dgst.c 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623
  1. /* apps/dgst.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. #include <stdio.h>
  59. #include <string.h>
  60. #include <stdlib.h>
  61. #include "apps.h"
  62. #include <openssl/bio.h>
  63. #include <openssl/err.h>
  64. #include <openssl/evp.h>
  65. #include <openssl/objects.h>
  66. #include <openssl/x509.h>
  67. #include <openssl/pem.h>
  68. #include <openssl/hmac.h>
  69. #undef BUFSIZE
  70. #define BUFSIZE 1024*8
  71. #undef PROG
  72. #define PROG dgst_main
  73. int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
  74. EVP_PKEY *key, unsigned char *sigin, int siglen,
  75. const char *sig_name, const char *md_name,
  76. const char *file,BIO *bmd);
  77. static void list_md_fn(const EVP_MD *m,
  78. const char *from, const char *to, void *arg)
  79. {
  80. const char *mname;
  81. /* Skip aliases */
  82. if (!m)
  83. return;
  84. mname = OBJ_nid2ln(EVP_MD_type(m));
  85. /* Skip shortnames */
  86. if (strcmp(from, mname))
  87. return;
  88. /* Skip clones */
  89. if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST)
  90. return;
  91. if (strchr(mname, ' '))
  92. mname= EVP_MD_name(m);
  93. BIO_printf(arg, "-%-14s to use the %s message digest algorithm\n",
  94. mname, mname);
  95. }
  96. int MAIN(int, char **);
  97. int MAIN(int argc, char **argv)
  98. {
  99. ENGINE *e = NULL;
  100. unsigned char *buf=NULL;
  101. int i,err=1;
  102. const EVP_MD *md=NULL,*m;
  103. BIO *in=NULL,*inp;
  104. BIO *bmd=NULL;
  105. BIO *out = NULL;
  106. #define PROG_NAME_SIZE 39
  107. char pname[PROG_NAME_SIZE+1];
  108. int separator=0;
  109. int debug=0;
  110. int keyform=FORMAT_PEM;
  111. const char *outfile = NULL, *keyfile = NULL;
  112. const char *sigfile = NULL, *randfile = NULL;
  113. int out_bin = -1, want_pub = 0, do_verify = 0;
  114. EVP_PKEY *sigkey = NULL;
  115. unsigned char *sigbuf = NULL;
  116. int siglen = 0;
  117. char *passargin = NULL, *passin = NULL;
  118. #ifndef OPENSSL_NO_ENGINE
  119. char *engine=NULL;
  120. #endif
  121. char *hmac_key=NULL;
  122. char *mac_name=NULL;
  123. STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
  124. apps_startup();
  125. if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
  126. {
  127. BIO_printf(bio_err,"out of memory\n");
  128. goto end;
  129. }
  130. if (bio_err == NULL)
  131. if ((bio_err=BIO_new(BIO_s_file())) != NULL)
  132. BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
  133. if (!load_config(bio_err, NULL))
  134. goto end;
  135. /* first check the program name */
  136. program_name(argv[0],pname,sizeof pname);
  137. md=EVP_get_digestbyname(pname);
  138. argc--;
  139. argv++;
  140. while (argc > 0)
  141. {
  142. if ((*argv)[0] != '-') break;
  143. if (strcmp(*argv,"-c") == 0)
  144. separator=1;
  145. else if (strcmp(*argv,"-rand") == 0)
  146. {
  147. if (--argc < 1) break;
  148. randfile=*(++argv);
  149. }
  150. else if (strcmp(*argv,"-out") == 0)
  151. {
  152. if (--argc < 1) break;
  153. outfile=*(++argv);
  154. }
  155. else if (strcmp(*argv,"-sign") == 0)
  156. {
  157. if (--argc < 1) break;
  158. keyfile=*(++argv);
  159. }
  160. else if (!strcmp(*argv,"-passin"))
  161. {
  162. if (--argc < 1)
  163. break;
  164. passargin=*++argv;
  165. }
  166. else if (strcmp(*argv,"-verify") == 0)
  167. {
  168. if (--argc < 1) break;
  169. keyfile=*(++argv);
  170. want_pub = 1;
  171. do_verify = 1;
  172. }
  173. else if (strcmp(*argv,"-prverify") == 0)
  174. {
  175. if (--argc < 1) break;
  176. keyfile=*(++argv);
  177. do_verify = 1;
  178. }
  179. else if (strcmp(*argv,"-signature") == 0)
  180. {
  181. if (--argc < 1) break;
  182. sigfile=*(++argv);
  183. }
  184. else if (strcmp(*argv,"-keyform") == 0)
  185. {
  186. if (--argc < 1) break;
  187. keyform=str2fmt(*(++argv));
  188. }
  189. #ifndef OPENSSL_NO_ENGINE
  190. else if (strcmp(*argv,"-engine") == 0)
  191. {
  192. if (--argc < 1) break;
  193. engine= *(++argv);
  194. e = setup_engine(bio_err, engine, 0);
  195. }
  196. #endif
  197. else if (strcmp(*argv,"-hex") == 0)
  198. out_bin = 0;
  199. else if (strcmp(*argv,"-binary") == 0)
  200. out_bin = 1;
  201. else if (strcmp(*argv,"-d") == 0)
  202. debug=1;
  203. else if (!strcmp(*argv,"-hmac"))
  204. {
  205. if (--argc < 1)
  206. break;
  207. hmac_key=*++argv;
  208. }
  209. else if (!strcmp(*argv,"-mac"))
  210. {
  211. if (--argc < 1)
  212. break;
  213. mac_name=*++argv;
  214. }
  215. else if (strcmp(*argv,"-sigopt") == 0)
  216. {
  217. if (--argc < 1)
  218. break;
  219. if (!sigopts)
  220. sigopts = sk_OPENSSL_STRING_new_null();
  221. if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
  222. break;
  223. }
  224. else if (strcmp(*argv,"-macopt") == 0)
  225. {
  226. if (--argc < 1)
  227. break;
  228. if (!macopts)
  229. macopts = sk_OPENSSL_STRING_new_null();
  230. if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv)))
  231. break;
  232. }
  233. else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
  234. md=m;
  235. else
  236. break;
  237. argc--;
  238. argv++;
  239. }
  240. if(do_verify && !sigfile) {
  241. BIO_printf(bio_err, "No signature to verify: use the -signature option\n");
  242. goto end;
  243. }
  244. if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
  245. {
  246. BIO_printf(bio_err,"unknown option '%s'\n",*argv);
  247. BIO_printf(bio_err,"options are\n");
  248. BIO_printf(bio_err,"-c to output the digest with separating colons\n");
  249. BIO_printf(bio_err,"-d to output debug info\n");
  250. BIO_printf(bio_err,"-hex output as hex dump\n");
  251. BIO_printf(bio_err,"-binary output in binary form\n");
  252. BIO_printf(bio_err,"-sign file sign digest using private key in file\n");
  253. BIO_printf(bio_err,"-verify file verify a signature using public key in file\n");
  254. BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n");
  255. BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n");
  256. BIO_printf(bio_err,"-out filename output to filename rather than stdout\n");
  257. BIO_printf(bio_err,"-signature file signature to verify\n");
  258. BIO_printf(bio_err,"-sigopt nm:v signature parameter\n");
  259. BIO_printf(bio_err,"-hmac key create hashed MAC with key\n");
  260. BIO_printf(bio_err,"-mac algorithm create MAC (not neccessarily HMAC)\n");
  261. BIO_printf(bio_err,"-macopt nm:v MAC algorithm parameters or key\n");
  262. #ifndef OPENSSL_NO_ENGINE
  263. BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
  264. #endif
  265. EVP_MD_do_all_sorted(list_md_fn, bio_err);
  266. goto end;
  267. }
  268. in=BIO_new(BIO_s_file());
  269. bmd=BIO_new(BIO_f_md());
  270. if (debug)
  271. {
  272. BIO_set_callback(in,BIO_debug_callback);
  273. /* needed for windows 3.1 */
  274. BIO_set_callback_arg(in,(char *)bio_err);
  275. }
  276. if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
  277. {
  278. BIO_printf(bio_err, "Error getting password\n");
  279. goto end;
  280. }
  281. if ((in == NULL) || (bmd == NULL))
  282. {
  283. ERR_print_errors(bio_err);
  284. goto end;
  285. }
  286. if(out_bin == -1) {
  287. if(keyfile)
  288. out_bin = 1;
  289. else
  290. out_bin = 0;
  291. }
  292. if(randfile)
  293. app_RAND_load_file(randfile, bio_err, 0);
  294. if(outfile) {
  295. if(out_bin)
  296. out = BIO_new_file(outfile, "wb");
  297. else out = BIO_new_file(outfile, "w");
  298. } else {
  299. out = BIO_new_fp(stdout, BIO_NOCLOSE);
  300. #ifdef OPENSSL_SYS_VMS
  301. {
  302. BIO *tmpbio = BIO_new(BIO_f_linebuffer());
  303. out = BIO_push(tmpbio, out);
  304. }
  305. #endif
  306. }
  307. if(!out) {
  308. BIO_printf(bio_err, "Error opening output file %s\n",
  309. outfile ? outfile : "(stdout)");
  310. ERR_print_errors(bio_err);
  311. goto end;
  312. }
  313. if ((!!mac_name + !!keyfile + !!hmac_key) > 1)
  314. {
  315. BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
  316. goto end;
  317. }
  318. if(keyfile)
  319. {
  320. if (want_pub)
  321. sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
  322. e, "key file");
  323. else
  324. sigkey = load_key(bio_err, keyfile, keyform, 0, passin,
  325. e, "key file");
  326. if (!sigkey)
  327. {
  328. /* load_[pub]key() has already printed an appropriate
  329. message */
  330. goto end;
  331. }
  332. }
  333. if (mac_name)
  334. {
  335. EVP_PKEY_CTX *mac_ctx = NULL;
  336. int r = 0;
  337. if (!init_gen_str(bio_err, &mac_ctx, mac_name,e, 0))
  338. goto mac_end;
  339. if (macopts)
  340. {
  341. char *macopt;
  342. for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++)
  343. {
  344. macopt = sk_OPENSSL_STRING_value(macopts, i);
  345. if (pkey_ctrl_string(mac_ctx, macopt) <= 0)
  346. {
  347. BIO_printf(bio_err,
  348. "MAC parameter error \"%s\"\n",
  349. macopt);
  350. ERR_print_errors(bio_err);
  351. goto mac_end;
  352. }
  353. }
  354. }
  355. if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0)
  356. {
  357. BIO_puts(bio_err, "Error generating key\n");
  358. ERR_print_errors(bio_err);
  359. goto mac_end;
  360. }
  361. r = 1;
  362. mac_end:
  363. if (mac_ctx)
  364. EVP_PKEY_CTX_free(mac_ctx);
  365. if (r == 0)
  366. goto end;
  367. }
  368. if (hmac_key)
  369. {
  370. sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e,
  371. (unsigned char *)hmac_key, -1);
  372. if (!sigkey)
  373. goto end;
  374. }
  375. if (sigkey)
  376. {
  377. EVP_MD_CTX *mctx = NULL;
  378. EVP_PKEY_CTX *pctx = NULL;
  379. int r;
  380. if (!BIO_get_md_ctx(bmd, &mctx))
  381. {
  382. BIO_printf(bio_err, "Error getting context\n");
  383. ERR_print_errors(bio_err);
  384. goto end;
  385. }
  386. if (do_verify)
  387. r = EVP_DigestVerifyInit(mctx, &pctx, md, e, sigkey);
  388. else
  389. r = EVP_DigestSignInit(mctx, &pctx, md, e, sigkey);
  390. if (!r)
  391. {
  392. BIO_printf(bio_err, "Error setting context\n");
  393. ERR_print_errors(bio_err);
  394. goto end;
  395. }
  396. if (sigopts)
  397. {
  398. char *sigopt;
  399. for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++)
  400. {
  401. sigopt = sk_OPENSSL_STRING_value(sigopts, i);
  402. if (pkey_ctrl_string(pctx, sigopt) <= 0)
  403. {
  404. BIO_printf(bio_err,
  405. "parameter error \"%s\"\n",
  406. sigopt);
  407. ERR_print_errors(bio_err);
  408. goto end;
  409. }
  410. }
  411. }
  412. }
  413. /* we use md as a filter, reading from 'in' */
  414. else
  415. {
  416. if (md == NULL)
  417. md = EVP_md5();
  418. if (!BIO_set_md(bmd,md))
  419. {
  420. BIO_printf(bio_err, "Error setting digest %s\n", pname);
  421. ERR_print_errors(bio_err);
  422. goto end;
  423. }
  424. }
  425. if(sigfile && sigkey) {
  426. BIO *sigbio;
  427. sigbio = BIO_new_file(sigfile, "rb");
  428. siglen = EVP_PKEY_size(sigkey);
  429. sigbuf = OPENSSL_malloc(siglen);
  430. if(!sigbio) {
  431. BIO_printf(bio_err, "Error opening signature file %s\n",
  432. sigfile);
  433. ERR_print_errors(bio_err);
  434. goto end;
  435. }
  436. siglen = BIO_read(sigbio, sigbuf, siglen);
  437. BIO_free(sigbio);
  438. if(siglen <= 0) {
  439. BIO_printf(bio_err, "Error reading signature file %s\n",
  440. sigfile);
  441. ERR_print_errors(bio_err);
  442. goto end;
  443. }
  444. }
  445. inp=BIO_push(bmd,in);
  446. if (md == NULL)
  447. {
  448. EVP_MD_CTX *tctx;
  449. BIO_get_md_ctx(bmd, &tctx);
  450. md = EVP_MD_CTX_md(tctx);
  451. }
  452. if (argc == 0)
  453. {
  454. BIO_set_fp(in,stdin,BIO_NOCLOSE);
  455. err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
  456. siglen,NULL,NULL,"stdin",bmd);
  457. }
  458. else
  459. {
  460. const char *md_name = NULL, *sig_name = NULL;
  461. if(!out_bin)
  462. {
  463. if (sigkey)
  464. {
  465. const EVP_PKEY_ASN1_METHOD *ameth;
  466. ameth = EVP_PKEY_get0_asn1(sigkey);
  467. if (ameth)
  468. EVP_PKEY_asn1_get0_info(NULL, NULL,
  469. NULL, NULL, &sig_name, ameth);
  470. }
  471. md_name = EVP_MD_name(md);
  472. }
  473. err = 0;
  474. for (i=0; i<argc; i++)
  475. {
  476. int r;
  477. if (BIO_read_filename(in,argv[i]) <= 0)
  478. {
  479. perror(argv[i]);
  480. err++;
  481. continue;
  482. }
  483. else
  484. r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
  485. siglen,sig_name,md_name, argv[i],bmd);
  486. if(r)
  487. err=r;
  488. (void)BIO_reset(bmd);
  489. }
  490. }
  491. end:
  492. if (buf != NULL)
  493. {
  494. OPENSSL_cleanse(buf,BUFSIZE);
  495. OPENSSL_free(buf);
  496. }
  497. if (in != NULL) BIO_free(in);
  498. if (passin)
  499. OPENSSL_free(passin);
  500. BIO_free_all(out);
  501. EVP_PKEY_free(sigkey);
  502. if (sigopts)
  503. sk_OPENSSL_STRING_free(sigopts);
  504. if (macopts)
  505. sk_OPENSSL_STRING_free(macopts);
  506. if(sigbuf) OPENSSL_free(sigbuf);
  507. if (bmd != NULL) BIO_free(bmd);
  508. apps_shutdown();
  509. OPENSSL_EXIT(err);
  510. }
  511. int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
  512. EVP_PKEY *key, unsigned char *sigin, int siglen,
  513. const char *sig_name, const char *md_name,
  514. const char *file,BIO *bmd)
  515. {
  516. size_t len;
  517. int i;
  518. for (;;)
  519. {
  520. i=BIO_read(bp,(char *)buf,BUFSIZE);
  521. if(i < 0)
  522. {
  523. BIO_printf(bio_err, "Read Error in %s\n",file);
  524. ERR_print_errors(bio_err);
  525. return 1;
  526. }
  527. if (i == 0) break;
  528. }
  529. if(sigin)
  530. {
  531. EVP_MD_CTX *ctx;
  532. BIO_get_md_ctx(bp, &ctx);
  533. i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen);
  534. if(i > 0)
  535. BIO_printf(out, "Verified OK\n");
  536. else if(i == 0)
  537. {
  538. BIO_printf(out, "Verification Failure\n");
  539. return 1;
  540. }
  541. else
  542. {
  543. BIO_printf(bio_err, "Error Verifying Data\n");
  544. ERR_print_errors(bio_err);
  545. return 1;
  546. }
  547. return 0;
  548. }
  549. if(key)
  550. {
  551. EVP_MD_CTX *ctx;
  552. BIO_get_md_ctx(bp, &ctx);
  553. len = BUFSIZE;
  554. if(!EVP_DigestSignFinal(ctx, buf, &len))
  555. {
  556. BIO_printf(bio_err, "Error Signing Data\n");
  557. ERR_print_errors(bio_err);
  558. return 1;
  559. }
  560. }
  561. else
  562. {
  563. len=BIO_gets(bp,(char *)buf,BUFSIZE);
  564. if ((int)len <0)
  565. {
  566. ERR_print_errors(bio_err);
  567. return 1;
  568. }
  569. }
  570. if(binout) BIO_write(out, buf, len);
  571. else
  572. {
  573. if (sig_name)
  574. BIO_printf(out, "%s-%s(%s)= ", sig_name, md_name, file);
  575. else if (md_name)
  576. BIO_printf(out, "%s(%s)= ", md_name, file);
  577. else
  578. BIO_printf(out, "(%s)= ", file);
  579. for (i=0; i<(int)len; i++)
  580. {
  581. if (sep && (i != 0))
  582. BIO_printf(out, ":");
  583. BIO_printf(out, "%02x",buf[i]);
  584. }
  585. BIO_printf(out, "\n");
  586. }
  587. return 0;
  588. }