]>
Commit | Line | Data |
---|---|---|
d02b48c6 | 1 | /* apps/dgst.c */ |
58964a49 | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
d02b48c6 RE |
3 | * All rights reserved. |
4 | * | |
5 | * This package is an SSL implementation written | |
6 | * by Eric Young (eay@cryptsoft.com). | |
7 | * The implementation was written so as to conform with Netscapes SSL. | |
0f113f3e | 8 | * |
d02b48c6 RE |
9 | * This library is free for commercial and non-commercial use as long as |
10 | * the following conditions are aheared to. The following conditions | |
11 | * apply to all code found in this distribution, be it the RC4, RSA, | |
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
13 | * included with this distribution is covered by the same copyright terms | |
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
0f113f3e | 15 | * |
d02b48c6 RE |
16 | * Copyright remains Eric Young's, and as such any Copyright notices in |
17 | * the code are not to be removed. | |
18 | * If this package is used in a product, Eric Young should be given attribution | |
19 | * as the author of the parts of the library used. | |
20 | * This can be in the form of a textual message at program startup or | |
21 | * in documentation (online or textual) provided with the package. | |
0f113f3e | 22 | * |
d02b48c6 RE |
23 | * Redistribution and use in source and binary forms, with or without |
24 | * modification, are permitted provided that the following conditions | |
25 | * are met: | |
26 | * 1. Redistributions of source code must retain the copyright | |
27 | * notice, this list of conditions and the following disclaimer. | |
28 | * 2. Redistributions in binary form must reproduce the above copyright | |
29 | * notice, this list of conditions and the following disclaimer in the | |
30 | * documentation and/or other materials provided with the distribution. | |
31 | * 3. All advertising materials mentioning features or use of this software | |
32 | * must display the following acknowledgement: | |
33 | * "This product includes cryptographic software written by | |
34 | * Eric Young (eay@cryptsoft.com)" | |
35 | * The word 'cryptographic' can be left out if the rouines from the library | |
36 | * being used are not cryptographic related :-). | |
0f113f3e | 37 | * 4. If you include any Windows specific code (or a derivative thereof) from |
d02b48c6 RE |
38 | * the apps directory (application code) you must include an acknowledgement: |
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
0f113f3e | 40 | * |
d02b48c6 RE |
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
51 | * SUCH DAMAGE. | |
0f113f3e | 52 | * |
d02b48c6 RE |
53 | * The licence and distribution terms for any publically available version or |
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |
55 | * copied and put under another distribution licence | |
56 | * [including the GNU Public Licence.] | |
57 | */ | |
58 | ||
59 | #include <stdio.h> | |
60 | #include <string.h> | |
61 | #include <stdlib.h> | |
62 | #include "apps.h" | |
ec577822 BM |
63 | #include <openssl/bio.h> |
64 | #include <openssl/err.h> | |
65 | #include <openssl/evp.h> | |
66 | #include <openssl/objects.h> | |
67 | #include <openssl/x509.h> | |
68 | #include <openssl/pem.h> | |
52cfa397 | 69 | #include <openssl/hmac.h> |
d02b48c6 RE |
70 | |
71 | #undef BUFSIZE | |
0f113f3e | 72 | #define BUFSIZE 1024*8 |
d02b48c6 RE |
73 | |
74 | #undef PROG | |
0f113f3e | 75 | #define PROG dgst_main |
d02b48c6 | 76 | |
d15711ef | 77 | int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, |
0f113f3e MC |
78 | EVP_PKEY *key, unsigned char *sigin, int siglen, |
79 | const char *sig_name, const char *md_name, | |
80 | const char *file, BIO *bmd); | |
667ac4ec | 81 | |
e5fa864f | 82 | static void list_md_fn(const EVP_MD *m, |
0f113f3e MC |
83 | const char *from, const char *to, void *arg) |
84 | { | |
85 | const char *mname; | |
86 | /* Skip aliases */ | |
87 | if (!m) | |
88 | return; | |
89 | mname = OBJ_nid2ln(EVP_MD_type(m)); | |
90 | /* Skip shortnames */ | |
91 | if (strcmp(from, mname)) | |
92 | return; | |
93 | /* Skip clones */ | |
94 | if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST) | |
95 | return; | |
96 | if (strchr(mname, ' ')) | |
97 | mname = EVP_MD_name(m); | |
98 | BIO_printf(arg, "-%-14s to use the %s message digest algorithm\n", | |
99 | mname, mname); | |
100 | } | |
e5fa864f | 101 | |
667ac4ec RE |
102 | int MAIN(int, char **); |
103 | ||
6b691a5c | 104 | int MAIN(int argc, char **argv) |
0f113f3e MC |
105 | { |
106 | ENGINE *e = NULL, *impl = NULL; | |
107 | unsigned char *buf = NULL; | |
108 | int i, err = 1; | |
109 | const EVP_MD *md = NULL, *m; | |
110 | BIO *in = NULL, *inp; | |
111 | BIO *bmd = NULL; | |
112 | BIO *out = NULL; | |
dfee50ec | 113 | #define PROG_NAME_SIZE 39 |
0f113f3e MC |
114 | char pname[PROG_NAME_SIZE + 1]; |
115 | int separator = 0; | |
116 | int debug = 0; | |
117 | int keyform = FORMAT_PEM; | |
118 | const char *outfile = NULL, *keyfile = NULL; | |
119 | const char *sigfile = NULL, *randfile = NULL; | |
120 | int out_bin = -1, want_pub = 0, do_verify = 0; | |
121 | EVP_PKEY *sigkey = NULL; | |
122 | unsigned char *sigbuf = NULL; | |
123 | int siglen = 0; | |
124 | char *passargin = NULL, *passin = NULL; | |
0b13e9f0 | 125 | #ifndef OPENSSL_NO_ENGINE |
0f113f3e MC |
126 | char *engine = NULL; |
127 | int engine_impl = 0; | |
0b13e9f0 | 128 | #endif |
0f113f3e MC |
129 | char *hmac_key = NULL; |
130 | char *mac_name = NULL; | |
131 | int non_fips_allow = 0; | |
132 | STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL; | |
133 | ||
134 | apps_startup(); | |
135 | ||
136 | if ((buf = (unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) { | |
137 | BIO_printf(bio_err, "out of memory\n"); | |
138 | goto end; | |
139 | } | |
140 | if (bio_err == NULL) | |
141 | if ((bio_err = BIO_new(BIO_s_file())) != NULL) | |
142 | BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); | |
143 | ||
144 | if (!load_config(bio_err, NULL)) | |
145 | goto end; | |
146 | ||
147 | /* first check the program name */ | |
148 | program_name(argv[0], pname, sizeof pname); | |
149 | ||
150 | md = EVP_get_digestbyname(pname); | |
151 | ||
152 | argc--; | |
153 | argv++; | |
154 | while (argc > 0) { | |
155 | if ((*argv)[0] != '-') | |
156 | break; | |
157 | if (strcmp(*argv, "-c") == 0) | |
158 | separator = 1; | |
159 | else if (strcmp(*argv, "-r") == 0) | |
160 | separator = 2; | |
161 | else if (strcmp(*argv, "-rand") == 0) { | |
162 | if (--argc < 1) | |
163 | break; | |
164 | randfile = *(++argv); | |
165 | } else if (strcmp(*argv, "-out") == 0) { | |
166 | if (--argc < 1) | |
167 | break; | |
168 | outfile = *(++argv); | |
169 | } else if (strcmp(*argv, "-sign") == 0) { | |
170 | if (--argc < 1) | |
171 | break; | |
172 | keyfile = *(++argv); | |
173 | } else if (!strcmp(*argv, "-passin")) { | |
174 | if (--argc < 1) | |
175 | break; | |
176 | passargin = *++argv; | |
177 | } else if (strcmp(*argv, "-verify") == 0) { | |
178 | if (--argc < 1) | |
179 | break; | |
180 | keyfile = *(++argv); | |
181 | want_pub = 1; | |
182 | do_verify = 1; | |
183 | } else if (strcmp(*argv, "-prverify") == 0) { | |
184 | if (--argc < 1) | |
185 | break; | |
186 | keyfile = *(++argv); | |
187 | do_verify = 1; | |
188 | } else if (strcmp(*argv, "-signature") == 0) { | |
189 | if (--argc < 1) | |
190 | break; | |
191 | sigfile = *(++argv); | |
192 | } else if (strcmp(*argv, "-keyform") == 0) { | |
193 | if (--argc < 1) | |
194 | break; | |
195 | keyform = str2fmt(*(++argv)); | |
196 | } | |
0b13e9f0 | 197 | #ifndef OPENSSL_NO_ENGINE |
0f113f3e MC |
198 | else if (strcmp(*argv, "-engine") == 0) { |
199 | if (--argc < 1) | |
200 | break; | |
201 | engine = *(++argv); | |
202 | e = setup_engine(bio_err, engine, 0); | |
203 | } else if (strcmp(*argv, "-engine_impl") == 0) | |
204 | engine_impl = 1; | |
0b13e9f0 | 205 | #endif |
0f113f3e MC |
206 | else if (strcmp(*argv, "-hex") == 0) |
207 | out_bin = 0; | |
208 | else if (strcmp(*argv, "-binary") == 0) | |
209 | out_bin = 1; | |
210 | else if (strcmp(*argv, "-d") == 0) | |
211 | debug = 1; | |
212 | else if (!strcmp(*argv, "-fips-fingerprint")) | |
213 | hmac_key = "etaonrishdlcupfm"; | |
214 | else if (strcmp(*argv, "-non-fips-allow") == 0) | |
215 | non_fips_allow = 1; | |
216 | else if (!strcmp(*argv, "-hmac")) { | |
217 | if (--argc < 1) | |
218 | break; | |
219 | hmac_key = *++argv; | |
220 | } else if (!strcmp(*argv, "-mac")) { | |
221 | if (--argc < 1) | |
222 | break; | |
223 | mac_name = *++argv; | |
224 | } else if (strcmp(*argv, "-sigopt") == 0) { | |
225 | if (--argc < 1) | |
226 | break; | |
227 | if (!sigopts) | |
228 | sigopts = sk_OPENSSL_STRING_new_null(); | |
229 | if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv))) | |
230 | break; | |
231 | } else if (strcmp(*argv, "-macopt") == 0) { | |
232 | if (--argc < 1) | |
233 | break; | |
234 | if (!macopts) | |
235 | macopts = sk_OPENSSL_STRING_new_null(); | |
236 | if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv))) | |
237 | break; | |
238 | } else if ((m = EVP_get_digestbyname(&((*argv)[1]))) != NULL) | |
239 | md = m; | |
240 | else | |
241 | break; | |
242 | argc--; | |
243 | argv++; | |
244 | } | |
245 | ||
246 | if (do_verify && !sigfile) { | |
247 | BIO_printf(bio_err, | |
248 | "No signature to verify: use the -signature option\n"); | |
249 | goto end; | |
250 | } | |
251 | ||
252 | if ((argc > 0) && (argv[0][0] == '-')) { /* bad option */ | |
253 | BIO_printf(bio_err, "unknown option '%s'\n", *argv); | |
254 | BIO_printf(bio_err, "options are\n"); | |
255 | BIO_printf(bio_err, | |
256 | "-c to output the digest with separating colons\n"); | |
257 | BIO_printf(bio_err, | |
258 | "-r to output the digest in coreutils format\n"); | |
259 | BIO_printf(bio_err, "-d to output debug info\n"); | |
260 | BIO_printf(bio_err, "-hex output as hex dump\n"); | |
261 | BIO_printf(bio_err, "-binary output in binary form\n"); | |
262 | BIO_printf(bio_err, "-hmac arg set the HMAC key to arg\n"); | |
263 | BIO_printf(bio_err, "-non-fips-allow allow use of non FIPS digest\n"); | |
264 | BIO_printf(bio_err, | |
265 | "-sign file sign digest using private key in file\n"); | |
266 | BIO_printf(bio_err, | |
267 | "-verify file verify a signature using public key in file\n"); | |
268 | BIO_printf(bio_err, | |
269 | "-prverify file verify a signature using private key in file\n"); | |
270 | BIO_printf(bio_err, | |
271 | "-keyform arg key file format (PEM or ENGINE)\n"); | |
272 | BIO_printf(bio_err, | |
273 | "-out filename output to filename rather than stdout\n"); | |
274 | BIO_printf(bio_err, "-signature file signature to verify\n"); | |
275 | BIO_printf(bio_err, "-sigopt nm:v signature parameter\n"); | |
276 | BIO_printf(bio_err, "-hmac key create hashed MAC with key\n"); | |
277 | BIO_printf(bio_err, | |
278 | "-mac algorithm create MAC (not neccessarily HMAC)\n"); | |
279 | BIO_printf(bio_err, | |
280 | "-macopt nm:v MAC algorithm parameters or key\n"); | |
0b13e9f0 | 281 | #ifndef OPENSSL_NO_ENGINE |
0f113f3e MC |
282 | BIO_printf(bio_err, |
283 | "-engine e use engine e, possibly a hardware device.\n"); | |
0b13e9f0 | 284 | #endif |
7df1c720 | 285 | |
0f113f3e MC |
286 | EVP_MD_do_all_sorted(list_md_fn, bio_err); |
287 | goto end; | |
288 | } | |
bb845ee0 | 289 | #ifndef OPENSSL_NO_ENGINE |
0f113f3e MC |
290 | if (engine_impl) |
291 | impl = e; | |
bb845ee0 DSH |
292 | #endif |
293 | ||
0f113f3e MC |
294 | in = BIO_new(BIO_s_file()); |
295 | bmd = BIO_new(BIO_f_md()); | |
296 | if (debug) { | |
297 | BIO_set_callback(in, BIO_debug_callback); | |
298 | /* needed for windows 3.1 */ | |
299 | BIO_set_callback_arg(in, (char *)bio_err); | |
300 | } | |
301 | ||
302 | if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { | |
303 | BIO_printf(bio_err, "Error getting password\n"); | |
304 | goto end; | |
305 | } | |
306 | ||
307 | if ((in == NULL) || (bmd == NULL)) { | |
308 | ERR_print_errors(bio_err); | |
309 | goto end; | |
310 | } | |
311 | ||
312 | if (out_bin == -1) { | |
313 | if (keyfile) | |
314 | out_bin = 1; | |
315 | else | |
316 | out_bin = 0; | |
317 | } | |
318 | ||
319 | if (randfile) | |
320 | app_RAND_load_file(randfile, bio_err, 0); | |
321 | ||
322 | if (outfile) { | |
323 | if (out_bin) | |
324 | out = BIO_new_file(outfile, "wb"); | |
325 | else | |
326 | out = BIO_new_file(outfile, "w"); | |
327 | } else { | |
328 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | |
bc36ee62 | 329 | #ifdef OPENSSL_SYS_VMS |
0f113f3e MC |
330 | { |
331 | BIO *tmpbio = BIO_new(BIO_f_linebuffer()); | |
332 | out = BIO_push(tmpbio, out); | |
333 | } | |
645749ef | 334 | #endif |
0f113f3e MC |
335 | } |
336 | ||
337 | if (!out) { | |
338 | BIO_printf(bio_err, "Error opening output file %s\n", | |
339 | outfile ? outfile : "(stdout)"); | |
340 | ERR_print_errors(bio_err); | |
341 | goto end; | |
342 | } | |
343 | if ((! !mac_name + ! !keyfile + ! !hmac_key) > 1) { | |
344 | BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n"); | |
345 | goto end; | |
346 | } | |
347 | ||
348 | if (keyfile) { | |
349 | if (want_pub) | |
350 | sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL, | |
351 | e, "key file"); | |
352 | else | |
353 | sigkey = load_key(bio_err, keyfile, keyform, 0, passin, | |
354 | e, "key file"); | |
355 | if (!sigkey) { | |
356 | /* | |
357 | * load_[pub]key() has already printed an appropriate message | |
358 | */ | |
359 | goto end; | |
360 | } | |
361 | } | |
362 | ||
363 | if (mac_name) { | |
364 | EVP_PKEY_CTX *mac_ctx = NULL; | |
365 | int r = 0; | |
366 | if (!init_gen_str(bio_err, &mac_ctx, mac_name, impl, 0)) | |
367 | goto mac_end; | |
368 | if (macopts) { | |
369 | char *macopt; | |
370 | for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) { | |
371 | macopt = sk_OPENSSL_STRING_value(macopts, i); | |
372 | if (pkey_ctrl_string(mac_ctx, macopt) <= 0) { | |
373 | BIO_printf(bio_err, | |
374 | "MAC parameter error \"%s\"\n", macopt); | |
375 | ERR_print_errors(bio_err); | |
376 | goto mac_end; | |
377 | } | |
378 | } | |
379 | } | |
380 | if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) { | |
381 | BIO_puts(bio_err, "Error generating key\n"); | |
382 | ERR_print_errors(bio_err); | |
383 | goto mac_end; | |
384 | } | |
385 | r = 1; | |
386 | mac_end: | |
387 | if (mac_ctx) | |
388 | EVP_PKEY_CTX_free(mac_ctx); | |
389 | if (r == 0) | |
390 | goto end; | |
391 | } | |
392 | ||
393 | if (non_fips_allow) { | |
394 | EVP_MD_CTX *md_ctx; | |
395 | BIO_get_md_ctx(bmd, &md_ctx); | |
396 | EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | |
397 | } | |
398 | ||
399 | if (hmac_key) { | |
400 | sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl, | |
401 | (unsigned char *)hmac_key, -1); | |
402 | if (!sigkey) | |
403 | goto end; | |
404 | } | |
405 | ||
406 | if (sigkey) { | |
407 | EVP_MD_CTX *mctx = NULL; | |
408 | EVP_PKEY_CTX *pctx = NULL; | |
409 | int r; | |
410 | if (!BIO_get_md_ctx(bmd, &mctx)) { | |
411 | BIO_printf(bio_err, "Error getting context\n"); | |
412 | ERR_print_errors(bio_err); | |
413 | goto end; | |
414 | } | |
415 | if (do_verify) | |
416 | r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey); | |
417 | else | |
418 | r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey); | |
419 | if (!r) { | |
420 | BIO_printf(bio_err, "Error setting context\n"); | |
421 | ERR_print_errors(bio_err); | |
422 | goto end; | |
423 | } | |
424 | if (sigopts) { | |
425 | char *sigopt; | |
426 | for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) { | |
427 | sigopt = sk_OPENSSL_STRING_value(sigopts, i); | |
428 | if (pkey_ctrl_string(pctx, sigopt) <= 0) { | |
429 | BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt); | |
430 | ERR_print_errors(bio_err); | |
431 | goto end; | |
432 | } | |
433 | } | |
434 | } | |
435 | } | |
436 | /* we use md as a filter, reading from 'in' */ | |
437 | else { | |
438 | EVP_MD_CTX *mctx = NULL; | |
439 | if (!BIO_get_md_ctx(bmd, &mctx)) { | |
440 | BIO_printf(bio_err, "Error getting context\n"); | |
441 | ERR_print_errors(bio_err); | |
442 | goto end; | |
443 | } | |
444 | if (md == NULL) | |
445 | md = EVP_md5(); | |
446 | if (!EVP_DigestInit_ex(mctx, md, impl)) { | |
447 | BIO_printf(bio_err, "Error setting digest %s\n", pname); | |
448 | ERR_print_errors(bio_err); | |
449 | goto end; | |
450 | } | |
451 | } | |
452 | ||
453 | if (sigfile && sigkey) { | |
454 | BIO *sigbio; | |
455 | sigbio = BIO_new_file(sigfile, "rb"); | |
456 | siglen = EVP_PKEY_size(sigkey); | |
457 | sigbuf = OPENSSL_malloc(siglen); | |
458 | if (!sigbio) { | |
459 | BIO_printf(bio_err, "Error opening signature file %s\n", sigfile); | |
460 | ERR_print_errors(bio_err); | |
461 | goto end; | |
462 | } | |
463 | siglen = BIO_read(sigbio, sigbuf, siglen); | |
464 | BIO_free(sigbio); | |
465 | if (siglen <= 0) { | |
466 | BIO_printf(bio_err, "Error reading signature file %s\n", sigfile); | |
467 | ERR_print_errors(bio_err); | |
468 | goto end; | |
469 | } | |
470 | } | |
471 | inp = BIO_push(bmd, in); | |
472 | ||
473 | if (md == NULL) { | |
474 | EVP_MD_CTX *tctx; | |
475 | BIO_get_md_ctx(bmd, &tctx); | |
476 | md = EVP_MD_CTX_md(tctx); | |
477 | } | |
478 | ||
479 | if (argc == 0) { | |
480 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | |
481 | err = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf, | |
482 | siglen, NULL, NULL, "stdin", bmd); | |
483 | } else { | |
484 | const char *md_name = NULL, *sig_name = NULL; | |
485 | if (!out_bin) { | |
486 | if (sigkey) { | |
487 | const EVP_PKEY_ASN1_METHOD *ameth; | |
488 | ameth = EVP_PKEY_get0_asn1(sigkey); | |
489 | if (ameth) | |
490 | EVP_PKEY_asn1_get0_info(NULL, NULL, | |
491 | NULL, NULL, &sig_name, ameth); | |
492 | } | |
493 | if (md) | |
494 | md_name = EVP_MD_name(md); | |
495 | } | |
496 | err = 0; | |
497 | for (i = 0; i < argc; i++) { | |
498 | int r; | |
499 | if (BIO_read_filename(in, argv[i]) <= 0) { | |
500 | perror(argv[i]); | |
501 | err++; | |
502 | continue; | |
503 | } else | |
504 | r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf, | |
505 | siglen, sig_name, md_name, argv[i], bmd); | |
506 | if (r) | |
507 | err = r; | |
508 | (void)BIO_reset(bmd); | |
509 | } | |
510 | } | |
511 | end: | |
512 | if (buf != NULL) { | |
513 | OPENSSL_cleanse(buf, BUFSIZE); | |
514 | OPENSSL_free(buf); | |
515 | } | |
516 | if (in != NULL) | |
517 | BIO_free(in); | |
518 | if (passin) | |
519 | OPENSSL_free(passin); | |
520 | BIO_free_all(out); | |
521 | EVP_PKEY_free(sigkey); | |
522 | if (sigopts) | |
523 | sk_OPENSSL_STRING_free(sigopts); | |
524 | if (macopts) | |
525 | sk_OPENSSL_STRING_free(macopts); | |
526 | if (sigbuf) | |
527 | OPENSSL_free(sigbuf); | |
528 | if (bmd != NULL) | |
529 | BIO_free(bmd); | |
530 | apps_shutdown(); | |
531 | OPENSSL_EXIT(err); | |
532 | } | |
d02b48c6 | 533 | |
d15711ef | 534 | int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, |
0f113f3e MC |
535 | EVP_PKEY *key, unsigned char *sigin, int siglen, |
536 | const char *sig_name, const char *md_name, | |
537 | const char *file, BIO *bmd) | |
538 | { | |
539 | size_t len; | |
540 | int i; | |
541 | ||
542 | for (;;) { | |
543 | i = BIO_read(bp, (char *)buf, BUFSIZE); | |
544 | if (i < 0) { | |
545 | BIO_printf(bio_err, "Read Error in %s\n", file); | |
546 | ERR_print_errors(bio_err); | |
547 | return 1; | |
548 | } | |
549 | if (i == 0) | |
550 | break; | |
551 | } | |
552 | if (sigin) { | |
553 | EVP_MD_CTX *ctx; | |
554 | BIO_get_md_ctx(bp, &ctx); | |
555 | i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen); | |
556 | if (i > 0) | |
557 | BIO_printf(out, "Verified OK\n"); | |
558 | else if (i == 0) { | |
559 | BIO_printf(out, "Verification Failure\n"); | |
560 | return 1; | |
561 | } else { | |
562 | BIO_printf(bio_err, "Error Verifying Data\n"); | |
563 | ERR_print_errors(bio_err); | |
564 | return 1; | |
565 | } | |
566 | return 0; | |
567 | } | |
568 | if (key) { | |
569 | EVP_MD_CTX *ctx; | |
570 | BIO_get_md_ctx(bp, &ctx); | |
571 | len = BUFSIZE; | |
572 | if (!EVP_DigestSignFinal(ctx, buf, &len)) { | |
573 | BIO_printf(bio_err, "Error Signing Data\n"); | |
574 | ERR_print_errors(bio_err); | |
575 | return 1; | |
576 | } | |
577 | } else { | |
578 | len = BIO_gets(bp, (char *)buf, BUFSIZE); | |
579 | if ((int)len < 0) { | |
580 | ERR_print_errors(bio_err); | |
581 | return 1; | |
582 | } | |
583 | } | |
584 | ||
585 | if (binout) | |
586 | BIO_write(out, buf, len); | |
587 | else if (sep == 2) { | |
588 | for (i = 0; i < (int)len; i++) | |
589 | BIO_printf(out, "%02x", buf[i]); | |
590 | BIO_printf(out, " *%s\n", file); | |
591 | } else { | |
592 | if (sig_name) { | |
593 | BIO_puts(out, sig_name); | |
594 | if (md_name) | |
595 | BIO_printf(out, "-%s", md_name); | |
596 | BIO_printf(out, "(%s)= ", file); | |
597 | } else if (md_name) | |
598 | BIO_printf(out, "%s(%s)= ", md_name, file); | |
599 | else | |
600 | BIO_printf(out, "(%s)= ", file); | |
601 | for (i = 0; i < (int)len; i++) { | |
602 | if (sep && (i != 0)) | |
603 | BIO_printf(out, ":"); | |
604 | BIO_printf(out, "%02x", buf[i]); | |
605 | } | |
606 | BIO_printf(out, "\n"); | |
607 | } | |
608 | return 0; | |
609 | } |