const char *md_name = NULL;
OPTION_CHOICE o;
int separator = 0, debug = 0, keyform = FORMAT_UNDEF, siglen = 0;
- int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
+ int i, ret = EXIT_FAILURE, out_bin = -1, want_pub = 0, do_verify = 0;
int xoflen = 0;
unsigned char *buf = NULL, *sigbuf = NULL;
int engine_impl = 0;
goto end;
case OPT_HELP:
opt_help(dgst_options);
- ret = 0;
+ ret = EXIT_SUCCESS;
goto end;
case OPT_LIST:
BIO_printf(bio_out, "Supported digests:\n");
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH,
show_digests, &dec);
BIO_printf(bio_out, "\n");
- ret = 0;
+ ret = EXIT_SUCCESS;
goto end;
case OPT_C:
separator = 1;
in = BIO_new(BIO_s_file());
bmd = BIO_new(BIO_f_md());
- if ((in == NULL) || (bmd == NULL)) {
- ERR_print_errors(bio_err);
+ if (in == NULL || bmd == NULL)
goto end;
- }
if (debug) {
BIO_set_callback(in, BIO_debug_callback);
goto end;
if ((!(mac_name == NULL) + !(keyfile == NULL) + !(hmac_key == NULL)) > 1) {
- BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
+ BIO_printf(bio_err, "MAC and signing key cannot both be specified\n");
goto end;
}
if (mac_name != NULL) {
EVP_PKEY_CTX *mac_ctx = NULL;
- int r = 0;
+
if (!init_gen_str(&mac_ctx, mac_name, impl, 0, NULL, NULL))
- goto mac_end;
+ goto end;
if (macopts != NULL) {
- char *macopt;
for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
- macopt = sk_OPENSSL_STRING_value(macopts, i);
+ char *macopt = sk_OPENSSL_STRING_value(macopts, i);
+
if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
- BIO_printf(bio_err,
- "MAC parameter error \"%s\"\n", macopt);
- ERR_print_errors(bio_err);
- goto mac_end;
+ EVP_PKEY_CTX_free(mac_ctx);
+ BIO_printf(bio_err, "MAC parameter error \"%s\"\n", macopt);
+ goto end;
}
}
}
- if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) {
- BIO_puts(bio_err, "Error generating key\n");
- ERR_print_errors(bio_err);
- goto mac_end;
- }
- r = 1;
- mac_end:
+
+ sigkey = app_keygen(mac_ctx, mac_name, 0, 0 /* not verbose */);
+ /* Verbose output would make external-tests gost-engine fail */
EVP_PKEY_CTX_free(mac_ctx);
- if (r == 0)
- goto end;
}
if (hmac_key != NULL) {
if (sigkey != NULL) {
EVP_MD_CTX *mctx = NULL;
EVP_PKEY_CTX *pctx = NULL;
- int r;
+ int res;
+
if (!BIO_get_md_ctx(bmd, &mctx)) {
BIO_printf(bio_err, "Error getting context\n");
- ERR_print_errors(bio_err);
goto end;
}
if (do_verify)
- r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
+ res = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
else
- r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
- if (!r) {
+ res = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
+ if (res == 0) {
BIO_printf(bio_err, "Error setting context\n");
- ERR_print_errors(bio_err);
goto end;
}
if (sigopts != NULL) {
- char *sigopt;
for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
- sigopt = sk_OPENSSL_STRING_value(sigopts, i);
+ char *sigopt = sk_OPENSSL_STRING_value(sigopts, i);
+
if (pkey_ctrl_string(pctx, sigopt) <= 0) {
- BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt);
- ERR_print_errors(bio_err);
+ BIO_printf(bio_err, "Signature parameter error \"%s\"\n",
+ sigopt);
goto end;
}
}
EVP_MD_CTX *mctx = NULL;
if (!BIO_get_md_ctx(bmd, &mctx)) {
BIO_printf(bio_err, "Error getting context\n");
- ERR_print_errors(bio_err);
goto end;
}
if (md == NULL)
md = (EVP_MD *)EVP_sha256();
if (!EVP_DigestInit_ex(mctx, md, impl)) {
BIO_printf(bio_err, "Error setting digest\n");
- ERR_print_errors(bio_err);
goto end;
}
}
if (sigfile != NULL && sigkey != NULL) {
BIO *sigbio = BIO_new_file(sigfile, "rb");
+
if (sigbio == NULL) {
BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
- ERR_print_errors(bio_err);
goto end;
}
siglen = EVP_PKEY_size(sigkey);
BIO_free(sigbio);
if (siglen <= 0) {
BIO_printf(bio_err, "Error reading signature file %s\n", sigfile);
- ERR_print_errors(bio_err);
goto end;
}
}
siglen, NULL, md_name, "stdin");
} else {
const char *sig_name = NULL;
- if (!out_bin) {
+
+ if (out_bin == 0) {
if (sigkey != NULL)
sig_name = EVP_PKEY_get0_type_name(sigkey);
}
- ret = 0;
+ ret = EXIT_SUCCESS;
for (i = 0; i < argc; i++) {
- int r;
if (BIO_read_filename(in, argv[i]) <= 0) {
perror(argv[i]);
- ret++;
+ ret = EXIT_FAILURE;
continue;
} else {
- r = do_fp(out, buf, inp, separator, out_bin, xoflen,
- sigkey, sigbuf, siglen, sig_name, md_name, argv[i]);
+ if (do_fp(out, buf, inp, separator, out_bin, xoflen,
+ sigkey, sigbuf, siglen, sig_name, md_name, argv[i]))
+ ret = EXIT_FAILURE;
}
- if (r)
- ret = r;
(void)BIO_reset(bmd);
}
}
end:
+ if (ret != EXIT_SUCCESS)
+ ERR_print_errors(bio_err);
OPENSSL_clear_free(buf, BUFSIZE);
BIO_free(in);
OPENSSL_free(passin);
const char *file)
{
size_t len = BUFSIZE;
- int i, backslash = 0, ret = 1;
+ int i, backslash = 0, ret = EXIT_FAILURE;
unsigned char *allocated_buf = NULL;
while (BIO_pending(bp) || !BIO_eof(bp)) {
i = BIO_read(bp, (char *)buf, BUFSIZE);
if (i < 0) {
- BIO_printf(bio_err, "Read Error in %s\n", file);
- ERR_print_errors(bio_err);
+ BIO_printf(bio_err, "Read error in %s\n", file);
goto end;
}
if (i == 0)
if (i > 0) {
BIO_printf(out, "Verified OK\n");
} else if (i == 0) {
- BIO_printf(out, "Verification Failure\n");
+ BIO_printf(out, "Verification failure\n");
goto end;
} else {
- BIO_printf(bio_err, "Error Verifying Data\n");
- ERR_print_errors(bio_err);
+ BIO_printf(bio_err, "Error verifying data\n");
goto end;
}
- ret = 0;
+ ret = EXIT_SUCCESS;
goto end;
}
if (key != NULL) {
BIO_get_md_ctx(bp, &ctx);
if (!EVP_DigestSignFinal(ctx, NULL, &tmplen)) {
- BIO_printf(bio_err, "Error Signing Data\n");
- ERR_print_errors(bio_err);
+ BIO_printf(bio_err, "Error getting maximum length of signed data\n");
goto end;
}
if (tmplen > BUFSIZE) {
buf = allocated_buf;
}
if (!EVP_DigestSignFinal(ctx, buf, &len)) {
- BIO_printf(bio_err, "Error Signing Data\n");
- ERR_print_errors(bio_err);
+ BIO_printf(bio_err, "Error signing data\n");
goto end;
}
} else if (xoflen > 0) {
if (!EVP_DigestFinalXOF(ctx, buf, len)) {
BIO_printf(bio_err, "Error Digesting Data\n");
- ERR_print_errors(bio_err);
goto end;
}
} else {
len = BIO_gets(bp, (char *)buf, BUFSIZE);
- if ((int)len < 0) {
- ERR_print_errors(bio_err);
+ if ((int)len < 0)
goto end;
- }
}
if (binout) {
BIO_printf(out, "\n");
}
- ret = 0;
+ ret = EXIT_SUCCESS;
end:
if (allocated_buf != NULL)
OPENSSL_clear_free(allocated_buf, len);
#include <openssl/ui.h>
#include <openssl/safestack.h>
#include <openssl/rsa.h>
+#include <openssl/rand.h>
#include <openssl/bn.h>
#include <openssl/ssl.h>
#include <openssl/store.h>
BIO_vprintf(bio_err, fmt, args);
va_end(args);
ERR_print_errors(bio_err);
- exit(1);
+ exit(EXIT_FAILURE);
}
void *app_malloc(size_t sz, const char *what)
OPENSSL_free(params);
}
}
+
+EVP_PKEY *app_keygen(EVP_PKEY_CTX *ctx, const char *alg, int bits, int verbose)
+{
+ EVP_PKEY *res = NULL;
+
+ if (verbose && alg != NULL) {
+ BIO_printf(bio_err, "Generating %s key", alg);
+ if (bits > 0)
+ BIO_printf(bio_err, " with %d bits\n", bits);
+ else
+ BIO_printf(bio_err, "\n");
+ }
+ if (!RAND_status())
+ BIO_printf(bio_err, "Warning: generating random key material may take a long time\n"
+ "if the system has a poor entropy source\n");
+ if (EVP_PKEY_keygen(ctx, &res) <= 0)
+ app_bail_out("%s: Error generating %s key\n", opt_getprog(),
+ alg != NULL ? alg : "asymmetric");
+ return res;
+}
+
+EVP_PKEY *app_paramgen(EVP_PKEY_CTX *ctx, const char *alg)
+{
+ EVP_PKEY *res = NULL;
+
+ if (!RAND_status())
+ BIO_printf(bio_err, "Warning: generating random key parameters may take a long time\n"
+ "if the system has a poor entropy source\n");
+ if (EVP_PKEY_paramgen(ctx, &res) <= 0)
+ app_bail_out("%s: Generating %s key parameters failed\n",
+ opt_getprog(), alg != NULL ? alg : "asymmetric");
+ return res;
+}
if (p == NULL)
ERR_clear_error();
if (p != NULL) {
- BIO *oid_bio;
+ BIO *oid_bio = BIO_new_file(p, "r");
- oid_bio = BIO_new_file(p, "r");
if (oid_bio == NULL) {
- if (verbose) {
+ if (verbose)
BIO_printf(bio_err,
"Problems opening '%s' for extra OIDs\n", p);
- ERR_print_errors(bio_err);
- }
} else {
OBJ_create_objects(oid_bio);
BIO_free(oid_bio);
if (newreq && pkey == NULL) {
app_RAND_load_conf(req_conf, section);
- if (!NCONF_get_number(req_conf, section, BITS, &newkey_len)) {
+ if (!NCONF_get_number(req_conf, section, BITS, &newkey_len))
newkey_len = DEFAULT_KEY_LENGTH;
- }
genctx = set_keygen_ctx(keyalg, &keyalgstr, &newkey_len, gen_eng);
if (genctx == NULL)
&& (EVP_PKEY_CTX_is_a(genctx, "RSA")
|| EVP_PKEY_CTX_is_a(genctx, "RSA-PSS")
|| EVP_PKEY_CTX_is_a(genctx, "DSA"))) {
- BIO_printf(bio_err, "Private key length is too short,\n");
- BIO_printf(bio_err, "it needs to be at least %d bits, not %ld.\n",
+ BIO_printf(bio_err, "Private key length too short, needs to be at least %d bits, not %ld.\n",
MIN_KEY_LENGTH, newkey_len);
goto end;
}
}
}
- BIO_printf(bio_err, "Generating a %s private key\n", keyalgstr);
-
EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
EVP_PKEY_CTX_set_app_data(genctx, bio_err);
- if (EVP_PKEY_keygen(genctx, &pkey) <= 0) {
- BIO_puts(bio_err, "Error generating key\n");
- goto end;
- }
+ pkey = app_keygen(genctx, keyalgstr, newkey_len, verbose);
EVP_PKEY_CTX_free(genctx);
genctx = NULL;
i = do_X509_REQ_verify(req, tpubkey, vfyopts);
- if (i < 0) {
+ if (i < 0)
goto end;
- } else if (i == 0) {
+ if (i == 0)
BIO_printf(bio_err, "Certificate request self-signature verify failure\n");
- ERR_print_errors(bio_err);
- } else { /* i > 0 */
+ else /* i > 0 */
BIO_printf(bio_err, "Certificate request self-signature verify OK\n");
- }
}
if (noout && !text && !modulus && !subject && !pubkey) {
if (!X509_REQ_add1_attr_by_NID(req, nid, chtype,
(unsigned char *)buf, -1)) {
BIO_printf(bio_err, "Error adding attribute\n");
- ERR_print_errors(bio_err);
ret = 0;
}