]>
Commit | Line | Data |
---|---|---|
d02b48c6 | 1 | /* apps/dgst.c */ |
58964a49 | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
d02b48c6 RE |
3 | * All rights reserved. |
4 | * | |
5 | * This package is an SSL implementation written | |
6 | * by Eric Young (eay@cryptsoft.com). | |
7 | * The implementation was written so as to conform with Netscapes SSL. | |
8 | * | |
9 | * This library is free for commercial and non-commercial use as long as | |
10 | * the following conditions are aheared to. The following conditions | |
11 | * apply to all code found in this distribution, be it the RC4, RSA, | |
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
13 | * included with this distribution is covered by the same copyright terms | |
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
15 | * | |
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | |
17 | * the code are not to be removed. | |
18 | * If this package is used in a product, Eric Young should be given attribution | |
19 | * as the author of the parts of the library used. | |
20 | * This can be in the form of a textual message at program startup or | |
21 | * in documentation (online or textual) provided with the package. | |
22 | * | |
23 | * Redistribution and use in source and binary forms, with or without | |
24 | * modification, are permitted provided that the following conditions | |
25 | * are met: | |
26 | * 1. Redistributions of source code must retain the copyright | |
27 | * notice, this list of conditions and the following disclaimer. | |
28 | * 2. Redistributions in binary form must reproduce the above copyright | |
29 | * notice, this list of conditions and the following disclaimer in the | |
30 | * documentation and/or other materials provided with the distribution. | |
31 | * 3. All advertising materials mentioning features or use of this software | |
32 | * must display the following acknowledgement: | |
33 | * "This product includes cryptographic software written by | |
34 | * Eric Young (eay@cryptsoft.com)" | |
35 | * The word 'cryptographic' can be left out if the rouines from the library | |
36 | * being used are not cryptographic related :-). | |
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | |
38 | * the apps directory (application code) you must include an acknowledgement: | |
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
40 | * | |
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
51 | * SUCH DAMAGE. | |
52 | * | |
53 | * The licence and distribution terms for any publically available version or | |
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |
55 | * copied and put under another distribution licence | |
56 | * [including the GNU Public Licence.] | |
57 | */ | |
58 | ||
59 | #include <stdio.h> | |
60 | #include <string.h> | |
61 | #include <stdlib.h> | |
62 | #include "apps.h" | |
ec577822 BM |
63 | #include <openssl/bio.h> |
64 | #include <openssl/err.h> | |
65 | #include <openssl/evp.h> | |
66 | #include <openssl/objects.h> | |
67 | #include <openssl/x509.h> | |
68 | #include <openssl/pem.h> | |
d02b48c6 RE |
69 | |
70 | #undef BUFSIZE | |
71 | #define BUFSIZE 1024*8 | |
72 | ||
73 | #undef PROG | |
74 | #define PROG dgst_main | |
75 | ||
d15711ef BL |
76 | int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, |
77 | EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, | |
78 | const char *file); | |
667ac4ec RE |
79 | |
80 | int MAIN(int, char **); | |
81 | ||
6b691a5c | 82 | int MAIN(int argc, char **argv) |
d02b48c6 | 83 | { |
5270e702 | 84 | ENGINE *e = NULL; |
d02b48c6 RE |
85 | unsigned char *buf=NULL; |
86 | int i,err=0; | |
e778802f | 87 | const EVP_MD *md=NULL,*m; |
d02b48c6 RE |
88 | BIO *in=NULL,*inp; |
89 | BIO *bmd=NULL; | |
7df1c720 | 90 | BIO *out = NULL; |
e778802f | 91 | const char *name; |
dfee50ec RL |
92 | #define PROG_NAME_SIZE 39 |
93 | char pname[PROG_NAME_SIZE+1]; | |
d02b48c6 RE |
94 | int separator=0; |
95 | int debug=0; | |
32d862ed | 96 | int keyform=FORMAT_PEM; |
7df1c720 DSH |
97 | const char *outfile = NULL, *keyfile = NULL; |
98 | const char *sigfile = NULL, *randfile = NULL; | |
92125ffa | 99 | int out_bin = -1, want_pub = 0, do_verify = 0; |
7df1c720 DSH |
100 | EVP_PKEY *sigkey = NULL; |
101 | unsigned char *sigbuf = NULL; | |
688fbf54 | 102 | int siglen = 0; |
5b40d7dd | 103 | char *passargin = NULL, *passin = NULL; |
0b13e9f0 | 104 | #ifndef OPENSSL_NO_ENGINE |
5270e702 | 105 | char *engine=NULL; |
0b13e9f0 | 106 | #endif |
d02b48c6 RE |
107 | |
108 | apps_startup(); | |
109 | ||
26a3a48d | 110 | if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) |
d02b48c6 RE |
111 | { |
112 | BIO_printf(bio_err,"out of memory\n"); | |
113 | goto end; | |
114 | } | |
115 | if (bio_err == NULL) | |
116 | if ((bio_err=BIO_new(BIO_s_file())) != NULL) | |
58964a49 | 117 | BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
d02b48c6 | 118 | |
3647bee2 DSH |
119 | if (!load_config(bio_err, NULL)) |
120 | goto end; | |
121 | ||
d02b48c6 | 122 | /* first check the program name */ |
54a656ef | 123 | program_name(argv[0],pname,sizeof pname); |
d02b48c6 RE |
124 | |
125 | md=EVP_get_digestbyname(pname); | |
126 | ||
127 | argc--; | |
128 | argv++; | |
54a29df0 | 129 | while (argc > 0) |
d02b48c6 RE |
130 | { |
131 | if ((*argv)[0] != '-') break; | |
132 | if (strcmp(*argv,"-c") == 0) | |
133 | separator=1; | |
7df1c720 DSH |
134 | else if (strcmp(*argv,"-rand") == 0) |
135 | { | |
136 | if (--argc < 1) break; | |
137 | randfile=*(++argv); | |
138 | } | |
139 | else if (strcmp(*argv,"-out") == 0) | |
140 | { | |
141 | if (--argc < 1) break; | |
142 | outfile=*(++argv); | |
143 | } | |
144 | else if (strcmp(*argv,"-sign") == 0) | |
145 | { | |
146 | if (--argc < 1) break; | |
147 | keyfile=*(++argv); | |
148 | } | |
5b40d7dd DSH |
149 | else if (!strcmp(*argv,"-passin")) |
150 | { | |
151 | if (--argc < 1) | |
152 | break; | |
153 | passargin=*++argv; | |
154 | } | |
7df1c720 DSH |
155 | else if (strcmp(*argv,"-verify") == 0) |
156 | { | |
157 | if (--argc < 1) break; | |
158 | keyfile=*(++argv); | |
159 | want_pub = 1; | |
160 | do_verify = 1; | |
161 | } | |
162 | else if (strcmp(*argv,"-prverify") == 0) | |
163 | { | |
164 | if (--argc < 1) break; | |
165 | keyfile=*(++argv); | |
166 | do_verify = 1; | |
167 | } | |
168 | else if (strcmp(*argv,"-signature") == 0) | |
169 | { | |
170 | if (--argc < 1) break; | |
171 | sigfile=*(++argv); | |
172 | } | |
32d862ed RL |
173 | else if (strcmp(*argv,"-keyform") == 0) |
174 | { | |
175 | if (--argc < 1) break; | |
176 | keyform=str2fmt(*(++argv)); | |
177 | } | |
0b13e9f0 | 178 | #ifndef OPENSSL_NO_ENGINE |
5270e702 RL |
179 | else if (strcmp(*argv,"-engine") == 0) |
180 | { | |
181 | if (--argc < 1) break; | |
182 | engine= *(++argv); | |
246e0931 | 183 | e = setup_engine(bio_err, engine, 0); |
5270e702 | 184 | } |
0b13e9f0 | 185 | #endif |
7df1c720 DSH |
186 | else if (strcmp(*argv,"-hex") == 0) |
187 | out_bin = 0; | |
188 | else if (strcmp(*argv,"-binary") == 0) | |
189 | out_bin = 1; | |
d02b48c6 RE |
190 | else if (strcmp(*argv,"-d") == 0) |
191 | debug=1; | |
192 | else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL) | |
193 | md=m; | |
194 | else | |
195 | break; | |
196 | argc--; | |
197 | argv++; | |
198 | } | |
199 | ||
200 | if (md == NULL) | |
201 | md=EVP_md5(); | |
202 | ||
7df1c720 DSH |
203 | if(do_verify && !sigfile) { |
204 | BIO_printf(bio_err, "No signature to verify: use the -signature option\n"); | |
205 | err = 1; | |
206 | goto end; | |
207 | } | |
208 | ||
d02b48c6 RE |
209 | if ((argc > 0) && (argv[0][0] == '-')) /* bad option */ |
210 | { | |
211 | BIO_printf(bio_err,"unknown option '%s'\n",*argv); | |
212 | BIO_printf(bio_err,"options are\n"); | |
7df1c720 DSH |
213 | BIO_printf(bio_err,"-c to output the digest with separating colons\n"); |
214 | BIO_printf(bio_err,"-d to output debug info\n"); | |
215 | BIO_printf(bio_err,"-hex output as hex dump\n"); | |
216 | BIO_printf(bio_err,"-binary output in binary form\n"); | |
217 | BIO_printf(bio_err,"-sign file sign digest using private key in file\n"); | |
218 | BIO_printf(bio_err,"-verify file verify a signature using public key in file\n"); | |
219 | BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n"); | |
32d862ed | 220 | BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n"); |
7df1c720 DSH |
221 | BIO_printf(bio_err,"-signature file signature to verify\n"); |
222 | BIO_printf(bio_err,"-binary output in binary form\n"); | |
0b13e9f0 | 223 | #ifndef OPENSSL_NO_ENGINE |
5270e702 | 224 | BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); |
0b13e9f0 | 225 | #endif |
7df1c720 | 226 | |
7b1b47a8 | 227 | BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm (default)\n", |
d02b48c6 | 228 | LN_md5,LN_md5); |
7b1b47a8 | 229 | BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", |
3009458e | 230 | LN_md4,LN_md4); |
7b1b47a8 | 231 | BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", |
d02b48c6 | 232 | LN_md2,LN_md2); |
c88f8f76 | 233 | #ifndef OPENSSL_NO_SHA |
7b1b47a8 | 234 | BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", |
d02b48c6 | 235 | LN_sha1,LN_sha1); |
c88f8f76 | 236 | #ifndef OPENSSL_NO_SHA256 |
7b1b47a8 AP |
237 | BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", |
238 | LN_sha224,LN_sha224); | |
239 | BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", | |
c88f8f76 AP |
240 | LN_sha256,LN_sha256); |
241 | #endif | |
242 | #ifndef OPENSSL_NO_SHA512 | |
7b1b47a8 AP |
243 | BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", |
244 | LN_sha384,LN_sha384); | |
245 | BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", | |
c88f8f76 AP |
246 | LN_sha512,LN_sha512); |
247 | #endif | |
248 | #endif | |
7b1b47a8 | 249 | BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", |
d02b48c6 | 250 | LN_mdc2,LN_mdc2); |
7b1b47a8 | 251 | BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", |
dfeab068 | 252 | LN_ripemd160,LN_ripemd160); |
7b1b47a8 AP |
253 | #ifndef OPENSSL_NO_WHIRLPOOL |
254 | BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", | |
255 | SN_whirlpool,SN_whirlpool); | |
256 | #endif | |
d02b48c6 RE |
257 | err=1; |
258 | goto end; | |
259 | } | |
7df1c720 | 260 | |
d02b48c6 RE |
261 | in=BIO_new(BIO_s_file()); |
262 | bmd=BIO_new(BIO_f_md()); | |
263 | if (debug) | |
264 | { | |
265 | BIO_set_callback(in,BIO_debug_callback); | |
266 | /* needed for windows 3.1 */ | |
267 | BIO_set_callback_arg(in,bio_err); | |
268 | } | |
269 | ||
5b40d7dd DSH |
270 | if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) |
271 | { | |
272 | BIO_printf(bio_err, "Error getting password\n"); | |
273 | goto end; | |
274 | } | |
275 | ||
d02b48c6 RE |
276 | if ((in == NULL) || (bmd == NULL)) |
277 | { | |
278 | ERR_print_errors(bio_err); | |
279 | goto end; | |
280 | } | |
281 | ||
7df1c720 DSH |
282 | if(out_bin == -1) { |
283 | if(keyfile) out_bin = 1; | |
284 | else out_bin = 0; | |
285 | } | |
286 | ||
287 | if(randfile) | |
288 | app_RAND_load_file(randfile, bio_err, 0); | |
289 | ||
290 | if(outfile) { | |
291 | if(out_bin) | |
292 | out = BIO_new_file(outfile, "wb"); | |
293 | else out = BIO_new_file(outfile, "w"); | |
645749ef RL |
294 | } else { |
295 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | |
bc36ee62 | 296 | #ifdef OPENSSL_SYS_VMS |
645749ef RL |
297 | { |
298 | BIO *tmpbio = BIO_new(BIO_f_linebuffer()); | |
299 | out = BIO_push(tmpbio, out); | |
300 | } | |
301 | #endif | |
302 | } | |
7df1c720 DSH |
303 | |
304 | if(!out) { | |
305 | BIO_printf(bio_err, "Error opening output file %s\n", | |
306 | outfile ? outfile : "(stdout)"); | |
307 | ERR_print_errors(bio_err); | |
308 | goto end; | |
309 | } | |
310 | ||
32d862ed RL |
311 | if(keyfile) |
312 | { | |
30b4c272 | 313 | if (want_pub) |
da9b9724 | 314 | sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL, |
30b4c272 | 315 | e, "key file"); |
32d862ed | 316 | else |
5b40d7dd | 317 | sigkey = load_key(bio_err, keyfile, keyform, 0, passin, |
30b4c272 RL |
318 | e, "key file"); |
319 | if (!sigkey) | |
32d862ed | 320 | { |
30b4c272 RL |
321 | /* load_[pub]key() has already printed an appropriate |
322 | message */ | |
7df1c720 | 323 | goto end; |
32d862ed | 324 | } |
7df1c720 | 325 | } |
7df1c720 DSH |
326 | |
327 | if(sigfile && sigkey) { | |
328 | BIO *sigbio; | |
329 | sigbio = BIO_new_file(sigfile, "rb"); | |
330 | siglen = EVP_PKEY_size(sigkey); | |
331 | sigbuf = OPENSSL_malloc(siglen); | |
332 | if(!sigbio) { | |
333 | BIO_printf(bio_err, "Error opening signature file %s\n", | |
334 | sigfile); | |
335 | ERR_print_errors(bio_err); | |
336 | goto end; | |
337 | } | |
338 | siglen = BIO_read(sigbio, sigbuf, siglen); | |
339 | BIO_free(sigbio); | |
688fbf54 | 340 | if(siglen <= 0) { |
7df1c720 DSH |
341 | BIO_printf(bio_err, "Error reading signature file %s\n", |
342 | sigfile); | |
343 | ERR_print_errors(bio_err); | |
344 | goto end; | |
345 | } | |
346 | } | |
347 | ||
348 | ||
349 | ||
d02b48c6 | 350 | /* we use md as a filter, reading from 'in' */ |
c128bb0f DSH |
351 | if (!BIO_set_md(bmd,md)) |
352 | { | |
353 | BIO_printf(bio_err, "Error setting digest %s\n", pname); | |
354 | ERR_print_errors(bio_err); | |
355 | goto end; | |
356 | } | |
357 | ||
d02b48c6 RE |
358 | inp=BIO_push(bmd,in); |
359 | ||
360 | if (argc == 0) | |
361 | { | |
362 | BIO_set_fp(in,stdin,BIO_NOCLOSE); | |
d15711ef BL |
363 | err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, |
364 | siglen,"","(stdin)"); | |
d02b48c6 RE |
365 | } |
366 | else | |
367 | { | |
368 | name=OBJ_nid2sn(md->type); | |
369 | for (i=0; i<argc; i++) | |
370 | { | |
d15711ef BL |
371 | char *tmp,*tofree=NULL; |
372 | int r; | |
373 | ||
d02b48c6 RE |
374 | if (BIO_read_filename(in,argv[i]) <= 0) |
375 | { | |
376 | perror(argv[i]); | |
377 | err++; | |
378 | continue; | |
379 | } | |
d15711ef BL |
380 | if(!out_bin) |
381 | { | |
d420ac2c RL |
382 | size_t len = strlen(name)+strlen(argv[i])+5; |
383 | tmp=tofree=OPENSSL_malloc(len); | |
384 | BIO_snprintf(tmp,len,"%s(%s)= ",name,argv[i]); | |
d15711ef BL |
385 | } |
386 | else | |
387 | tmp=""; | |
388 | r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf, | |
389 | siglen,tmp,argv[i]); | |
390 | if(r) | |
391 | err=r; | |
392 | if(tofree) | |
393 | OPENSSL_free(tofree); | |
d58d092b | 394 | (void)BIO_reset(bmd); |
d02b48c6 RE |
395 | } |
396 | } | |
397 | end: | |
398 | if (buf != NULL) | |
399 | { | |
4579924b | 400 | OPENSSL_cleanse(buf,BUFSIZE); |
26a3a48d | 401 | OPENSSL_free(buf); |
d02b48c6 RE |
402 | } |
403 | if (in != NULL) BIO_free(in); | |
5b40d7dd DSH |
404 | if (passin) |
405 | OPENSSL_free(passin); | |
645749ef | 406 | BIO_free_all(out); |
7df1c720 DSH |
407 | EVP_PKEY_free(sigkey); |
408 | if(sigbuf) OPENSSL_free(sigbuf); | |
d02b48c6 | 409 | if (bmd != NULL) BIO_free(bmd); |
c04f8cf4 | 410 | apps_shutdown(); |
1c3e4a36 | 411 | OPENSSL_EXIT(err); |
d02b48c6 RE |
412 | } |
413 | ||
d15711ef BL |
414 | int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, |
415 | EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, | |
416 | const char *file) | |
d02b48c6 RE |
417 | { |
418 | int len; | |
419 | int i; | |
420 | ||
421 | for (;;) | |
422 | { | |
423 | i=BIO_read(bp,(char *)buf,BUFSIZE); | |
d15711ef BL |
424 | if(i < 0) |
425 | { | |
426 | BIO_printf(bio_err, "Read Error in %s\n",file); | |
427 | ERR_print_errors(bio_err); | |
428 | return 1; | |
429 | } | |
430 | if (i == 0) break; | |
d02b48c6 | 431 | } |
7df1c720 DSH |
432 | if(sigin) |
433 | { | |
434 | EVP_MD_CTX *ctx; | |
435 | BIO_get_md_ctx(bp, &ctx); | |
688fbf54 | 436 | i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key); |
d15711ef BL |
437 | if(i > 0) |
438 | BIO_printf(out, "Verified OK\n"); | |
439 | else if(i == 0) | |
440 | { | |
441 | BIO_printf(out, "Verification Failure\n"); | |
442 | return 1; | |
443 | } | |
7df1c720 DSH |
444 | else |
445 | { | |
446 | BIO_printf(bio_err, "Error Verifying Data\n"); | |
447 | ERR_print_errors(bio_err); | |
d15711ef | 448 | return 1; |
7df1c720 | 449 | } |
d15711ef | 450 | return 0; |
7df1c720 DSH |
451 | } |
452 | if(key) | |
453 | { | |
454 | EVP_MD_CTX *ctx; | |
455 | BIO_get_md_ctx(bp, &ctx); | |
456 | if(!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key)) | |
457 | { | |
458 | BIO_printf(bio_err, "Error Signing Data\n"); | |
459 | ERR_print_errors(bio_err); | |
d15711ef | 460 | return 1; |
7df1c720 DSH |
461 | } |
462 | } | |
463 | else | |
464 | len=BIO_gets(bp,(char *)buf,BUFSIZE); | |
d02b48c6 | 465 | |
7df1c720 DSH |
466 | if(binout) BIO_write(out, buf, len); |
467 | else | |
d02b48c6 | 468 | { |
d15711ef | 469 | BIO_write(out,title,strlen(title)); |
7df1c720 DSH |
470 | for (i=0; i<len; i++) |
471 | { | |
472 | if (sep && (i != 0)) | |
473 | BIO_printf(out, ":"); | |
474 | BIO_printf(out, "%02x",buf[i]); | |
475 | } | |
476 | BIO_printf(out, "\n"); | |
d02b48c6 | 477 | } |
d15711ef | 478 | return 0; |
d02b48c6 RE |
479 | } |
480 |