[thirdparty/openssl.git] / apps / dgst.c

/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/hmac.h>

#undef BUFSIZE
#define BUFSIZE 1024*8

int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
          EVP_PKEY *key, unsigned char *sigin, int siglen,
          const char *sig_name, const char *md_name,
          const char *file);

typedef enum OPTION_choice {
    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
    OPT_C, OPT_R, OPT_RAND, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
    OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
    OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
    OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT,
    OPT_DIGEST
} OPTION_CHOICE;

OPTIONS dgst_options[] = {
    {OPT_HELP_STR, 1, '-', "Usage: %s [options] [file...]\n"},
    {OPT_HELP_STR, 1, '-',
        "  file... files to digest (default is stdin)\n"},
    {"help", OPT_HELP, '-', "Display this summary"},
    {"c", OPT_C, '-', "Print the digest with separating colons"},
    {"r", OPT_R, '-', "Print the digest in coreutils format"},
    {"rand", OPT_RAND, 's',
     "Use file(s) containing random data to seed RNG or an EGD sock"},
    {"out", OPT_OUT, '>', "Output to filename rather than stdout"},
    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
    {"sign", OPT_SIGN, 's', "Sign digest using private key"},
    {"verify", OPT_VERIFY, 's',
     "Verify a signature using public key"},
    {"prverify", OPT_PRVERIFY, 's',
     "Verify a signature using private key"},
    {"signature", OPT_SIGNATURE, '<', "File with signature to verify"},
    {"keyform", OPT_KEYFORM, 'f', "Key file format (PEM or ENGINE)"},
    {"hex", OPT_HEX, '-', "Print as hex dump"},
    {"binary", OPT_BINARY, '-', "Print in binary form"},
    {"d", OPT_DEBUG, '-', "Print debug info"},
    {"debug", OPT_DEBUG, '-', "Print debug info"},
    {"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-',
     "Compute HMAC with the key used in OpenSSL-FIPS fingerprint"},
    {"hmac", OPT_HMAC, 's', "Create hashed MAC with key"},
    {"mac", OPT_MAC, 's', "Create MAC (not necessarily HMAC)"},
    {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
    {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
    {"", OPT_DIGEST, '-', "Any supported digest"},
#ifndef OPENSSL_NO_ENGINE
    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
    {"engine_impl", OPT_ENGINE_IMPL, '-',
     "Also use engine given by -engine for digest operations"},
#endif
    {NULL}
};

int dgst_main(int argc, char **argv)
{
    BIO *in = NULL, *inp, *bmd = NULL, *out = NULL;
    ENGINE *e = NULL, *impl = NULL;
    EVP_PKEY *sigkey = NULL;
    STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
    char *hmac_key = NULL;
    char *mac_name = NULL;
    char *passinarg = NULL, *passin = NULL;
    const EVP_MD *md = NULL, *m;
    const char *outfile = NULL, *keyfile = NULL, *prog = NULL;
    const char *sigfile = NULL, *randfile = NULL;
    OPTION_CHOICE o;
    int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0;
    int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
    unsigned char *buf = NULL, *sigbuf = NULL;
    int engine_impl = 0;

    prog = opt_progname(argv[0]);
    buf = app_malloc(BUFSIZE, "I/O buffer");
    md = EVP_get_digestbyname(prog);

    prog = opt_init(argc, argv, dgst_options);
    while ((o = opt_next()) != OPT_EOF) {
        switch (o) {
        case OPT_EOF:
        case OPT_ERR:
 opthelp:
            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
            goto end;
        case OPT_HELP:
            opt_help(dgst_options);
            ret = 0;
            goto end;
        case OPT_C:
            separator = 1;
            break;
        case OPT_R:
            separator = 2;
            break;
        case OPT_RAND:
            randfile = opt_arg();
            break;
        case OPT_OUT:
            outfile = opt_arg();
            break;
        case OPT_SIGN:
            keyfile = opt_arg();
            break;
        case OPT_PASSIN:
            passinarg = opt_arg();
            break;
        case OPT_VERIFY:
            keyfile = opt_arg();
            want_pub = do_verify = 1;
            break;
        case OPT_PRVERIFY:
            keyfile = opt_arg();
            do_verify = 1;
            break;
        case OPT_SIGNATURE:
            sigfile = opt_arg();
            break;
        case OPT_KEYFORM:
            if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
                goto opthelp;
            break;
        case OPT_ENGINE:
            e = setup_engine(opt_arg(), 0);
            break;
        case OPT_ENGINE_IMPL:
            engine_impl = 1;
            break;
        case OPT_HEX:
            out_bin = 0;
            break;
        case OPT_BINARY:
            out_bin = 1;
            break;
        case OPT_DEBUG:
            debug = 1;
            break;
        case OPT_FIPS_FINGERPRINT:
            hmac_key = "etaonrishdlcupfm";
            break;
        case OPT_HMAC:
            hmac_key = opt_arg();
            break;
        case OPT_MAC:
            mac_name = opt_arg();
            break;
        case OPT_SIGOPT:
            if (!sigopts)
                sigopts = sk_OPENSSL_STRING_new_null();
            if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
                goto opthelp;
            break;
        case OPT_MACOPT:
            if (!macopts)
                macopts = sk_OPENSSL_STRING_new_null();
            if (!macopts || !sk_OPENSSL_STRING_push(macopts, opt_arg()))
                goto opthelp;
            break;
        case OPT_DIGEST:
            if (!opt_md(opt_unknown(), &m))
                goto opthelp;
            md = m;
            break;
        }
    }
    argc = opt_num_rest();
    argv = opt_rest();

    if (do_verify && !sigfile) {
        BIO_printf(bio_err,
                   "No signature to verify: use the -signature option\n");
        goto end;
    }
    if (engine_impl)
        impl = e;

    in = BIO_new(BIO_s_file());
    bmd = BIO_new(BIO_f_md());
    if ((in == NULL) || (bmd == NULL)) {
        ERR_print_errors(bio_err);
        goto end;
    }

    if (debug) {
        BIO_set_callback(in, BIO_debug_callback);
        /* needed for windows 3.1 */
        BIO_set_callback_arg(in, (char *)bio_err);
    }

    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
        BIO_printf(bio_err, "Error getting password\n");
        goto end;
    }

    if (out_bin == -1) {
        if (keyfile)
            out_bin = 1;
        else
            out_bin = 0;
    }

    if (randfile)
        app_RAND_load_file(randfile, 0);

    out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT);
    if (out == NULL)
        goto end;

    if ((! !mac_name + ! !keyfile + ! !hmac_key) > 1) {
        BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
        goto end;
    }

    if (keyfile) {
        if (want_pub)
            sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "key file");
        else
            sigkey = load_key(keyfile, keyform, 0, passin, e, "key file");
        if (!sigkey) {
            /*
             * load_[pub]key() has already printed an appropriate message
             */
            goto end;
        }
    }

    if (mac_name) {
        EVP_PKEY_CTX *mac_ctx = NULL;
        int r = 0;
        if (!init_gen_str(&mac_ctx, mac_name, impl, 0))
            goto mac_end;
        if (macopts) {
            char *macopt;
            for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
                macopt = sk_OPENSSL_STRING_value(macopts, i);
                if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
                    BIO_printf(bio_err,
                               "MAC parameter error \"%s\"\n", macopt);
                    ERR_print_errors(bio_err);
                    goto mac_end;
                }
            }
        }
        if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) {
            BIO_puts(bio_err, "Error generating key\n");
            ERR_print_errors(bio_err);
            goto mac_end;
        }
        r = 1;
 mac_end:
        EVP_PKEY_CTX_free(mac_ctx);
        if (r == 0)
            goto end;
    }

    if (hmac_key) {
        sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl,
                                      (unsigned char *)hmac_key, -1);
        if (!sigkey)
            goto end;
    }

    if (sigkey) {
        EVP_MD_CTX *mctx = NULL;
        EVP_PKEY_CTX *pctx = NULL;
        int r;
        if (!BIO_get_md_ctx(bmd, &mctx)) {
            BIO_printf(bio_err, "Error getting context\n");
            ERR_print_errors(bio_err);
            goto end;
        }
        if (do_verify)
            r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
        else
            r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
        if (!r) {
            BIO_printf(bio_err, "Error setting context\n");
            ERR_print_errors(bio_err);
            goto end;
        }
        if (sigopts) {
            char *sigopt;
            for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
                sigopt = sk_OPENSSL_STRING_value(sigopts, i);
                if (pkey_ctrl_string(pctx, sigopt) <= 0) {
                    BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt);
                    ERR_print_errors(bio_err);
                    goto end;
                }
            }
        }
    }
    /* we use md as a filter, reading from 'in' */
    else {
        EVP_MD_CTX *mctx = NULL;
        if (!BIO_get_md_ctx(bmd, &mctx)) {
            BIO_printf(bio_err, "Error getting context\n");
            ERR_print_errors(bio_err);
            goto end;
        }
        if (md == NULL)
            md = EVP_sha256();
        if (!EVP_DigestInit_ex(mctx, md, impl)) {
            BIO_printf(bio_err, "Error setting digest\n");
            ERR_print_errors(bio_err);
            goto end;
        }
    }

    if (sigfile && sigkey) {
        BIO *sigbio = BIO_new_file(sigfile, "rb");
        if (!sigbio) {
            BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
            ERR_print_errors(bio_err);
            goto end;
        }
        siglen = EVP_PKEY_size(sigkey);
        sigbuf = app_malloc(siglen, "signature buffer");
        siglen = BIO_read(sigbio, sigbuf, siglen);
        BIO_free(sigbio);
        if (siglen <= 0) {
            BIO_printf(bio_err, "Error reading signature file %s\n", sigfile);
            ERR_print_errors(bio_err);
            goto end;
        }
    }
    inp = BIO_push(bmd, in);

    if (md == NULL) {
        EVP_MD_CTX *tctx;
        BIO_get_md_ctx(bmd, &tctx);
        md = EVP_MD_CTX_md(tctx);
    }

    if (argc == 0) {
        BIO_set_fp(in, stdin, BIO_NOCLOSE);
        ret = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
                    siglen, NULL, NULL, "stdin");
    } else {
        const char *md_name = NULL, *sig_name = NULL;
        if (!out_bin) {
            if (sigkey) {
                const EVP_PKEY_ASN1_METHOD *ameth;
                ameth = EVP_PKEY_get0_asn1(sigkey);
                if (ameth)
                    EVP_PKEY_asn1_get0_info(NULL, NULL,
                                            NULL, NULL, &sig_name, ameth);
            }
            if (md)
                md_name = EVP_MD_name(md);
        }
        ret = 0;
        for (i = 0; i < argc; i++) {
            int r;
            if (BIO_read_filename(in, argv[i]) <= 0) {
                perror(argv[i]);
                ret++;
                continue;
            } else
                r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
                          siglen, sig_name, md_name, argv[i]);
            if (r)
                ret = r;
            (void)BIO_reset(bmd);
        }
    }
 end:
    OPENSSL_clear_free(buf, BUFSIZE);
    BIO_free(in);
    OPENSSL_free(passin);
    BIO_free_all(out);
    EVP_PKEY_free(sigkey);
    sk_OPENSSL_STRING_free(sigopts);
    sk_OPENSSL_STRING_free(macopts);
    OPENSSL_free(sigbuf);
    BIO_free(bmd);
    return (ret);
}

int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
          EVP_PKEY *key, unsigned char *sigin, int siglen,
          const char *sig_name, const char *md_name,
          const char *file)
{
    size_t len;
    int i;

    for (;;) {
        i = BIO_read(bp, (char *)buf, BUFSIZE);
        if (i < 0) {
            BIO_printf(bio_err, "Read Error in %s\n", file);
            ERR_print_errors(bio_err);
            return 1;
        }
        if (i == 0)
            break;
    }
    if (sigin) {
        EVP_MD_CTX *ctx;
        BIO_get_md_ctx(bp, &ctx);
        i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen);
        if (i > 0)
            BIO_printf(out, "Verified OK\n");
        else if (i == 0) {
            BIO_printf(out, "Verification Failure\n");
            return 1;
        } else {
            BIO_printf(bio_err, "Error Verifying Data\n");
            ERR_print_errors(bio_err);
            return 1;
        }
        return 0;
    }
    if (key) {
        EVP_MD_CTX *ctx;
        BIO_get_md_ctx(bp, &ctx);
        len = BUFSIZE;
        if (!EVP_DigestSignFinal(ctx, buf, &len)) {
            BIO_printf(bio_err, "Error Signing Data\n");
            ERR_print_errors(bio_err);
            return 1;
        }
    } else {
        len = BIO_gets(bp, (char *)buf, BUFSIZE);
        if ((int)len < 0) {
            ERR_print_errors(bio_err);
            return 1;
        }
    }

    if (binout)
        BIO_write(out, buf, len);
    else if (sep == 2) {
        for (i = 0; i < (int)len; i++)
            BIO_printf(out, "%02x", buf[i]);
        BIO_printf(out, " *%s\n", file);
    } else {
        if (sig_name) {
            BIO_puts(out, sig_name);
            if (md_name)
                BIO_printf(out, "-%s", md_name);
            BIO_printf(out, "(%s)= ", file);
        } else if (md_name)
            BIO_printf(out, "%s(%s)= ", md_name, file);
        else
            BIO_printf(out, "(%s)= ", file);
        for (i = 0; i < (int)len; i++) {
            if (sep && (i != 0))
                BIO_printf(out, ":");
            BIO_printf(out, "%02x", buf[i]);
        }
        BIO_printf(out, "\n");
    }
    return 0;
}
Commit	Line	Data
58964a49	1	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
d02b48c6 RE	2	* All rights reserved.
	3	*
	4	* This package is an SSL implementation written
	5	* by Eric Young (eay@cryptsoft.com).
	6	* The implementation was written so as to conform with Netscapes SSL.
0f113f3e	7	*
d02b48c6 RE	8	* This library is free for commercial and non-commercial use as long as
	9	* the following conditions are aheared to. The following conditions
	10	* apply to all code found in this distribution, be it the RC4, RSA,
	11	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	12	* included with this distribution is covered by the same copyright terms
	13	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
0f113f3e	14	*
d02b48c6 RE	15	* Copyright remains Eric Young's, and as such any Copyright notices in
	16	* the code are not to be removed.
	17	* If this package is used in a product, Eric Young should be given attribution
	18	* as the author of the parts of the library used.
	19	* This can be in the form of a textual message at program startup or
	20	* in documentation (online or textual) provided with the package.
0f113f3e	21	*
d02b48c6 RE	22	* Redistribution and use in source and binary forms, with or without
	23	* modification, are permitted provided that the following conditions
	24	* are met:
	25	* 1. Redistributions of source code must retain the copyright
	26	* notice, this list of conditions and the following disclaimer.
	27	* 2. Redistributions in binary form must reproduce the above copyright
	28	* notice, this list of conditions and the following disclaimer in the
	29	* documentation and/or other materials provided with the distribution.
	30	* 3. All advertising materials mentioning features or use of this software
	31	* must display the following acknowledgement:
	32	* "This product includes cryptographic software written by
	33	* Eric Young (eay@cryptsoft.com)"
	34	* The word 'cryptographic' can be left out if the rouines from the library
	35	* being used are not cryptographic related :-).
0f113f3e	36	* 4. If you include any Windows specific code (or a derivative thereof) from
d02b48c6 RE	37	* the apps directory (application code) you must include an acknowledgement:
d02b48c6 RE	38	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
0f113f3e	39	*
d02b48c6 RE	40	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	41	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	42	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	43	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	44	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	45	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	46	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	48	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	49	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	50	* SUCH DAMAGE.
0f113f3e	51	*
d02b48c6 RE	52	* The licence and distribution terms for any publically available version or
	53	* derivative of this code cannot be changed. i.e. this code cannot simply be
	54	* copied and put under another distribution licence
	55	* [including the GNU Public Licence.]
	56	*/
	57
	58	#include <stdio.h>
	59	#include <string.h>
	60	#include <stdlib.h>
	61	#include "apps.h"
ec577822 BM	62	#include <openssl/bio.h>
	63	#include <openssl/err.h>
	64	#include <openssl/evp.h>
	65	#include <openssl/objects.h>
	66	#include <openssl/x509.h>
	67	#include <openssl/pem.h>
52cfa397	68	#include <openssl/hmac.h>
d02b48c6 RE	69
d02b48c6 RE	70	#undef BUFSIZE
0f113f3e	71	#define BUFSIZE 1024*8
d02b48c6	72
d15711ef	73	int do_fp(BIO out, unsigned char buf, BIO *bp, int sep, int binout,
0f113f3e MC	74	EVP_PKEY key, unsigned char sigin, int siglen,
0f113f3e MC	75	const char sig_name, const char md_name,
a773b52a	76	const char *file);
667ac4ec	77
7e1b7485 RS	78	typedef enum OPTION_choice {
	79	OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
	80	OPT_C, OPT_R, OPT_RAND, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
	81	OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
	82	OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
700b4a4a	83	OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT,
7e1b7485 RS	84	OPT_DIGEST
	85	} OPTION_CHOICE;
	86
	87	OPTIONS dgst_options[] = {
	88	{OPT_HELP_STR, 1, '-', "Usage: %s [options] [file...]\n"},
	89	{OPT_HELP_STR, 1, '-',
	90	" file... files to digest (default is stdin)\n"},
	91	{"help", OPT_HELP, '-', "Display this summary"},
	92	{"c", OPT_C, '-', "Print the digest with separating colons"},
	93	{"r", OPT_R, '-', "Print the digest in coreutils format"},
a173a7ee RS	94	{"rand", OPT_RAND, 's',
a173a7ee RS	95	"Use file(s) containing random data to seed RNG or an EGD sock"},
7e1b7485	96	{"out", OPT_OUT, '>', "Output to filename rather than stdout"},
a173a7ee	97	{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
dd958974 DSH	98	{"sign", OPT_SIGN, 's', "Sign digest using private key"},
	99	{"verify", OPT_VERIFY, 's',
	100	"Verify a signature using public key"},
	101	{"prverify", OPT_PRVERIFY, 's',
	102	"Verify a signature using private key"},
7e1b7485 RS	103	{"signature", OPT_SIGNATURE, '<', "File with signature to verify"},
7e1b7485 RS	104	{"keyform", OPT_KEYFORM, 'f', "Key file format (PEM or ENGINE)"},
7e1b7485 RS	105	{"hex", OPT_HEX, '-', "Print as hex dump"},
	106	{"binary", OPT_BINARY, '-', "Print in binary form"},
	107	{"d", OPT_DEBUG, '-', "Print debug info"},
a173a7ee RS	108	{"debug", OPT_DEBUG, '-', "Print debug info"},
	109	{"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-',
	110	"Compute HMAC with the key used in OpenSSL-FIPS fingerprint"},
7e1b7485	111	{"hmac", OPT_HMAC, 's', "Create hashed MAC with key"},
0d4fb843	112	{"mac", OPT_MAC, 's', "Create MAC (not necessarily HMAC)"},
d175e8a6 MC	113	{"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
d175e8a6 MC	114	{"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
9c3bcfa0	115	{"", OPT_DIGEST, '-', "Any supported digest"},
333b070e RS	116	#ifndef OPENSSL_NO_ENGINE
333b070e RS	117	{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
a173a7ee RS	118	{"engine_impl", OPT_ENGINE_IMPL, '-',
a173a7ee RS	119	"Also use engine given by -engine for digest operations"},
333b070e	120	#endif
7e1b7485 RS	121	{NULL}
	122	};
	123
	124	int dgst_main(int argc, char **argv)
0f113f3e	125	{
7e1b7485	126	BIO in = NULL, inp, bmd = NULL, out = NULL;
0f113f3e	127	ENGINE e = NULL, impl = NULL;
7e1b7485 RS	128	EVP_PKEY *sigkey = NULL;
	129	STACK_OF(OPENSSL_STRING) sigopts = NULL, macopts = NULL;
	130	char *hmac_key = NULL;
	131	char *mac_name = NULL;
	132	char passinarg = NULL, passin = NULL;
0f113f3e	133	const EVP_MD md = NULL, m;
7e1b7485	134	const char outfile = NULL, keyfile = NULL, *prog = NULL;
0f113f3e	135	const char sigfile = NULL, randfile = NULL;
7e1b7485 RS	136	OPTION_CHOICE o;
7e1b7485 RS	137	int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0;
700b4a4a	138	int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
7e1b7485	139	unsigned char buf = NULL, sigbuf = NULL;
0f113f3e	140	int engine_impl = 0;
0f113f3e	141
7e1b7485	142	prog = opt_progname(argv[0]);
68dc6824	143	buf = app_malloc(BUFSIZE, "I/O buffer");
7e1b7485 RS	144	md = EVP_get_digestbyname(prog);
	145
	146	prog = opt_init(argc, argv, dgst_options);
	147	while ((o = opt_next()) != OPT_EOF) {
	148	switch (o) {
	149	case OPT_EOF:
	150	case OPT_ERR:
	151	opthelp:
	152	BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
	153	goto end;
	154	case OPT_HELP:
	155	opt_help(dgst_options);
	156	ret = 0;
	157	goto end;
	158	case OPT_C:
0f113f3e	159	separator = 1;
7e1b7485 RS	160	break;
7e1b7485 RS	161	case OPT_R:
0f113f3e	162	separator = 2;
7e1b7485 RS	163	break;
	164	case OPT_RAND:
	165	randfile = opt_arg();
	166	break;
	167	case OPT_OUT:
	168	outfile = opt_arg();
	169	break;
	170	case OPT_SIGN:
	171	keyfile = opt_arg();
	172	break;
	173	case OPT_PASSIN:
	174	passinarg = opt_arg();
	175	break;
	176	case OPT_VERIFY:
	177	keyfile = opt_arg();
	178	want_pub = do_verify = 1;
	179	break;
	180	case OPT_PRVERIFY:
	181	keyfile = opt_arg();
0f113f3e	182	do_verify = 1;
7e1b7485 RS	183	break;
	184	case OPT_SIGNATURE:
	185	sigfile = opt_arg();
	186	break;
	187	case OPT_KEYFORM:
	188	if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
	189	goto opthelp;
	190	break;
7e1b7485	191	case OPT_ENGINE:
333b070e	192	e = setup_engine(opt_arg(), 0);
7e1b7485 RS	193	break;
7e1b7485 RS	194	case OPT_ENGINE_IMPL:
0f113f3e	195	engine_impl = 1;
7e1b7485	196	break;
7e1b7485	197	case OPT_HEX:
0f113f3e	198	out_bin = 0;
7e1b7485 RS	199	break;
7e1b7485 RS	200	case OPT_BINARY:
0f113f3e	201	out_bin = 1;
7e1b7485 RS	202	break;
7e1b7485 RS	203	case OPT_DEBUG:
0f113f3e	204	debug = 1;
7e1b7485 RS	205	break;
7e1b7485 RS	206	case OPT_FIPS_FINGERPRINT:
0f113f3e	207	hmac_key = "etaonrishdlcupfm";
7e1b7485	208	break;
7e1b7485 RS	209	case OPT_HMAC:
	210	hmac_key = opt_arg();
	211	break;
	212	case OPT_MAC:
	213	mac_name = opt_arg();
	214	break;
	215	case OPT_SIGOPT:
0f113f3e MC	216	if (!sigopts)
0f113f3e MC	217	sigopts = sk_OPENSSL_STRING_new_null();
7e1b7485 RS	218	if (!sigopts \|\| !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
	219	goto opthelp;
	220	break;
	221	case OPT_MACOPT:
0f113f3e MC	222	if (!macopts)
0f113f3e MC	223	macopts = sk_OPENSSL_STRING_new_null();
7e1b7485 RS	224	if (!macopts \|\| !sk_OPENSSL_STRING_push(macopts, opt_arg()))
	225	goto opthelp;
	226	break;
	227	case OPT_DIGEST:
	228	if (!opt_md(opt_unknown(), &m))
	229	goto opthelp;
0f113f3e	230	md = m;
0f113f3e	231	break;
7e1b7485	232	}
0f113f3e	233	}
7e1b7485 RS	234	argc = opt_num_rest();
7e1b7485 RS	235	argv = opt_rest();
0f113f3e MC	236
	237	if (do_verify && !sigfile) {
	238	BIO_printf(bio_err,
	239	"No signature to verify: use the -signature option\n");
	240	goto end;
	241	}
0f113f3e MC	242	if (engine_impl)
0f113f3e MC	243	impl = e;
bb845ee0	244
0f113f3e MC	245	in = BIO_new(BIO_s_file());
0f113f3e MC	246	bmd = BIO_new(BIO_f_md());
be1477ad MC	247	if ((in == NULL) \|\| (bmd == NULL)) {
	248	ERR_print_errors(bio_err);
	249	goto end;
	250	}
	251
0f113f3e MC	252	if (debug) {
	253	BIO_set_callback(in, BIO_debug_callback);
	254	/* needed for windows 3.1 */
	255	BIO_set_callback_arg(in, (char *)bio_err);
	256	}
	257
7e1b7485	258	if (!app_passwd(passinarg, NULL, &passin, NULL)) {
0f113f3e MC	259	BIO_printf(bio_err, "Error getting password\n");
	260	goto end;
	261	}
	262
0f113f3e MC	263	if (out_bin == -1) {
	264	if (keyfile)
	265	out_bin = 1;
	266	else
	267	out_bin = 0;
	268	}
	269
	270	if (randfile)
7e1b7485	271	app_RAND_load_file(randfile, 0);
0f113f3e	272
bdd58d98	273	out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT);
7e1b7485	274	if (out == NULL)
0f113f3e	275	goto end;
7e1b7485	276
0f113f3e MC	277	if ((! !mac_name + ! !keyfile + ! !hmac_key) > 1) {
	278	BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
	279	goto end;
	280	}
	281
	282	if (keyfile) {
	283	if (want_pub)
7e1b7485	284	sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "key file");
0f113f3e	285	else
7e1b7485	286	sigkey = load_key(keyfile, keyform, 0, passin, e, "key file");
0f113f3e MC	287	if (!sigkey) {
	288	/*
	289	* load_[pub]key() has already printed an appropriate message
	290	*/
	291	goto end;
	292	}
	293	}
	294
	295	if (mac_name) {
	296	EVP_PKEY_CTX *mac_ctx = NULL;
	297	int r = 0;
7e1b7485	298	if (!init_gen_str(&mac_ctx, mac_name, impl, 0))
0f113f3e MC	299	goto mac_end;
	300	if (macopts) {
	301	char *macopt;
	302	for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
	303	macopt = sk_OPENSSL_STRING_value(macopts, i);
	304	if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
	305	BIO_printf(bio_err,
	306	"MAC parameter error \"%s\"\n", macopt);
	307	ERR_print_errors(bio_err);
	308	goto mac_end;
	309	}
	310	}
	311	}
	312	if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) {
	313	BIO_puts(bio_err, "Error generating key\n");
	314	ERR_print_errors(bio_err);
	315	goto mac_end;
	316	}
	317	r = 1;
	318	mac_end:
c5ba2d99	319	EVP_PKEY_CTX_free(mac_ctx);
0f113f3e MC	320	if (r == 0)
	321	goto end;
	322	}
	323
0f113f3e MC	324	if (hmac_key) {
	325	sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl,
	326	(unsigned char *)hmac_key, -1);
	327	if (!sigkey)
	328	goto end;
	329	}
	330
	331	if (sigkey) {
	332	EVP_MD_CTX *mctx = NULL;
	333	EVP_PKEY_CTX *pctx = NULL;
	334	int r;
	335	if (!BIO_get_md_ctx(bmd, &mctx)) {
	336	BIO_printf(bio_err, "Error getting context\n");
	337	ERR_print_errors(bio_err);
	338	goto end;
	339	}
	340	if (do_verify)
	341	r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
	342	else
	343	r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
	344	if (!r) {
	345	BIO_printf(bio_err, "Error setting context\n");
	346	ERR_print_errors(bio_err);
	347	goto end;
	348	}
	349	if (sigopts) {
	350	char *sigopt;
	351	for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
	352	sigopt = sk_OPENSSL_STRING_value(sigopts, i);
	353	if (pkey_ctrl_string(pctx, sigopt) <= 0) {
	354	BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt);
	355	ERR_print_errors(bio_err);
	356	goto end;
	357	}
	358	}
	359	}
	360	}
	361	/* we use md as a filter, reading from 'in' */
	362	else {
	363	EVP_MD_CTX *mctx = NULL;
	364	if (!BIO_get_md_ctx(bmd, &mctx)) {
	365	BIO_printf(bio_err, "Error getting context\n");
	366	ERR_print_errors(bio_err);
	367	goto end;
	368	}
	369	if (md == NULL)
f8547f62	370	md = EVP_sha256();
0f113f3e	371	if (!EVP_DigestInit_ex(mctx, md, impl)) {
7e1b7485	372	BIO_printf(bio_err, "Error setting digest\n");
0f113f3e MC	373	ERR_print_errors(bio_err);
	374	goto end;
	375	}
	376	}
	377
	378	if (sigfile && sigkey) {
7e1b7485	379	BIO *sigbio = BIO_new_file(sigfile, "rb");
0f113f3e MC	380	if (!sigbio) {
	381	BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
	382	ERR_print_errors(bio_err);
	383	goto end;
	384	}
7e1b7485	385	siglen = EVP_PKEY_size(sigkey);
68dc6824	386	sigbuf = app_malloc(siglen, "signature buffer");
0f113f3e MC	387	siglen = BIO_read(sigbio, sigbuf, siglen);
	388	BIO_free(sigbio);
	389	if (siglen <= 0) {
	390	BIO_printf(bio_err, "Error reading signature file %s\n", sigfile);
	391	ERR_print_errors(bio_err);
	392	goto end;
	393	}
	394	}
	395	inp = BIO_push(bmd, in);
	396
	397	if (md == NULL) {
	398	EVP_MD_CTX *tctx;
	399	BIO_get_md_ctx(bmd, &tctx);
	400	md = EVP_MD_CTX_md(tctx);
	401	}
	402
	403	if (argc == 0) {
	404	BIO_set_fp(in, stdin, BIO_NOCLOSE);
7e1b7485	405	ret = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
a773b52a	406	siglen, NULL, NULL, "stdin");
0f113f3e MC	407	} else {
	408	const char md_name = NULL, sig_name = NULL;
	409	if (!out_bin) {
	410	if (sigkey) {
	411	const EVP_PKEY_ASN1_METHOD *ameth;
	412	ameth = EVP_PKEY_get0_asn1(sigkey);
	413	if (ameth)
	414	EVP_PKEY_asn1_get0_info(NULL, NULL,
	415	NULL, NULL, &sig_name, ameth);
	416	}
	417	if (md)
	418	md_name = EVP_MD_name(md);
	419	}
7e1b7485	420	ret = 0;
0f113f3e MC	421	for (i = 0; i < argc; i++) {
	422	int r;
	423	if (BIO_read_filename(in, argv[i]) <= 0) {
	424	perror(argv[i]);
7e1b7485	425	ret++;
0f113f3e MC	426	continue;
	427	} else
	428	r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
a773b52a	429	siglen, sig_name, md_name, argv[i]);
0f113f3e	430	if (r)
7e1b7485	431	ret = r;
0f113f3e MC	432	(void)BIO_reset(bmd);
	433	}
	434	}
	435	end:
4b45c6e5	436	OPENSSL_clear_free(buf, BUFSIZE);
ca3a82c3	437	BIO_free(in);
25aaa98a	438	OPENSSL_free(passin);
0f113f3e MC	439	BIO_free_all(out);
0f113f3e MC	440	EVP_PKEY_free(sigkey);
25aaa98a RS	441	sk_OPENSSL_STRING_free(sigopts);
25aaa98a RS	442	sk_OPENSSL_STRING_free(macopts);
b548a1f1	443	OPENSSL_free(sigbuf);
ca3a82c3	444	BIO_free(bmd);
7e1b7485	445	return (ret);
0f113f3e	446	}
d02b48c6	447
d15711ef	448	int do_fp(BIO out, unsigned char buf, BIO *bp, int sep, int binout,
0f113f3e MC	449	EVP_PKEY key, unsigned char sigin, int siglen,
0f113f3e MC	450	const char sig_name, const char md_name,
a773b52a	451	const char *file)
0f113f3e MC	452	{
	453	size_t len;
	454	int i;
	455
	456	for (;;) {
	457	i = BIO_read(bp, (char *)buf, BUFSIZE);
	458	if (i < 0) {
	459	BIO_printf(bio_err, "Read Error in %s\n", file);
	460	ERR_print_errors(bio_err);
	461	return 1;
	462	}
	463	if (i == 0)
	464	break;
	465	}
	466	if (sigin) {
	467	EVP_MD_CTX *ctx;
	468	BIO_get_md_ctx(bp, &ctx);
	469	i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen);
	470	if (i > 0)
	471	BIO_printf(out, "Verified OK\n");
	472	else if (i == 0) {
	473	BIO_printf(out, "Verification Failure\n");
	474	return 1;
	475	} else {
	476	BIO_printf(bio_err, "Error Verifying Data\n");
	477	ERR_print_errors(bio_err);
	478	return 1;
	479	}
	480	return 0;
	481	}
	482	if (key) {
	483	EVP_MD_CTX *ctx;
	484	BIO_get_md_ctx(bp, &ctx);
	485	len = BUFSIZE;
	486	if (!EVP_DigestSignFinal(ctx, buf, &len)) {
	487	BIO_printf(bio_err, "Error Signing Data\n");
	488	ERR_print_errors(bio_err);
	489	return 1;
	490	}
	491	} else {
	492	len = BIO_gets(bp, (char *)buf, BUFSIZE);
	493	if ((int)len < 0) {
	494	ERR_print_errors(bio_err);
	495	return 1;
	496	}
	497	}
	498
	499	if (binout)
	500	BIO_write(out, buf, len);
	501	else if (sep == 2) {
	502	for (i = 0; i < (int)len; i++)
	503	BIO_printf(out, "%02x", buf[i]);
	504	BIO_printf(out, " *%s\n", file);
	505	} else {
	506	if (sig_name) {
	507	BIO_puts(out, sig_name);
	508	if (md_name)
	509	BIO_printf(out, "-%s", md_name);
	510	BIO_printf(out, "(%s)= ", file);
	511	} else if (md_name)
	512	BIO_printf(out, "%s(%s)= ", md_name, file);
	513	else
	514	BIO_printf(out, "(%s)= ", file);
	515	for (i = 0; i < (int)len; i++) {
516	if (sep && (i != 0))
517	BIO_printf(out, ":");
518	BIO_printf(out, "%02x", buf[i]);
519	}
520	BIO_printf(out, "\n");
521	}
522	return 0;
523	}