X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=apps%2Fdgst.c;h=9ebfc22e79692f2b06b3a33ef55e192467070785;hb=3008a7d819dfcfd4de999b2931245c41336534bc;hp=5d5ab94aea01ee5a1b7005d7be28ba0976ba27cb;hpb=623eea376a7bff6d50c88407c10f279e6f838de4;p=oweals%2Fopenssl.git diff --git a/apps/dgst.c b/apps/dgst.c index 5d5ab94aea..9ebfc22e79 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -66,6 +66,7 @@ #include #include #include +#include #undef BUFSIZE #define BUFSIZE 1024*8 @@ -73,33 +74,43 @@ #undef PROG #define PROG dgst_main -void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout, - EVP_PKEY *key, unsigned char *sigin, unsigned int siglen); +int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, + EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, + const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow); int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; unsigned char *buf=NULL; - int i,err=0; + int i,err=1; const EVP_MD *md=NULL,*m; BIO *in=NULL,*inp; BIO *bmd=NULL; BIO *out = NULL; const char *name; -#define PROG_NAME_SIZE 16 - char pname[PROG_NAME_SIZE]; +#define PROG_NAME_SIZE 39 + char pname[PROG_NAME_SIZE+1]; int separator=0; int debug=0; + int keyform=FORMAT_PEM; const char *outfile = NULL, *keyfile = NULL; const char *sigfile = NULL, *randfile = NULL; - char out_bin = -1, want_pub = 0, do_verify = 0; + int out_bin = -1, want_pub = 0, do_verify = 0; EVP_PKEY *sigkey = NULL; unsigned char *sigbuf = NULL; - unsigned int siglen = 0; + int siglen = 0; + unsigned int sig_flags = 0; + char *passargin = NULL, *passin = NULL; +#ifndef OPENSSL_NO_ENGINE + char *engine=NULL; +#endif + char *hmac_key=NULL; + int non_fips_allow = 0; apps_startup(); - +ERR_load_crypto_strings(); if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) { BIO_printf(bio_err,"out of memory\n"); @@ -109,8 +120,11 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + /* first check the program name */ - program_name(argv[0],pname,PROG_NAME_SIZE); + program_name(argv[0],pname,sizeof pname); md=EVP_get_digestbyname(pname); @@ -136,6 +150,12 @@ int MAIN(int argc, char **argv) if (--argc < 1) break; keyfile=*(++argv); } + else if (!strcmp(*argv,"-passin")) + { + if (--argc < 1) + break; + passargin=*++argv; + } else if (strcmp(*argv,"-verify") == 0) { if (--argc < 1) break; @@ -149,17 +169,60 @@ int MAIN(int argc, char **argv) keyfile=*(++argv); do_verify = 1; } + else if (strcmp(*argv,"-x931") == 0) + sig_flags = EVP_MD_CTX_FLAG_PAD_X931; + else if (strcmp(*argv,"-pss_saltlen") == 0) + { + int saltlen; + if (--argc < 1) break; + saltlen=atoi(*(++argv)); + if (saltlen == -1) + sig_flags = EVP_MD_CTX_FLAG_PSS_MREC; + else if (saltlen == -2) + sig_flags = EVP_MD_CTX_FLAG_PSS_MDLEN; + else if (saltlen < -2 || saltlen >= 0xFFFE) + { + BIO_printf(bio_err, "Invalid PSS salt length %d\n", saltlen); + goto end; + } + else + sig_flags = saltlen; + sig_flags <<= 16; + sig_flags |= EVP_MD_CTX_FLAG_PAD_PSS; + } else if (strcmp(*argv,"-signature") == 0) { if (--argc < 1) break; sigfile=*(++argv); } + else if (strcmp(*argv,"-keyform") == 0) + { + if (--argc < 1) break; + keyform=str2fmt(*(++argv)); + } +#ifndef OPENSSL_NO_ENGINE + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) break; + engine= *(++argv); + } +#endif else if (strcmp(*argv,"-hex") == 0) out_bin = 0; else if (strcmp(*argv,"-binary") == 0) out_bin = 1; else if (strcmp(*argv,"-d") == 0) debug=1; + else if (strcmp(*argv,"-non-fips-allow") == 0) + non_fips_allow=1; + else if (!strcmp(*argv,"-fips-fingerprint")) + hmac_key = "etaonrishdlcupfm"; + else if (!strcmp(*argv,"-hmac")) + { + if (--argc < 1) + break; + hmac_key=*++argv; + } else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL) md=m; else @@ -188,34 +251,63 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"-sign file sign digest using private key in file\n"); BIO_printf(bio_err,"-verify file verify a signature using public key in file\n"); BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n"); + BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n"); BIO_printf(bio_err,"-signature file signature to verify\n"); BIO_printf(bio_err,"-binary output in binary form\n"); + BIO_printf(bio_err,"-hmac key create hashed MAC with key\n"); +#ifndef OPENSSL_NO_ENGINE + BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); +#endif - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm (default)\n", LN_md5,LN_md5); - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_md4,LN_md4); - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_md2,LN_md2); - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", +#ifndef OPENSSL_NO_SHA + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_sha1,LN_sha1); - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_sha,LN_sha); - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", +#ifndef OPENSSL_NO_SHA256 + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", + LN_sha224,LN_sha224); + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", + LN_sha256,LN_sha256); +#endif +#ifndef OPENSSL_NO_SHA512 + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", + LN_sha384,LN_sha384); + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", + LN_sha512,LN_sha512); +#endif +#endif + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_mdc2,LN_mdc2); - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_ripemd160,LN_ripemd160); err=1; goto end; } +#ifndef OPENSSL_NO_ENGINE + e = setup_engine(bio_err, engine, 0); +#endif + in=BIO_new(BIO_s_file()); bmd=BIO_new(BIO_f_md()); if (debug) { BIO_set_callback(in,BIO_debug_callback); /* needed for windows 3.1 */ - BIO_set_callback_arg(in,bio_err); + BIO_set_callback_arg(in,(char *)bio_err); + } + + if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) + { + BIO_printf(bio_err, "Error getting password\n"); + goto end; } if ((in == NULL) || (bmd == NULL)) @@ -236,7 +328,15 @@ int MAIN(int argc, char **argv) if(out_bin) out = BIO_new_file(outfile, "wb"); else out = BIO_new_file(outfile, "w"); - } else out = BIO_new_fp(stdout, BIO_NOCLOSE); + } else { + out = BIO_new_fp(stdout, BIO_NOCLOSE); +#ifdef OPENSSL_SYS_VMS + { + BIO *tmpbio = BIO_new(BIO_f_linebuffer()); + out = BIO_push(tmpbio, out); + } +#endif + } if(!out) { BIO_printf(bio_err, "Error opening output file %s\n", @@ -245,27 +345,21 @@ int MAIN(int argc, char **argv) goto end; } - if(keyfile) { - BIO *keybio; - keybio = BIO_new_file(keyfile, "r"); - if(!keybio) { - BIO_printf(bio_err, "Error opening key file %s\n", - keyfile); - ERR_print_errors(bio_err); - goto end; - } - - if(want_pub) - sigkey = PEM_read_bio_PUBKEY(keybio, NULL, NULL, NULL); - else sigkey = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL); - BIO_free(keybio); - if(!sigkey) { - BIO_printf(bio_err, "Error reading key file %s\n", - keyfile); - ERR_print_errors(bio_err); + if(keyfile) + { + if (want_pub) + sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL, + e, "key file"); + else + sigkey = load_key(bio_err, keyfile, keyform, 0, passin, + e, "key file"); + if (!sigkey) + { + /* load_[pub]key() has already printed an appropriate + message */ goto end; + } } - } if(sigfile && sigkey) { BIO *sigbio; @@ -280,80 +374,143 @@ int MAIN(int argc, char **argv) } siglen = BIO_read(sigbio, sigbuf, siglen); BIO_free(sigbio); - if(siglen == 0) { + if(siglen <= 0) { BIO_printf(bio_err, "Error reading signature file %s\n", sigfile); ERR_print_errors(bio_err); goto end; } } - + if (non_fips_allow) + { + EVP_MD_CTX *md_ctx; + BIO_get_md_ctx(bmd,&md_ctx); + EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + } + + if (sig_flags) + { + EVP_MD_CTX *md_ctx; + BIO_get_md_ctx(bmd,&md_ctx); + EVP_MD_CTX_set_flags(md_ctx, sig_flags); + } /* we use md as a filter, reading from 'in' */ - BIO_set_md(bmd,md); + if (!BIO_set_md(bmd,md)) + { + BIO_printf(bio_err, "Error setting digest %s\n", pname); + ERR_print_errors(bio_err); + goto end; + } + inp=BIO_push(bmd,in); if (argc == 0) { BIO_set_fp(in,stdin,BIO_NOCLOSE); - do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, siglen); + err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, + siglen,"","(stdin)",bmd,hmac_key,non_fips_allow); } else { name=OBJ_nid2sn(md->type); + err = 0; for (i=0; i 0) BIO_printf(out, "Verified OK\n"); - else if(i == 0) BIO_printf(out, "Verification Failure\n"); + i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key); + if(i > 0) + BIO_printf(out, "Verified OK\n"); + else if(i == 0) + { + BIO_printf(out, "Verification Failure\n"); + return 1; + } else { BIO_printf(bio_err, "Error Verifying Data\n"); ERR_print_errors(bio_err); + return 1; } - return; + return 0; } if(key) { @@ -363,16 +520,22 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout, { BIO_printf(bio_err, "Error Signing Data\n"); ERR_print_errors(bio_err); - return; + return 1; } } + else if(hmac_key) + { + HMAC_Final(&hmac_ctx,buf,&len); + HMAC_CTX_cleanup(&hmac_ctx); + } else len=BIO_gets(bp,(char *)buf,BUFSIZE); if(binout) BIO_write(out, buf, len); else { - for (i=0; i