]> git.ipfire.org Git - thirdparty/openssl.git/blob - apps/dgst.c
projects / thirdparty / openssl.git / blob
? search:


9f6954f26542cb409ce75fceac145374e3f0022b
[thirdparty/openssl.git] / apps / dgst.c
1 /* apps/dgst.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59 #include <stdio.h>
60 #include <string.h>
61 #include <stdlib.h>
62 #include "apps.h"
63 #include <openssl/bio.h>
64 #include <openssl/err.h>
65 #include <openssl/evp.h>
66 #include <openssl/objects.h>
67 #include <openssl/x509.h>
68 #include <openssl/pem.h>
69 #include <openssl/hmac.h>
70
71 #undef BUFSIZE
72 #define BUFSIZE 1024*8
73
74 #undef PROG
75 #define PROG dgst_main
76
77 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
78 EVP_PKEY *key, unsigned char *sigin, int siglen,
79 const char *sig_name, const char *md_name,
80 const char *file,BIO *bmd);
81
82 static void list_md_fn(const EVP_MD *m,
83 const char *from, const char *to, void *arg)
84 {
85 const char *mname;
86 /* Skip aliases */
87 if (!m)
88 return;
89 mname = OBJ_nid2ln(EVP_MD_type(m));
90 /* Skip shortnames */
91 if (strcmp(from, mname))
92 return;
93 /* Skip clones */
94 if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST)
95 return;
96 if (strchr(mname, ' '))
97 mname= EVP_MD_name(m);
98 BIO_printf(arg, "-%-14s to use the %s message digest algorithm\n",
99 mname, mname);
100 }
101
102 int MAIN(int, char **);
103
104 int MAIN(int argc, char **argv)
105 {
106 ENGINE *e = NULL, *impl = NULL;
107 unsigned char *buf=NULL;
108 int i,err=1;
109 const EVP_MD *md=NULL,*m;
110 BIO *in=NULL,*inp;
111 BIO *bmd=NULL;
112 BIO *out = NULL;
113 #define PROG_NAME_SIZE 39
114 char pname[PROG_NAME_SIZE+1];
115 int separator=0;
116 int debug=0;
117 int keyform=FORMAT_PEM;
118 const char *outfile = NULL, *keyfile = NULL;
119 const char *sigfile = NULL, *randfile = NULL;
120 int out_bin = -1, want_pub = 0, do_verify = 0;
121 EVP_PKEY *sigkey = NULL;
122 unsigned char *sigbuf = NULL;
123 int siglen = 0;
124 char *passargin = NULL, *passin = NULL;
125 #ifndef OPENSSL_NO_ENGINE
126 char *engine=NULL;
127 int engine_impl = 0;
128 #endif
129 char *hmac_key=NULL;
130 char *mac_name=NULL;
131 int non_fips_allow = 0;
132 STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
133
134 apps_startup();
135
136 if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
137 {
138 BIO_printf(bio_err,"out of memory\n");
139 goto end;
140 }
141 if (bio_err == NULL)
142 if ((bio_err=BIO_new(BIO_s_file())) != NULL)
143 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
144
145 if (!load_config(bio_err, NULL))
146 goto end;
147
148 /* first check the program name */
149 program_name(argv[0],pname,sizeof pname);
150
151 md=EVP_get_digestbyname(pname);
152
153 argc--;
154 argv++;
155 while (argc > 0)
156 {
157 if ((*argv)[0] != '-') break;
158 if (strcmp(*argv,"-c") == 0)
159 separator=1;
160 else if (strcmp(*argv,"-r") == 0)
161 separator=2;
162 else if (strcmp(*argv,"-rand") == 0)
163 {
164 if (--argc < 1) break;
165 randfile=*(++argv);
166 }
167 else if (strcmp(*argv,"-out") == 0)
168 {
169 if (--argc < 1) break;
170 outfile=*(++argv);
171 }
172 else if (strcmp(*argv,"-sign") == 0)
173 {
174 if (--argc < 1) break;
175 keyfile=*(++argv);
176 }
177 else if (!strcmp(*argv,"-passin"))
178 {
179 if (--argc < 1)
180 break;
181 passargin=*++argv;
182 }
183 else if (strcmp(*argv,"-verify") == 0)
184 {
185 if (--argc < 1) break;
186 keyfile=*(++argv);
187 want_pub = 1;
188 do_verify = 1;
189 }
190 else if (strcmp(*argv,"-prverify") == 0)
191 {
192 if (--argc < 1) break;
193 keyfile=*(++argv);
194 do_verify = 1;
195 }
196 else if (strcmp(*argv,"-signature") == 0)
197 {
198 if (--argc < 1) break;
199 sigfile=*(++argv);
200 }
201 else if (strcmp(*argv,"-keyform") == 0)
202 {
203 if (--argc < 1) break;
204 keyform=str2fmt(*(++argv));
205 }
206 #ifndef OPENSSL_NO_ENGINE
207 else if (strcmp(*argv,"-engine") == 0)
208 {
209 if (--argc < 1) break;
210 engine= *(++argv);
211 e = setup_engine(bio_err, engine, 0);
212 }
213 else if (strcmp(*argv,"-engine_impl") == 0)
214 engine_impl = 1;
215 #endif
216 else if (strcmp(*argv,"-hex") == 0)
217 out_bin = 0;
218 else if (strcmp(*argv,"-binary") == 0)
219 out_bin = 1;
220 else if (strcmp(*argv,"-d") == 0)
221 debug=1;
222 else if (!strcmp(*argv,"-fips-fingerprint"))
223 hmac_key = "etaonrishdlcupfm";
224 else if (strcmp(*argv,"-non-fips-allow") == 0)
225 non_fips_allow=1;
226 else if (!strcmp(*argv,"-hmac"))
227 {
228 if (--argc < 1)
229 break;
230 hmac_key=*++argv;
231 }
232 else if (!strcmp(*argv,"-mac"))
233 {
234 if (--argc < 1)
235 break;
236 mac_name=*++argv;
237 }
238 else if (strcmp(*argv,"-sigopt") == 0)
239 {
240 if (--argc < 1)
241 break;
242 if (!sigopts)
243 sigopts = sk_OPENSSL_STRING_new_null();
244 if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
245 break;
246 }
247 else if (strcmp(*argv,"-macopt") == 0)
248 {
249 if (--argc < 1)
250 break;
251 if (!macopts)
252 macopts = sk_OPENSSL_STRING_new_null();
253 if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv)))
254 break;
255 }
256 else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
257 md=m;
258 else
259 break;
260 argc--;
261 argv++;
262 }
263
264
265 if(do_verify && !sigfile) {
266 BIO_printf(bio_err, "No signature to verify: use the -signature option\n");
267 goto end;
268 }
269
270 if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
271 {
272 BIO_printf(bio_err,"unknown option '%s'\n",*argv);
273 BIO_printf(bio_err,"options are\n");
274 BIO_printf(bio_err,"-c to output the digest with separating colons\n");
275 BIO_printf(bio_err,"-r to output the digest in coreutils format\n");
276 BIO_printf(bio_err,"-d to output debug info\n");
277 BIO_printf(bio_err,"-hex output as hex dump\n");
278 BIO_printf(bio_err,"-binary output in binary form\n");
279 BIO_printf(bio_err,"-hmac arg set the HMAC key to arg\n");
280 BIO_printf(bio_err,"-non-fips-allow allow use of non FIPS digest\n");
281 BIO_printf(bio_err,"-sign file sign digest using private key in file\n");
282 BIO_printf(bio_err,"-verify file verify a signature using public key in file\n");
283 BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n");
284 BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n");
285 BIO_printf(bio_err,"-out filename output to filename rather than stdout\n");
286 BIO_printf(bio_err,"-signature file signature to verify\n");
287 BIO_printf(bio_err,"-sigopt nm:v signature parameter\n");
288 BIO_printf(bio_err,"-hmac key create hashed MAC with key\n");
289 BIO_printf(bio_err,"-mac algorithm create MAC (not neccessarily HMAC)\n");
290 BIO_printf(bio_err,"-macopt nm:v MAC algorithm parameters or key\n");
291 #ifndef OPENSSL_NO_ENGINE
292 BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
293 #endif
294
295 EVP_MD_do_all_sorted(list_md_fn, bio_err);
296 goto end;
297 }
298
299 #ifndef OPENSSL_NO_ENGINE
300 if (engine_impl)
301 impl = e;
302 #endif
303
304 in=BIO_new(BIO_s_file());
305 bmd=BIO_new(BIO_f_md());
306 if (debug)
307 {
308 BIO_set_callback(in,BIO_debug_callback);
309 /* needed for windows 3.1 */
310 BIO_set_callback_arg(in,(char *)bio_err);
311 }
312
313 if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
314 {
315 BIO_printf(bio_err, "Error getting password\n");
316 goto end;
317 }
318
319 if ((in == NULL) || (bmd == NULL))
320 {
321 ERR_print_errors(bio_err);
322 goto end;
323 }
324
325 if(out_bin == -1) {
326 if(keyfile)
327 out_bin = 1;
328 else
329 out_bin = 0;
330 }
331
332 if(randfile)
333 app_RAND_load_file(randfile, bio_err, 0);
334
335 if(outfile) {
336 if(out_bin)
337 out = BIO_new_file(outfile, "wb");
338 else out = BIO_new_file(outfile, "w");
339 } else {
340 out = BIO_new_fp(stdout, BIO_NOCLOSE);
341 #ifdef OPENSSL_SYS_VMS
342 {
343 BIO *tmpbio = BIO_new(BIO_f_linebuffer());
344 out = BIO_push(tmpbio, out);
345 }
346 #endif
347 }
348
349 if(!out) {
350 BIO_printf(bio_err, "Error opening output file %s\n",
351 outfile ? outfile : "(stdout)");
352 ERR_print_errors(bio_err);
353 goto end;
354 }
355 if ((!!mac_name + !!keyfile + !!hmac_key) > 1)
356 {
357 BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
358 goto end;
359 }
360
361 if(keyfile)
362 {
363 if (want_pub)
364 sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
365 e, "key file");
366 else
367 sigkey = load_key(bio_err, keyfile, keyform, 0, passin,
368 e, "key file");
369 if (!sigkey)
370 {
371 /* load_[pub]key() has already printed an appropriate
372 message */
373 goto end;
374 }
375 }
376
377 if (mac_name)
378 {
379 EVP_PKEY_CTX *mac_ctx = NULL;
380 int r = 0;
381 if (!init_gen_str(bio_err, &mac_ctx, mac_name, impl, 0))
382 goto mac_end;
383 if (macopts)
384 {
385 char *macopt;
386 for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++)
387 {
388 macopt = sk_OPENSSL_STRING_value(macopts, i);
389 if (pkey_ctrl_string(mac_ctx, macopt) <= 0)
390 {
391 BIO_printf(bio_err,
392 "MAC parameter error \"%s\"\n",
393 macopt);
394 ERR_print_errors(bio_err);
395 goto mac_end;
396 }
397 }
398 }
399 if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0)
400 {
401 BIO_puts(bio_err, "Error generating key\n");
402 ERR_print_errors(bio_err);
403 goto mac_end;
404 }
405 r = 1;
406 mac_end:
407 if (mac_ctx)
408 EVP_PKEY_CTX_free(mac_ctx);
409 if (r == 0)
410 goto end;
411 }
412
413 if (non_fips_allow)
414 {
415 EVP_MD_CTX *md_ctx;
416 BIO_get_md_ctx(bmd,&md_ctx);
417 EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
418 }
419
420 if (hmac_key)
421 {
422 sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl,
423 (unsigned char *)hmac_key, -1);
424 if (!sigkey)
425 goto end;
426 }
427
428 if (sigkey)
429 {
430 EVP_MD_CTX *mctx = NULL;
431 EVP_PKEY_CTX *pctx = NULL;
432 int r;
433 if (!BIO_get_md_ctx(bmd, &mctx))
434 {
435 BIO_printf(bio_err, "Error getting context\n");
436 ERR_print_errors(bio_err);
437 goto end;
438 }
439 if (do_verify)
440 r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
441 else
442 r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
443 if (!r)
444 {
445 BIO_printf(bio_err, "Error setting context\n");
446 ERR_print_errors(bio_err);
447 goto end;
448 }
449 if (sigopts)
450 {
451 char *sigopt;
452 for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++)
453 {
454 sigopt = sk_OPENSSL_STRING_value(sigopts, i);
455 if (pkey_ctrl_string(pctx, sigopt) <= 0)
456 {
457 BIO_printf(bio_err,
458 "parameter error \"%s\"\n",
459 sigopt);
460 ERR_print_errors(bio_err);
461 goto end;
462 }
463 }
464 }
465 }
466 /* we use md as a filter, reading from 'in' */
467 else
468 {
469 EVP_MD_CTX *mctx = NULL;
470 if (!BIO_get_md_ctx(bmd, &mctx))
471 {
472 BIO_printf(bio_err, "Error getting context\n");
473 ERR_print_errors(bio_err);
474 goto end;
475 }
476 if (md == NULL)
477 md = EVP_md5();
478 if (!EVP_DigestInit_ex(mctx, md, impl))
479 {
480 BIO_printf(bio_err, "Error setting digest %s\n", pname);
481 ERR_print_errors(bio_err);
482 goto end;
483 }
484 }
485
486 if(sigfile && sigkey) {
487 BIO *sigbio;
488 sigbio = BIO_new_file(sigfile, "rb");
489 siglen = EVP_PKEY_size(sigkey);
490 sigbuf = OPENSSL_malloc(siglen);
491 if(!sigbio) {
492 BIO_printf(bio_err, "Error opening signature file %s\n",
493 sigfile);
494 ERR_print_errors(bio_err);
495 goto end;
496 }
497 siglen = BIO_read(sigbio, sigbuf, siglen);
498 BIO_free(sigbio);
499 if(siglen <= 0) {
500 BIO_printf(bio_err, "Error reading signature file %s\n",
501 sigfile);
502 ERR_print_errors(bio_err);
503 goto end;
504 }
505 }
506 inp=BIO_push(bmd,in);
507
508 if (md == NULL)
509 {
510 EVP_MD_CTX *tctx;
511 BIO_get_md_ctx(bmd, &tctx);
512 md = EVP_MD_CTX_md(tctx);
513 }
514
515 if (argc == 0)
516 {
517 BIO_set_fp(in,stdin,BIO_NOCLOSE);
518 err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
519 siglen,NULL,NULL,"stdin",bmd);
520 }
521 else
522 {
523 const char *md_name = NULL, *sig_name = NULL;
524 if(!out_bin)
525 {
526 if (sigkey)
527 {
528 const EVP_PKEY_ASN1_METHOD *ameth;
529 ameth = EVP_PKEY_get0_asn1(sigkey);
530 if (ameth)
531 EVP_PKEY_asn1_get0_info(NULL, NULL,
532 NULL, NULL, &sig_name, ameth);
533 }
534 if (md)
535 md_name = EVP_MD_name(md);
536 }
537 err = 0;
538 for (i=0; i<argc; i++)
539 {
540 int r;
541 if (BIO_read_filename(in,argv[i]) <= 0)
542 {
543 perror(argv[i]);
544 err++;
545 continue;
546 }
547 else
548 r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
549 siglen,sig_name,md_name, argv[i],bmd);
550 if(r)
551 err=r;
552 (void)BIO_reset(bmd);
553 }
554 }
555 end:
556 if (buf != NULL)
557 {
558 OPENSSL_cleanse(buf,BUFSIZE);
559 OPENSSL_free(buf);
560 }
561 if (in != NULL) BIO_free(in);
562 if (passin)
563 OPENSSL_free(passin);
564 BIO_free_all(out);
565 EVP_PKEY_free(sigkey);
566 if (sigopts)
567 sk_OPENSSL_STRING_free(sigopts);
568 if (macopts)
569 sk_OPENSSL_STRING_free(macopts);
570 if(sigbuf) OPENSSL_free(sigbuf);
571 if (bmd != NULL) BIO_free(bmd);
572 apps_shutdown();
573 OPENSSL_EXIT(err);
574 }
575
576 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
577 EVP_PKEY *key, unsigned char *sigin, int siglen,
578 const char *sig_name, const char *md_name,
579 const char *file,BIO *bmd)
580 {
581 size_t len;
582 int i;
583
584 for (;;)
585 {
586 i=BIO_read(bp,(char *)buf,BUFSIZE);
587 if(i < 0)
588 {
589 BIO_printf(bio_err, "Read Error in %s\n",file);
590 ERR_print_errors(bio_err);
591 return 1;
592 }
593 if (i == 0) break;
594 }
595 if(sigin)
596 {
597 EVP_MD_CTX *ctx;
598 BIO_get_md_ctx(bp, &ctx);
599 i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen);
600 if(i > 0)
601 BIO_printf(out, "Verified OK\n");
602 else if(i == 0)
603 {
604 BIO_printf(out, "Verification Failure\n");
605 return 1;
606 }
607 else
608 {
609 BIO_printf(bio_err, "Error Verifying Data\n");
610 ERR_print_errors(bio_err);
611 return 1;
612 }
613 return 0;
614 }
615 if(key)
616 {
617 EVP_MD_CTX *ctx;
618 BIO_get_md_ctx(bp, &ctx);
619 len = BUFSIZE;
620 if(!EVP_DigestSignFinal(ctx, buf, &len))
621 {
622 BIO_printf(bio_err, "Error Signing Data\n");
623 ERR_print_errors(bio_err);
624 return 1;
625 }
626 }
627 else
628 {
629 len=BIO_gets(bp,(char *)buf,BUFSIZE);
630 if ((int)len <0)
631 {
632 ERR_print_errors(bio_err);
633 return 1;
634 }
635 }
636
637 if(binout) BIO_write(out, buf, len);
638 else if (sep == 2)
639 {
640 for (i=0; i<(int)len; i++)
641 BIO_printf(out, "%02x",buf[i]);
642 BIO_printf(out, " *%s\n", file);
643 }
644 else
645 {
646 if (sig_name)
647 {
648 BIO_puts(out, sig_name);
649 if (md_name)
650 BIO_printf(out, "-%s", md_name);
651 BIO_printf(out, "(%s)= ", file);
652 }
653 else if (md_name)
654 BIO_printf(out, "%s(%s)= ", md_name, file);
655 else
656 BIO_printf(out, "(%s)= ", file);
657 for (i=0; i<(int)len; i++)
658 {
659 if (sep && (i != 0))
660 BIO_printf(out, ":");
661 BIO_printf(out, "%02x",buf[i]);
662 }
663 BIO_printf(out, "\n");
664 }
665 return 0;
666 }
667
A mirror of the official openssl repository