigkey = NULL; | 121 EVP_PKEY *sigkey = NULL; |
102 unsigned char *sigbuf = NULL; | 122 unsigned char *sigbuf = NULL; |
103 int siglen = 0; | 123 int siglen = 0; |
104 unsigned int sig_flags = 0; | |
105 char *passargin = NULL, *passin = NULL; | 124 char *passargin = NULL, *passin = NULL; |
106 #ifndef OPENSSL_NO_ENGINE | 125 #ifndef OPENSSL_NO_ENGINE |
107 char *engine=NULL; | 126 char *engine=NULL; |
108 #endif | 127 #endif |
109 char *hmac_key=NULL; | 128 char *hmac_key=NULL; |
110 » int non_fips_allow = 0; | 129 » char *mac_name=NULL; |
| 130 » STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL; |
111 | 131 |
112 apps_startup(); | 132 apps_startup(); |
113 ERR_load_crypto_strings(); | 133 |
114 if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) | 134 if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) |
115 { | 135 { |
116 BIO_printf(bio_err,"out of memory\n"); | 136 BIO_printf(bio_err,"out of memory\n"); |
117 goto end; | 137 goto end; |
118 } | 138 } |
119 if (bio_err == NULL) | 139 if (bio_err == NULL) |
120 if ((bio_err=BIO_new(BIO_s_file())) != NULL) | 140 if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
121 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); | 141 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
122 | 142 |
123 if (!load_config(bio_err, NULL)) | 143 if (!load_config(bio_err, NULL)) |
124 goto end; | 144 goto end; |
125 | 145 |
126 /* first check the program name */ | 146 /* first check the program name */ |
127 program_name(argv[0],pname,sizeof pname); | 147 program_name(argv[0],pname,sizeof pname); |
128 | 148 |
129 md=EVP_get_digestbyname(pname); | 149 md=EVP_get_digestbyname(pname); |
130 | 150 |
131 argc--; | 151 argc--; |
132 argv++; | 152 argv++; |
133 while (argc > 0) | 153 while (argc > 0) |
134 { | 154 { |
135 if ((*argv)[0] != '-') break; | 155 if ((*argv)[0] != '-') break; |
136 if (strcmp(*argv,"-c") == 0) | 156 if (strcmp(*argv,"-c") == 0) |
137 separator=1; | 157 separator=1; |
| 158 else if (strcmp(*argv,"-r") == 0) |
| 159 separator=2; |
138 else if (strcmp(*argv,"-rand") == 0) | 160 else if (strcmp(*argv,"-rand") == 0) |
139 { | 161 { |
140 if (--argc < 1) break; | 162 if (--argc < 1) break; |
141 randfile=*(++argv); | 163 randfile=*(++argv); |
142 } | 164 } |
143 else if (strcmp(*argv,"-out") == 0) | 165 else if (strcmp(*argv,"-out") == 0) |
144 { | 166 { |
145 if (--argc < 1) break; | 167 if (--argc < 1) break; |
146 outfile=*(++argv); | 168 outfile=*(++argv); |
147 } | 169 } |
(...skipping 14 matching lines...) Expand all Loading... |
162 keyfile=*(++argv); | 184 keyfile=*(++argv); |
163 want_pub = 1; | 185 want_pub = 1; |
164 do_verify = 1; | 186 do_verify = 1; |
165 } | 187 } |
166 else if (strcmp(*argv,"-prverify") == 0) | 188 else if (strcmp(*argv,"-prverify") == 0) |
167 { | 189 { |
168 if (--argc < 1) break; | 190 if (--argc < 1) break; |
169 keyfile=*(++argv); | 191 keyfile=*(++argv); |
170 do_verify = 1; | 192 do_verify = 1; |
171 } | 193 } |
172 else if (strcmp(*argv,"-x931") == 0) | |
173 sig_flags = EVP_MD_CTX_FLAG_PAD_X931; | |
174 else if (strcmp(*argv,"-pss_saltlen") == 0) | |
175 { | |
176 int saltlen; | |
177 if (--argc < 1) break; | |
178 saltlen=atoi(*(++argv)); | |
179 if (saltlen == -1) | |
180 sig_flags = EVP_MD_CTX_FLAG_PSS_MREC; | |
181 else if (saltlen == -2) | |
182 sig_flags = EVP_MD_CTX_FLAG_PSS_MDLEN; | |
183 else if (saltlen < -2 || saltlen >= 0xFFFE) | |
184 { | |
185 BIO_printf(bio_err, "Invalid PSS salt length %d\
n", saltlen); | |
186 goto end; | |
187 } | |
188 else | |
189 sig_flags = saltlen; | |
190 sig_flags <<= 16; | |
191 sig_flags |= EVP_MD_CTX_FLAG_PAD_PSS; | |
192 } | |
193 else if (strcmp(*argv,"-signature") == 0) | 194 else if (strcmp(*argv,"-signature") == 0) |
194 { | 195 { |
195 if (--argc < 1) break; | 196 if (--argc < 1) break; |
196 sigfile=*(++argv); | 197 sigfile=*(++argv); |
197 } | 198 } |
198 else if (strcmp(*argv,"-keyform") == 0) | 199 else if (strcmp(*argv,"-keyform") == 0) |
199 { | 200 { |
200 if (--argc < 1) break; | 201 if (--argc < 1) break; |
201 keyform=str2fmt(*(++argv)); | 202 keyform=str2fmt(*(++argv)); |
202 } | 203 } |
203 #ifndef OPENSSL_NO_ENGINE | 204 #ifndef OPENSSL_NO_ENGINE |
204 else if (strcmp(*argv,"-engine") == 0) | 205 else if (strcmp(*argv,"-engine") == 0) |
205 { | 206 { |
206 if (--argc < 1) break; | 207 if (--argc < 1) break; |
207 engine= *(++argv); | 208 engine= *(++argv); |
| 209 e = setup_engine(bio_err, engine, 0); |
208 } | 210 } |
209 #endif | 211 #endif |
210 else if (strcmp(*argv,"-hex") == 0) | 212 else if (strcmp(*argv,"-hex") == 0) |
211 out_bin = 0; | 213 out_bin = 0; |
212 else if (strcmp(*argv,"-binary") == 0) | 214 else if (strcmp(*argv,"-binary") == 0) |
213 out_bin = 1; | 215 out_bin = 1; |
214 else if (strcmp(*argv,"-d") == 0) | 216 else if (strcmp(*argv,"-d") == 0) |
215 debug=1; | 217 debug=1; |
216 else if (strcmp(*argv,"-non-fips-allow") == 0) | |
217 non_fips_allow=1; | |
218 else if (!strcmp(*argv,"-fips-fingerprint")) | |
219 hmac_key = "etaonrishdlcupfm"; | |
220 else if (!strcmp(*argv,"-hmac")) | 218 else if (!strcmp(*argv,"-hmac")) |
221 { | 219 { |
222 if (--argc < 1) | 220 if (--argc < 1) |
223 break; | 221 break; |
224 hmac_key=*++argv; | 222 hmac_key=*++argv; |
225 } | 223 } |
| 224 else if (!strcmp(*argv,"-mac")) |
| 225 { |
| 226 if (--argc < 1) |
| 227 break; |
| 228 mac_name=*++argv; |
| 229 } |
| 230 else if (strcmp(*argv,"-sigopt") == 0) |
| 231 { |
| 232 if (--argc < 1) |
| 233 break; |
| 234 if (!sigopts) |
| 235 sigopts = sk_OPENSSL_STRING_new_null(); |
| 236 if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++arg
v))) |
| 237 break; |
| 238 } |
| 239 else if (strcmp(*argv,"-macopt") == 0) |
| 240 { |
| 241 if (--argc < 1) |
| 242 break; |
| 243 if (!macopts) |
| 244 macopts = sk_OPENSSL_STRING_new_null(); |
| 245 if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++arg
v))) |
| 246 break; |
| 247 } |
226 else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL) | 248 else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL) |
227 md=m; | 249 md=m; |
228 else | 250 else |
229 break; | 251 break; |
230 argc--; | 252 argc--; |
231 argv++; | 253 argv++; |
232 } | 254 } |
233 | 255 |
234 if (md == NULL) | |
235 md=EVP_md5(); | |
236 | 256 |
237 if(do_verify && !sigfile) { | 257 if(do_verify && !sigfile) { |
238 BIO_printf(bio_err, "No signature to verify: use the -signature
option\n"); | 258 BIO_printf(bio_err, "No signature to verify: use the -signature
option\n"); |
239 err = 1; | |
240 goto end; | 259 goto end; |
241 } | 260 } |
242 | 261 |
243 if ((argc > 0) && (argv[0][0] == '-')) /* bad option */ | 262 if ((argc > 0) && (argv[0][0] == '-')) /* bad option */ |
244 { | 263 { |
245 BIO_printf(bio_err,"unknown option '%s'\n",*argv); | 264 BIO_printf(bio_err,"unknown option '%s'\n",*argv); |
246 BIO_printf(bio_err,"options are\n"); | 265 BIO_printf(bio_err,"options are\n"); |
247 BIO_printf(bio_err,"-c to output the digest with se
parating colons\n"); | 266 BIO_printf(bio_err,"-c to output the digest with se
parating colons\n"); |
| 267 BIO_printf(bio_err,"-r to output the digest in core
utils format\n"); |
248 BIO_printf(bio_err,"-d to output debug info\n"); | 268 BIO_printf(bio_err,"-d to output debug info\n"); |
249 BIO_printf(bio_err,"-hex output as hex dump\n"); | 269 BIO_printf(bio_err,"-hex output as hex dump\n"); |
250 BIO_printf(bio_err,"-binary output in binary form\n"); | 270 BIO_printf(bio_err,"-binary output in binary form\n"); |
251 BIO_printf(bio_err,"-sign file sign digest using private ke
y in file\n"); | 271 BIO_printf(bio_err,"-sign file sign digest using private ke
y in file\n"); |
252 BIO_printf(bio_err,"-verify file verify a signature using pub
lic key in file\n"); | 272 BIO_printf(bio_err,"-verify file verify a signature using pub
lic key in file\n"); |
253 BIO_printf(bio_err,"-prverify file verify a signature using pri
vate key in file\n"); | 273 BIO_printf(bio_err,"-prverify file verify a signature using pri
vate key in file\n"); |
254 BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGI
NE)\n"); | 274 BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGI
NE)\n"); |
| 275 BIO_printf(bio_err,"-out filename output to filename rather th
an stdout\n"); |
255 BIO_printf(bio_err,"-signature file signature to verify\n"); | 276 BIO_printf(bio_err,"-signature file signature to verify\n"); |
256 » » BIO_printf(bio_err,"-binary output in binary form\n"); | 277 » » BIO_printf(bio_err,"-sigopt nm:v signature parameter\n"); |
257 BIO_printf(bio_err,"-hmac key create hashed MAC with key\n
"); | 278 BIO_printf(bio_err,"-hmac key create hashed MAC with key\n
"); |
| 279 BIO_printf(bio_err,"-mac algorithm create MAC (not neccessarily
HMAC)\n"); |
| 280 BIO_printf(bio_err,"-macopt nm:v MAC algorithm parameters or
key\n"); |
258 #ifndef OPENSSL_NO_ENGINE | 281 #ifndef OPENSSL_NO_ENGINE |
259 BIO_printf(bio_err,"-engine e use engine e, possibly a har
dware device.\n"); | 282 BIO_printf(bio_err,"-engine e use engine e, possibly a har
dware device.\n"); |
260 #endif | 283 #endif |
261 | 284 |
262 » » BIO_printf(bio_err,"-%-14s to use the %s message digest algorith
m (default)\n", | 285 » » EVP_MD_do_all_sorted(list_md_fn, bio_err); |
263 » » » LN_md5,LN_md5); | |
264 » » BIO_printf(bio_err,"-%-14s to use the %s message digest algorith
m\n", | |
265 » » » LN_md4,LN_md4); | |
266 » » BIO_printf(bio_err,"-%-14s to use the %s message digest algorith
m\n", | |
267 » » » LN_md2,LN_md2); | |
268 #ifndef OPENSSL_NO_SHA | |
269 » » BIO_printf(bio_err,"-%-14s to use the %s message digest algorith
m\n", | |
270 » » » LN_sha1,LN_sha1); | |
271 » » BIO_printf(bio_err,"-%-14s to use the %s message digest algorith
m\n", | |
272 » » » LN_sha,LN_sha); | |
273 #ifndef OPENSSL_NO_SHA256 | |
274 » » BIO_printf(bio_err,"-%-14s to use the %s message digest algorith
m\n", | |
275 » » » LN_sha224,LN_sha224); | |
276 » » BIO_printf(bio_err,"-%-14s to use the %s message digest algorith
m\n", | |
277 » » » LN_sha256,LN_sha256); | |
278 #endif | |
279 #ifndef OPENSSL_NO_SHA512 | |
280 » » BIO_printf(bio_err,"-%-14s to use the %s message digest algorith
m\n", | |
281 » » » LN_sha384,LN_sha384); | |
282 » » BIO_printf(bio_err,"-%-14s to use the %s message digest algorith
m\n", | |
283 » » » LN_sha512,LN_sha512); | |
284 #endif | |
285 #endif | |
286 » » BIO_printf(bio_err,"-%-14s to use the %s message digest algorith
m\n", | |
287 » » » LN_mdc2,LN_mdc2); | |
288 » » BIO_printf(bio_err,"-%-14s to use the %s message digest algorith
m\n", | |
289 » » » LN_ripemd160,LN_ripemd160); | |
290 » » err=1; | |
291 goto end; | 286 goto end; |
292 } | 287 } |
293 | 288 |
294 #ifndef OPENSSL_NO_ENGINE | |
295 e = setup_engine(bio_err, engine, 0); | |
296 #endif | |
297 | |
298 in=BIO_new(BIO_s_file()); | 289 in=BIO_new(BIO_s_file()); |
299 bmd=BIO_new(BIO_f_md()); | 290 bmd=BIO_new(BIO_f_md()); |
300 if (debug) | 291 if (debug) |
301 { | 292 { |
302 BIO_set_callback(in,BIO_debug_callback); | 293 BIO_set_callback(in,BIO_debug_callback); |
303 /* needed for windows 3.1 */ | 294 /* needed for windows 3.1 */ |
304 BIO_set_callback_arg(in,(char *)bio_err); | 295 BIO_set_callback_arg(in,(char *)bio_err); |
305 } | 296 } |
306 | 297 |
307 if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) | 298 if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) |
308 { | 299 { |
309 BIO_printf(bio_err, "Error getting password\n"); | 300 BIO_printf(bio_err, "Error getting password\n"); |
310 goto end; | 301 goto end; |
311 } | 302 } |
312 | 303 |
313 if ((in == NULL) || (bmd == NULL)) | 304 if ((in == NULL) || (bmd == NULL)) |
314 { | 305 { |
315 ERR_print_errors(bio_err); | 306 ERR_print_errors(bio_err); |
316 goto end; | 307 goto end; |
317 } | 308 } |
318 | 309 |
319 if(out_bin == -1) { | 310 if(out_bin == -1) { |
320 » » if(keyfile) out_bin = 1; | 311 » » if(keyfile) |
321 » » else out_bin = 0; | 312 » » » out_bin = 1; |
| 313 » » else |
| 314 » » » out_bin = 0; |
322 } | 315 } |
323 | 316 |
324 if(randfile) | 317 if(randfile) |
325 app_RAND_load_file(randfile, bio_err, 0); | 318 app_RAND_load_file(randfile, bio_err, 0); |
326 | 319 |
327 if(outfile) { | 320 if(outfile) { |
328 if(out_bin) | 321 if(out_bin) |
329 out = BIO_new_file(outfile, "wb"); | 322 out = BIO_new_file(outfile, "wb"); |
330 else out = BIO_new_file(outfile, "w"); | 323 else out = BIO_new_file(outfile, "w"); |
331 } else { | 324 } else { |
332 out = BIO_new_fp(stdout, BIO_NOCLOSE); | 325 out = BIO_new_fp(stdout, BIO_NOCLOSE); |
333 #ifdef OPENSSL_SYS_VMS | 326 #ifdef OPENSSL_SYS_VMS |
334 { | 327 { |
335 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); | 328 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
336 out = BIO_push(tmpbio, out); | 329 out = BIO_push(tmpbio, out); |
337 } | 330 } |
338 #endif | 331 #endif |
339 } | 332 } |
340 | 333 |
341 if(!out) { | 334 if(!out) { |
342 BIO_printf(bio_err, "Error opening output file %s\n", | 335 BIO_printf(bio_err, "Error opening output file %s\n", |
343 outfile ? outfile : "(stdout)"); | 336 outfile ? outfile : "(stdout)"); |
344 ERR_print_errors(bio_err); | 337 ERR_print_errors(bio_err); |
345 goto end; | 338 goto end; |
346 } | 339 } |
| 340 if ((!!mac_name + !!keyfile + !!hmac_key) > 1) |
| 341 { |
| 342 BIO_printf(bio_err, "MAC and Signing key cannot both be specifie
d\n"); |
| 343 goto end; |
| 344 } |
347 | 345 |
348 if(keyfile) | 346 if(keyfile) |
349 { | 347 { |
350 if (want_pub) | 348 if (want_pub) |
351 sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL, | 349 sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL, |
352 e, "key file"); | 350 e, "key file"); |
353 else | 351 else |
354 sigkey = load_key(bio_err, keyfile, keyform, 0, passin, | 352 sigkey = load_key(bio_err, keyfile, keyform, 0, passin, |
355 e, "key file"); | 353 e, "key file"); |
356 if (!sigkey) | 354 if (!sigkey) |
357 { | 355 { |
358 /* load_[pub]key() has already printed an appropriate | 356 /* load_[pub]key() has already printed an appropriate |
359 message */ | 357 message */ |
360 goto end; | 358 goto end; |
361 } | 359 } |
362 } | 360 } |
363 | 361 |
| 362 if (mac_name) |
| 363 { |
| 364 EVP_PKEY_CTX *mac_ctx = NULL; |
| 365 int r = 0; |
| 366 if (!init_gen_str(bio_err, &mac_ctx, mac_name,e, 0)) |
| 367 goto mac_end; |
| 368 if (macopts) |
| 369 { |
| 370 char *macopt; |
| 371 for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) |
| 372 { |
| 373 macopt = sk_OPENSSL_STRING_value(macopts, i); |
| 374 if (pkey_ctrl_string(mac_ctx, macopt) <= 0) |
| 375 { |
| 376 BIO_printf(bio_err, |
| 377 "MAC parameter error \"%s\"\n", |
| 378 macopt); |
| 379 ERR_print_errors(bio_err); |
| 380 goto mac_end; |
| 381 } |
| 382 } |
| 383 } |
| 384 if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) |
| 385 { |
| 386 BIO_puts(bio_err, "Error generating key\n"); |
| 387 ERR_print_errors(bio_err); |
| 388 goto mac_end; |
| 389 } |
| 390 r = 1; |
| 391 mac_end: |
| 392 if (mac_ctx) |
| 393 EVP_PKEY_CTX_free(mac_ctx); |
| 394 if (r == 0) |
| 395 goto end; |
| 396 } |
| 397 |
| 398 if (hmac_key) |
| 399 { |
| 400 sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e, |
| 401 (unsigned char *)hmac_key, -1); |
| 402 if (!sigkey) |
| 403 goto end; |
| 404 } |
| 405 |
| 406 if (sigkey) |
| 407 { |
| 408 EVP_MD_CTX *mctx = NULL; |
| 409 EVP_PKEY_CTX *pctx = NULL; |
| 410 int r; |
| 411 if (!BIO_get_md_ctx(bmd, &mctx)) |
| 412 { |
| 413 BIO_printf(bio_err, "Error getting context\n"); |
| 414 ERR_print_errors(bio_err); |
| 415 goto end; |
| 416 } |
| 417 if (do_verify) |
| 418 r = EVP_DigestVerifyInit(mctx, &pctx, md, e, sigkey); |
| 419 else |
| 420 r = EVP_DigestSignInit(mctx, &pctx, md, e, sigkey); |
| 421 if (!r) |
| 422 { |
| 423 BIO_printf(bio_err, "Error setting context\n"); |
| 424 ERR_print_errors(bio_err); |
| 425 goto end; |
| 426 } |
| 427 if (sigopts) |
| 428 { |
| 429 char *sigopt; |
| 430 for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) |
| 431 { |
| 432 sigopt = sk_OPENSSL_STRING_value(sigopts, i); |
| 433 if (pkey_ctrl_string(pctx, sigopt) <= 0) |
| 434 { |
| 435 BIO_printf(bio_err, |
| 436 "parameter error \"%s\"\n", |
| 437 sigopt); |
| 438 ERR_print_errors(bio_err); |
| 439 goto end; |
| 440 } |
| 441 } |
| 442 } |
| 443 } |
| 444 /* we use md as a filter, reading from 'in' */ |
| 445 else |
| 446 { |
| 447 if (md == NULL) |
| 448 md = EVP_md5(); |
| 449 if (!BIO_set_md(bmd,md)) |
| 450 { |
| 451 BIO_printf(bio_err, "Error setting digest %s\n", pname); |
| 452 ERR_print_errors(bio_err); |
| 453 goto end; |
| 454 } |
| 455 } |
| 456 |
364 if(sigfile && sigkey) { | 457 if(sigfile && sigkey) { |
365 BIO *sigbio; | 458 BIO *sigbio; |
366 sigbio = BIO_new_file(sigfile, "rb"); | 459 sigbio = BIO_new_file(sigfile, "rb"); |
367 siglen = EVP_PKEY_size(sigkey); | 460 siglen = EVP_PKEY_size(sigkey); |
368 sigbuf = OPENSSL_malloc(siglen); | 461 sigbuf = OPENSSL_malloc(siglen); |
369 if(!sigbio) { | 462 if(!sigbio) { |
370 BIO_printf(bio_err, "Error opening signature file %s\n", | 463 BIO_printf(bio_err, "Error opening signature file %s\n", |
371 sigfile); | 464 sigfile); |
372 ERR_print_errors(bio_err); | 465 ERR_print_errors(bio_err); |
373 goto end; | 466 goto end; |
374 } | 467 } |
375 siglen = BIO_read(sigbio, sigbuf, siglen); | 468 siglen = BIO_read(sigbio, sigbuf, siglen); |
376 BIO_free(sigbio); | 469 BIO_free(sigbio); |
377 if(siglen <= 0) { | 470 if(siglen <= 0) { |
378 BIO_printf(bio_err, "Error reading signature file %s\n", | 471 BIO_printf(bio_err, "Error reading signature file %s\n", |
379 sigfile); | 472 sigfile); |
380 ERR_print_errors(bio_err); | 473 ERR_print_errors(bio_err); |
381 goto end; | 474 goto end; |
382 } | 475 } |
383 } | 476 } |
| 477 inp=BIO_push(bmd,in); |
384 | 478 |
385 » if (non_fips_allow) | 479 » if (md == NULL) |
386 { | 480 { |
387 » » EVP_MD_CTX *md_ctx; | 481 » » EVP_MD_CTX *tctx; |
388 » » BIO_get_md_ctx(bmd,&md_ctx); | 482 » » BIO_get_md_ctx(bmd, &tctx); |
389 » » EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | 483 » » md = EVP_MD_CTX_md(tctx); |
390 } | 484 } |
391 | 485 |
392 if (sig_flags) | |
393 { | |
394 EVP_MD_CTX *md_ctx; | |
395 BIO_get_md_ctx(bmd,&md_ctx); | |
396 EVP_MD_CTX_set_flags(md_ctx, sig_flags); | |
397 } | |
398 | |
399 /* we use md as a filter, reading from 'in' */ | |
400 if (!BIO_set_md(bmd,md)) | |
401 { | |
402 BIO_printf(bio_err, "Error setting digest %s\n", pname); | |
403 ERR_print_errors(bio_err); | |
404 goto end; | |
405 } | |
406 | |
407 inp=BIO_push(bmd,in); | |
408 | |
409 if (argc == 0) | 486 if (argc == 0) |
410 { | 487 { |
411 BIO_set_fp(in,stdin,BIO_NOCLOSE); | 488 BIO_set_fp(in,stdin,BIO_NOCLOSE); |
412 err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, | 489 err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, |
413 » » » siglen,"","(stdin)",bmd,hmac_key,non_fips_allow); | 490 » » » siglen,NULL,NULL,"stdin",bmd); |
414 } | 491 } |
415 else | 492 else |
416 { | 493 { |
417 » » name=OBJ_nid2sn(md->type); | 494 » » const char *md_name = NULL, *sig_name = NULL; |
| 495 » » if(!out_bin) |
| 496 » » » { |
| 497 » » » if (sigkey) |
| 498 » » » » { |
| 499 » » » » const EVP_PKEY_ASN1_METHOD *ameth; |
| 500 » » » » ameth = EVP_PKEY_get0_asn1(sigkey); |
| 501 » » » » if (ameth) |
| 502 » » » » » EVP_PKEY_asn1_get0_info(NULL, NULL, |
| 503 » » » » » » NULL, NULL, &sig_name, ameth); |
| 504 » » » » } |
| 505 » » » md_name = EVP_MD_name(md); |
| 506 » » » } |
418 err = 0; | 507 err = 0; |
419 for (i=0; i<argc; i++) | 508 for (i=0; i<argc; i++) |
420 { | 509 { |
421 char *tmp,*tofree=NULL; | |
422 int r; | 510 int r; |
423 | |
424 if (BIO_read_filename(in,argv[i]) <= 0) | 511 if (BIO_read_filename(in,argv[i]) <= 0) |
425 { | 512 { |
426 perror(argv[i]); | 513 perror(argv[i]); |
427 err++; | 514 err++; |
428 continue; | 515 continue; |
429 } | 516 } |
430 if(!out_bin) | |
431 { | |
432 size_t len = strlen(name)+strlen(argv[i])+(hmac_
key ? 5 : 0)+5; | |
433 tmp=tofree=OPENSSL_malloc(len); | |
434 BIO_snprintf(tmp,len,"%s%s(%s)= ", | |
435 hmac_key ? "HMAC-" : ""
,name,argv[i]); | |
436 } | |
437 else | 517 else |
438 tmp=""; | |
439 r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf, | 518 r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf, |
440 » » » » siglen,tmp,argv[i],bmd,hmac_key,non_fips_allow); | 519 » » » » siglen,sig_name,md_name, argv[i],bmd); |
441 if(r) | 520 if(r) |
442 err=r; | 521 err=r; |
443 if(tofree) | |
444 OPENSSL_free(tofree); | |
445 (void)BIO_reset(bmd); | 522 (void)BIO_reset(bmd); |
446 } | 523 } |
447 } | 524 } |
448 end: | 525 end: |
449 if (buf != NULL) | 526 if (buf != NULL) |
450 { | 527 { |
451 OPENSSL_cleanse(buf,BUFSIZE); | 528 OPENSSL_cleanse(buf,BUFSIZE); |
452 OPENSSL_free(buf); | 529 OPENSSL_free(buf); |
453 } | 530 } |
454 if (in != NULL) BIO_free(in); | 531 if (in != NULL) BIO_free(in); |
455 if (passin) | 532 if (passin) |
456 OPENSSL_free(passin); | 533 OPENSSL_free(passin); |
457 BIO_free_all(out); | 534 BIO_free_all(out); |
458 EVP_PKEY_free(sigkey); | 535 EVP_PKEY_free(sigkey); |
| 536 if (sigopts) |
| 537 sk_OPENSSL_STRING_free(sigopts); |
| 538 if (macopts) |
| 539 sk_OPENSSL_STRING_free(macopts); |
459 if(sigbuf) OPENSSL_free(sigbuf); | 540 if(sigbuf) OPENSSL_free(sigbuf); |
460 if (bmd != NULL) BIO_free(bmd); | 541 if (bmd != NULL) BIO_free(bmd); |
461 apps_shutdown(); | 542 apps_shutdown(); |
462 OPENSSL_EXIT(err); | 543 OPENSSL_EXIT(err); |
463 } | 544 } |
464 | 545 |
465 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, | 546 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, |
466 » EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, | 547 » EVP_PKEY *key, unsigned char *sigin, int siglen, |
467 » const char *file,BIO *bmd,const char *hmac_key,int non_fips_allow) | 548 » const char *sig_name, const char *md_name, |
| 549 » const char *file,BIO *bmd) |
468 { | 550 { |
469 » unsigned int len; | 551 » size_t len; |
470 int i; | 552 int i; |
471 EVP_MD_CTX *md_ctx; | |
472 HMAC_CTX hmac_ctx; | |
473 | 553 |
474 if (hmac_key) | |
475 { | |
476 EVP_MD *md; | |
477 | |
478 BIO_get_md(bmd,&md); | |
479 HMAC_CTX_init(&hmac_ctx); | |
480 HMAC_Init_ex(&hmac_ctx,hmac_key,strlen(hmac_key),md, NULL); | |
481 BIO_get_md_ctx(bmd,&md_ctx); | |
482 BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx); | |
483 } | |
484 for (;;) | 554 for (;;) |
485 { | 555 { |
486 i=BIO_read(bp,(char *)buf,BUFSIZE); | 556 i=BIO_read(bp,(char *)buf,BUFSIZE); |
487 if(i < 0) | 557 if(i < 0) |
488 { | 558 { |
489 BIO_printf(bio_err, "Read Error in %s\n",file); | 559 BIO_printf(bio_err, "Read Error in %s\n",file); |
490 ERR_print_errors(bio_err); | 560 ERR_print_errors(bio_err); |
491 return 1; | 561 return 1; |
492 } | 562 } |
493 if (i == 0) break; | 563 if (i == 0) break; |
494 } | 564 } |
495 if(sigin) | 565 if(sigin) |
496 { | 566 { |
497 EVP_MD_CTX *ctx; | 567 EVP_MD_CTX *ctx; |
498 BIO_get_md_ctx(bp, &ctx); | 568 BIO_get_md_ctx(bp, &ctx); |
499 » » i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key); | 569 » » i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen); |
500 if(i > 0) | 570 if(i > 0) |
501 BIO_printf(out, "Verified OK\n"); | 571 BIO_printf(out, "Verified OK\n"); |
502 else if(i == 0) | 572 else if(i == 0) |
503 { | 573 { |
504 BIO_printf(out, "Verification Failure\n"); | 574 BIO_printf(out, "Verification Failure\n"); |
505 return 1; | 575 return 1; |
506 } | 576 } |
507 else | 577 else |
508 { | 578 { |
509 BIO_printf(bio_err, "Error Verifying Data\n"); | 579 BIO_printf(bio_err, "Error Verifying Data\n"); |
510 ERR_print_errors(bio_err); | 580 ERR_print_errors(bio_err); |
511 return 1; | 581 return 1; |
512 } | 582 } |
513 return 0; | 583 return 0; |
514 } | 584 } |
515 if(key) | 585 if(key) |
516 { | 586 { |
517 EVP_MD_CTX *ctx; | 587 EVP_MD_CTX *ctx; |
518 BIO_get_md_ctx(bp, &ctx); | 588 BIO_get_md_ctx(bp, &ctx); |
519 » » if(!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key)) | 589 » » len = BUFSIZE; |
| 590 » » if(!EVP_DigestSignFinal(ctx, buf, &len)) |
520 { | 591 { |
521 BIO_printf(bio_err, "Error Signing Data\n"); | 592 BIO_printf(bio_err, "Error Signing Data\n"); |
522 ERR_print_errors(bio_err); | 593 ERR_print_errors(bio_err); |
523 return 1; | 594 return 1; |
524 } | 595 } |
525 } | 596 } |
526 » else if(hmac_key) | 597 » else |
527 { | 598 { |
528 » » HMAC_Final(&hmac_ctx,buf,&len); | 599 » » len=BIO_gets(bp,(char *)buf,BUFSIZE); |
529 » » HMAC_CTX_cleanup(&hmac_ctx); | 600 » » if ((int)len <0) |
| 601 » » » { |
| 602 » » » ERR_print_errors(bio_err); |
| 603 » » » return 1; |
| 604 » » » } |
530 } | 605 } |
531 else | |
532 len=BIO_gets(bp,(char *)buf,BUFSIZE); | |
533 | 606 |
534 if(binout) BIO_write(out, buf, len); | 607 if(binout) BIO_write(out, buf, len); |
| 608 else if (sep == 2) |
| 609 { |
| 610 for (i=0; i<(int)len; i++) |
| 611 BIO_printf(out, "%02x",buf[i]); |
| 612 BIO_printf(out, " *%s\n", file); |
| 613 } |
535 else | 614 else |
536 { | 615 { |
537 » » BIO_write(out,title,strlen(title)); | 616 » » if (sig_name) |
| 617 » » » BIO_printf(out, "%s-%s(%s)= ", sig_name, md_name, file); |
| 618 » » else if (md_name) |
| 619 » » » BIO_printf(out, "%s(%s)= ", md_name, file); |
| 620 » » else |
| 621 » » » BIO_printf(out, "(%s)= ", file); |
538 for (i=0; i<(int)len; i++) | 622 for (i=0; i<(int)len; i++) |
539 { | 623 { |
540 if (sep && (i != 0)) | 624 if (sep && (i != 0)) |
541 BIO_printf(out, ":"); | 625 BIO_printf(out, ":"); |
542 BIO_printf(out, "%02x",buf[i]); | 626 BIO_printf(out, "%02x",buf[i]); |
543 } | 627 } |
544 BIO_printf(out, "\n"); | 628 BIO_printf(out, "\n"); |
545 } | 629 } |
546 if (hmac_key) | |
547 { | |
548 BIO_set_md_ctx(bmd,md_ctx); | |
549 } | |
550 return 0; | 630 return 0; |
551 } | 631 } |
552 | 632 |
OLD | NEW |