search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
PR: 2786
[mirror-openssl.git] / apps / dgst.c
blobd471dbdabda49e244f5ad13be5a059731fb46b44
1 /* apps/dgst.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59 #include <stdio.h>
60 #include <string.h>
61 #include <stdlib.h>
62 #include "apps.h"
63 #include <openssl/bio.h>
64 #include <openssl/err.h>
65 #include <openssl/evp.h>
66 #include <openssl/objects.h>
67 #include <openssl/x509.h>
68 #include <openssl/pem.h>
69 #include <openssl/hmac.h>
70
71 #undef BUFSIZE
72 #define BUFSIZE 1024*8
73
74 #undef PROG
75 #define PROG dgst_main
76
77 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
78 EVP_PKEY *key, unsigned char *sigin, int siglen,
79 const char *sig_name, const char *md_name,
80 const char *file,BIO *bmd);
81
82 static void list_md_fn(const EVP_MD *m,
83 const char *from, const char *to, void *arg)
84 {
85 const char *mname;
86 /* Skip aliases */
87 if (!m)
88 return;
89 mname = OBJ_nid2ln(EVP_MD_type(m));
90 /* Skip shortnames */
91 if (strcmp(from, mname))
92 return;
93 /* Skip clones */
94 if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST)
95 return;
96 if (strchr(mname, ' '))
97 mname= EVP_MD_name(m);
98 BIO_printf(arg, "-%-14s to use the %s message digest algorithm\n",
99 mname, mname);
100 }
101
102 int MAIN(int, char **);
103
104 int MAIN(int argc, char **argv)
105 {
106 ENGINE *e = NULL, *impl = NULL;
107 unsigned char *buf=NULL;
108 int i,err=1;
109 const EVP_MD *md=NULL,*m;
110 BIO *in=NULL,*inp;
111 BIO *bmd=NULL;
112 BIO *out = NULL;
113 #define PROG_NAME_SIZE 39
114 char pname[PROG_NAME_SIZE+1];
115 int separator=0;
116 int debug=0;
117 int keyform=FORMAT_PEM;
118 const char *outfile = NULL, *keyfile = NULL;
119 const char *sigfile = NULL, *randfile = NULL;
120 int out_bin = -1, want_pub = 0, do_verify = 0;
121 EVP_PKEY *sigkey = NULL;
122 unsigned char *sigbuf = NULL;
123 int siglen = 0;
124 char *passargin = NULL, *passin = NULL;
125 #ifndef OPENSSL_NO_ENGINE
126 char *engine=NULL;
127 int engine_impl = 0;
128 #endif
129 char *hmac_key=NULL;
130 char *mac_name=NULL;
131 int non_fips_allow = 0;
132 STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
133
134 apps_startup();
135
136 if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
137 {
138 BIO_printf(bio_err,"out of memory\n");
139 goto end;
140 }
141 if (bio_err == NULL)
142 if ((bio_err=BIO_new(BIO_s_file())) != NULL)
143 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
144
145 if (!load_config(bio_err, NULL))
146 goto end;
147
148 /* first check the program name */
149 program_name(argv[0],pname,sizeof pname);
150
151 md=EVP_get_digestbyname(pname);
152
153 argc--;
154 argv++;
155 while (argc > 0)
156 {
157 if ((*argv)[0] != '-') break;
158 if (strcmp(*argv,"-c") == 0)
159 separator=1;
160 else if (strcmp(*argv,"-r") == 0)
161 separator=2;
162 else if (strcmp(*argv,"-rand") == 0)
163 {
164 if (--argc < 1) break;
165 randfile=*(++argv);
166 }
167 else if (strcmp(*argv,"-out") == 0)
168 {
169 if (--argc < 1) break;
170 outfile=*(++argv);
171 }
172 else if (strcmp(*argv,"-sign") == 0)
173 {
174 if (--argc < 1) break;
175 keyfile=*(++argv);
176 }
177 else if (!strcmp(*argv,"-passin"))
178 {
179 if (--argc < 1)
180 break;
181 passargin=*++argv;
182 }
183 else if (strcmp(*argv,"-verify") == 0)
184 {
185 if (--argc < 1) break;
186 keyfile=*(++argv);
187 want_pub = 1;
188 do_verify = 1;
189 }
190 else if (strcmp(*argv,"-prverify") == 0)
191 {
192 if (--argc < 1) break;
193 keyfile=*(++argv);
194 do_verify = 1;
195 }
196 else if (strcmp(*argv,"-signature") == 0)
197 {
198 if (--argc < 1) break;
199 sigfile=*(++argv);
200 }
201 else if (strcmp(*argv,"-keyform") == 0)
202 {
203 if (--argc < 1) break;
204 keyform=str2fmt(*(++argv));
205 }
206 #ifndef OPENSSL_NO_ENGINE
207 else if (strcmp(*argv,"-engine") == 0)
208 {
209 if (--argc < 1) break;
210 engine= *(++argv);
211 e = setup_engine(bio_err, engine, 0);
212 }
213 else if (strcmp(*argv,"-engine_impl") == 0)
214 engine_impl = 1;
215 #endif
216 else if (strcmp(*argv,"-hex") == 0)
217 out_bin = 0;
218 else if (strcmp(*argv,"-binary") == 0)
219 out_bin = 1;
220 else if (strcmp(*argv,"-d") == 0)
221 debug=1;
222 else if (!strcmp(*argv,"-fips-fingerprint"))
223 hmac_key = "etaonrishdlcupfm";
224 else if (strcmp(*argv,"-non-fips-allow") == 0)
225 non_fips_allow=1;
226 else if (!strcmp(*argv,"-hmac"))
227 {
228 if (--argc < 1)
229 break;
230 hmac_key=*++argv;
231 }
232 else if (!strcmp(*argv,"-mac"))
233 {
234 if (--argc < 1)
235 break;
236 mac_name=*++argv;
237 }
238 else if (strcmp(*argv,"-sigopt") == 0)
239 {
240 if (--argc < 1)
241 break;
242 if (!sigopts)
243 sigopts = sk_OPENSSL_STRING_new_null();
244 if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
245 break;
246 }
247 else if (strcmp(*argv,"-macopt") == 0)
248 {
249 if (--argc < 1)
250 break;
251 if (!macopts)
252 macopts = sk_OPENSSL_STRING_new_null();
253 if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv)))
254 break;
255 }
256 else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
257 md=m;
258 else
259 break;
260 argc--;
261 argv++;
262 }
263
264
265 if(do_verify && !sigfile) {
266 BIO_printf(bio_err, "No signature to verify: use the -signature option\n");
267 goto end;
268 }
269
270 if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
271 {
272 BIO_printf(bio_err,"unknown option '%s'\n",*argv);
273 BIO_printf(bio_err,"options are\n");
274 BIO_printf(bio_err,"-c to output the digest with separating colons\n");
275 BIO_printf(bio_err,"-r to output the digest in coreutils format\n");
276 BIO_printf(bio_err,"-d to output debug info\n");
277 BIO_printf(bio_err,"-hex output as hex dump\n");
278 BIO_printf(bio_err,"-binary output in binary form\n");
279 BIO_printf(bio_err,"-sign file sign digest using private key in file\n");
280 BIO_printf(bio_err,"-verify file verify a signature using public key in file\n");
281 BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n");
282 BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n");
283 BIO_printf(bio_err,"-out filename output to filename rather than stdout\n");
284 BIO_printf(bio_err,"-signature file signature to verify\n");
285 BIO_printf(bio_err,"-sigopt nm:v signature parameter\n");
286 BIO_printf(bio_err,"-hmac key create hashed MAC with key\n");
287 BIO_printf(bio_err,"-mac algorithm create MAC (not neccessarily HMAC)\n");
288 BIO_printf(bio_err,"-macopt nm:v MAC algorithm parameters or key\n");
289 #ifndef OPENSSL_NO_ENGINE
290 BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
291 #endif
292
293 EVP_MD_do_all_sorted(list_md_fn, bio_err);
294 goto end;
295 }
296
297 #ifndef OPENSSL_NO_ENGINE
298 if (engine_impl)
299 impl = e;
300 #endif
301
302 in=BIO_new(BIO_s_file());
303 bmd=BIO_new(BIO_f_md());
304 if (debug)
305 {
306 BIO_set_callback(in,BIO_debug_callback);
307 /* needed for windows 3.1 */
308 BIO_set_callback_arg(in,(char *)bio_err);
309 }
310
311 if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
312 {
313 BIO_printf(bio_err, "Error getting password\n");
314 goto end;
315 }
316
317 if ((in == NULL) || (bmd == NULL))
318 {
319 ERR_print_errors(bio_err);
320 goto end;
321 }
322
323 if(out_bin == -1) {
324 if(keyfile)
325 out_bin = 1;
326 else
327 out_bin = 0;
328 }
329
330 if(randfile)
331 app_RAND_load_file(randfile, bio_err, 0);
332
333 if(outfile) {
334 if(out_bin)
335 out = BIO_new_file(outfile, "wb");
336 else out = BIO_new_file(outfile, "w");
337 } else {
338 out = BIO_new_fp(stdout, BIO_NOCLOSE);
339 #ifdef OPENSSL_SYS_VMS
340 {
341 BIO *tmpbio = BIO_new(BIO_f_linebuffer());
342 out = BIO_push(tmpbio, out);
343 }
344 #endif
345 }
346
347 if(!out) {
348 BIO_printf(bio_err, "Error opening output file %s\n",
349 outfile ? outfile : "(stdout)");
350 ERR_print_errors(bio_err);
351 goto end;
352 }
353 if ((!!mac_name + !!keyfile + !!hmac_key) > 1)
354 {
355 BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
356 goto end;
357 }
358
359 if(keyfile)
360 {
361 if (want_pub)
362 sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
363 e, "key file");
364 else
365 sigkey = load_key(bio_err, keyfile, keyform, 0, passin,
366 e, "key file");
367 if (!sigkey)
368 {
369 /* load_[pub]key() has already printed an appropriate
370 message */
371 goto end;
372 }
373 }
374
375 if (mac_name)
376 {
377 EVP_PKEY_CTX *mac_ctx = NULL;
378 int r = 0;
379 if (!init_gen_str(bio_err, &mac_ctx, mac_name, impl, 0))
380 goto mac_end;
381 if (macopts)
382 {
383 char *macopt;
384 for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++)
385 {
386 macopt = sk_OPENSSL_STRING_value(macopts, i);
387 if (pkey_ctrl_string(mac_ctx, macopt) <= 0)
388 {
389 BIO_printf(bio_err,
390 "MAC parameter error \"%s\"\n",
391 macopt);
392 ERR_print_errors(bio_err);
393 goto mac_end;
394 }
395 }
396 }
397 if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0)
398 {
399 BIO_puts(bio_err, "Error generating key\n");
400 ERR_print_errors(bio_err);
401 goto mac_end;
402 }
403 r = 1;
404 mac_end:
405 if (mac_ctx)
406 EVP_PKEY_CTX_free(mac_ctx);
407 if (r == 0)
408 goto end;
409 }
410
411 if (non_fips_allow)
412 {
413 EVP_MD_CTX *md_ctx;
414 BIO_get_md_ctx(bmd,&md_ctx);
415 EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
416 }
417
418 if (hmac_key)
419 {
420 sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl,
421 (unsigned char *)hmac_key, -1);
422 if (!sigkey)
423 goto end;
424 }
425
426 if (sigkey)
427 {
428 EVP_MD_CTX *mctx = NULL;
429 EVP_PKEY_CTX *pctx = NULL;
430 int r;
431 if (!BIO_get_md_ctx(bmd, &mctx))
432 {
433 BIO_printf(bio_err, "Error getting context\n");
434 ERR_print_errors(bio_err);
435 goto end;
436 }
437 if (do_verify)
438 r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
439 else
440 r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
441 if (!r)
442 {
443 BIO_printf(bio_err, "Error setting context\n");
444 ERR_print_errors(bio_err);
445 goto end;
446 }
447 if (sigopts)
448 {
449 char *sigopt;
450 for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++)
451 {
452 sigopt = sk_OPENSSL_STRING_value(sigopts, i);
453 if (pkey_ctrl_string(pctx, sigopt) <= 0)
454 {
455 BIO_printf(bio_err,
456 "parameter error \"%s\"\n",
457 sigopt);
458 ERR_print_errors(bio_err);
459 goto end;
460 }
461 }
462 }
463 }
464 /* we use md as a filter, reading from 'in' */
465 else
466 {
467 EVP_MD_CTX *mctx = NULL;
468 if (!BIO_get_md_ctx(bmd, &mctx))
469 {
470 BIO_printf(bio_err, "Error getting context\n");
471 ERR_print_errors(bio_err);
472 goto end;
473 }
474 if (md == NULL)
475 md = EVP_md5();
476 if (!EVP_DigestInit_ex(mctx, md, impl))
477 {
478 BIO_printf(bio_err, "Error setting digest %s\n", pname);
479 ERR_print_errors(bio_err);
480 goto end;
481 }
482 }
483
484 if(sigfile && sigkey) {
485 BIO *sigbio;
486 sigbio = BIO_new_file(sigfile, "rb");
487 siglen = EVP_PKEY_size(sigkey);
488 sigbuf = OPENSSL_malloc(siglen);
489 if(!sigbio) {
490 BIO_printf(bio_err, "Error opening signature file %s\n",
491 sigfile);
492 ERR_print_errors(bio_err);
493 goto end;
494 }
495 siglen = BIO_read(sigbio, sigbuf, siglen);
496 BIO_free(sigbio);
497 if(siglen <= 0) {
498 BIO_printf(bio_err, "Error reading signature file %s\n",
499 sigfile);
500 ERR_print_errors(bio_err);
501 goto end;
502 }
503 }
504 inp=BIO_push(bmd,in);
505
506 if (md == NULL)
507 {
508 EVP_MD_CTX *tctx;
509 BIO_get_md_ctx(bmd, &tctx);
510 md = EVP_MD_CTX_md(tctx);
511 }
512
513 if (argc == 0)
514 {
515 BIO_set_fp(in,stdin,BIO_NOCLOSE);
516 err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
517 siglen,NULL,NULL,"stdin",bmd);
518 }
519 else
520 {
521 const char *md_name = NULL, *sig_name = NULL;
522 if(!out_bin)
523 {
524 if (sigkey)
525 {
526 const EVP_PKEY_ASN1_METHOD *ameth;
527 ameth = EVP_PKEY_get0_asn1(sigkey);
528 if (ameth)
529 EVP_PKEY_asn1_get0_info(NULL, NULL,
530 NULL, NULL, &sig_name, ameth);
531 }
532 md_name = EVP_MD_name(md);
533 }
534 err = 0;
535 for (i=0; i<argc; i++)
536 {
537 int r;
538 if (BIO_read_filename(in,argv[i]) <= 0)
539 {
540 perror(argv[i]);
541 err++;
542 continue;
543 }
544 else
545 r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
546 siglen,sig_name,md_name, argv[i],bmd);
547 if(r)
548 err=r;
549 (void)BIO_reset(bmd);
550 }
551 }
552 end:
553 if (buf != NULL)
554 {
555 OPENSSL_cleanse(buf,BUFSIZE);
556 OPENSSL_free(buf);
557 }
558 if (in != NULL) BIO_free(in);
559 if (passin)
560 OPENSSL_free(passin);
561 BIO_free_all(out);
562 EVP_PKEY_free(sigkey);
563 if (sigopts)
564 sk_OPENSSL_STRING_free(sigopts);
565 if (macopts)
566 sk_OPENSSL_STRING_free(macopts);
567 if(sigbuf) OPENSSL_free(sigbuf);
568 if (bmd != NULL) BIO_free(bmd);
569 apps_shutdown();
570 OPENSSL_EXIT(err);
571 }
572
573 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
574 EVP_PKEY *key, unsigned char *sigin, int siglen,
575 const char *sig_name, const char *md_name,
576 const char *file,BIO *bmd)
577 {
578 size_t len;
579 int i;
580
581 for (;;)
582 {
583 i=BIO_read(bp,(char *)buf,BUFSIZE);
584 if(i < 0)
585 {
586 BIO_printf(bio_err, "Read Error in %s\n",file);
587 ERR_print_errors(bio_err);
588 return 1;
589 }
590 if (i == 0) break;
591 }
592 if(sigin)
593 {
594 EVP_MD_CTX *ctx;
595 BIO_get_md_ctx(bp, &ctx);
596 i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen);
597 if(i > 0)
598 BIO_printf(out, "Verified OK\n");
599 else if(i == 0)
600 {
601 BIO_printf(out, "Verification Failure\n");
602 return 1;
603 }
604 else
605 {
606 BIO_printf(bio_err, "Error Verifying Data\n");
607 ERR_print_errors(bio_err);
608 return 1;
609 }
610 return 0;
611 }
612 if(key)
613 {
614 EVP_MD_CTX *ctx;
615 BIO_get_md_ctx(bp, &ctx);
616 len = BUFSIZE;
617 if(!EVP_DigestSignFinal(ctx, buf, &len))
618 {
619 BIO_printf(bio_err, "Error Signing Data\n");
620 ERR_print_errors(bio_err);
621 return 1;
622 }
623 }
624 else
625 {
626 len=BIO_gets(bp,(char *)buf,BUFSIZE);
627 if ((int)len <0)
628 {
629 ERR_print_errors(bio_err);
630 return 1;
631 }
632 }
633
634 if(binout) BIO_write(out, buf, len);
635 else if (sep == 2)
636 {
637 for (i=0; i<(int)len; i++)
638 BIO_printf(out, "%02x",buf[i]);
639 BIO_printf(out, " *%s\n", file);
640 }
641 else
642 {
643 if (sig_name)
644 BIO_printf(out, "%s-%s(%s)= ", sig_name, md_name, file);
645 else if (md_name)
646 BIO_printf(out, "%s(%s)= ", md_name, file);
647 else
648 BIO_printf(out, "(%s)= ", file);
649 for (i=0; i<(int)len; i++)
650 {
651 if (sep && (i != 0))
652 BIO_printf(out, ":");
653 BIO_printf(out, "%02x",buf[i]);
654 }
655 BIO_printf(out, "\n");
656 }
657 return 0;
658 }
659
Mirror of openssl cvs repository