2
0

dgst.c 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620
  1. /* apps/dgst.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. #include <stdio.h>
  59. #include <string.h>
  60. #include <stdlib.h>
  61. #include "apps.h"
  62. #include <openssl/bio.h>
  63. #include <openssl/err.h>
  64. #include <openssl/evp.h>
  65. #include <openssl/objects.h>
  66. #include <openssl/x509.h>
  67. #include <openssl/pem.h>
  68. #include <openssl/hmac.h>
  69. #undef BUFSIZE
  70. #define BUFSIZE 1024*8
  71. #undef PROG
  72. #define PROG dgst_main
  73. int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
  74. EVP_PKEY *key, unsigned char *sigin, int siglen,
  75. const char *sig_name, const char *md_name,
  76. const char *file, BIO *bmd);
  77. static void list_md_fn(const EVP_MD *m,
  78. const char *from, const char *to, void *arg)
  79. {
  80. const char *mname;
  81. /* Skip aliases */
  82. if (!m)
  83. return;
  84. mname = OBJ_nid2ln(EVP_MD_type(m));
  85. /* Skip shortnames */
  86. if (strcmp(from, mname))
  87. return;
  88. /* Skip clones */
  89. if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST)
  90. return;
  91. if (strchr(mname, ' '))
  92. mname = EVP_MD_name(m);
  93. BIO_printf(arg, "-%-14s to use the %s message digest algorithm\n",
  94. mname, mname);
  95. }
  96. int MAIN(int, char **);
  97. int MAIN(int argc, char **argv)
  98. {
  99. ENGINE *e = NULL, *impl = NULL;
  100. unsigned char *buf = NULL;
  101. int i, err = 1;
  102. const EVP_MD *md = NULL, *m;
  103. BIO *in = NULL, *inp;
  104. BIO *bmd = NULL;
  105. BIO *out = NULL;
  106. #define PROG_NAME_SIZE 39
  107. char pname[PROG_NAME_SIZE + 1];
  108. int separator = 0;
  109. int debug = 0;
  110. int keyform = FORMAT_PEM;
  111. const char *outfile = NULL, *keyfile = NULL;
  112. const char *sigfile = NULL, *randfile = NULL;
  113. int out_bin = -1, want_pub = 0, do_verify = 0;
  114. EVP_PKEY *sigkey = NULL;
  115. unsigned char *sigbuf = NULL;
  116. int siglen = 0;
  117. char *passargin = NULL, *passin = NULL;
  118. #ifndef OPENSSL_NO_ENGINE
  119. char *engine = NULL;
  120. int engine_impl = 0;
  121. #endif
  122. char *hmac_key = NULL;
  123. char *mac_name = NULL;
  124. int non_fips_allow = 0;
  125. STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
  126. apps_startup();
  127. if ((buf = (unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) {
  128. BIO_printf(bio_err, "out of memory\n");
  129. goto end;
  130. }
  131. if (bio_err == NULL)
  132. if ((bio_err = BIO_new(BIO_s_file())) != NULL)
  133. BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
  134. if (!load_config(bio_err, NULL))
  135. goto end;
  136. /* first check the program name */
  137. program_name(argv[0], pname, sizeof pname);
  138. md = EVP_get_digestbyname(pname);
  139. argc--;
  140. argv++;
  141. while (argc > 0) {
  142. if ((*argv)[0] != '-')
  143. break;
  144. if (strcmp(*argv, "-c") == 0)
  145. separator = 1;
  146. else if (strcmp(*argv, "-r") == 0)
  147. separator = 2;
  148. else if (strcmp(*argv, "-rand") == 0) {
  149. if (--argc < 1)
  150. break;
  151. randfile = *(++argv);
  152. } else if (strcmp(*argv, "-out") == 0) {
  153. if (--argc < 1)
  154. break;
  155. outfile = *(++argv);
  156. } else if (strcmp(*argv, "-sign") == 0) {
  157. if (--argc < 1)
  158. break;
  159. keyfile = *(++argv);
  160. } else if (!strcmp(*argv, "-passin")) {
  161. if (--argc < 1)
  162. break;
  163. passargin = *++argv;
  164. } else if (strcmp(*argv, "-verify") == 0) {
  165. if (--argc < 1)
  166. break;
  167. keyfile = *(++argv);
  168. want_pub = 1;
  169. do_verify = 1;
  170. } else if (strcmp(*argv, "-prverify") == 0) {
  171. if (--argc < 1)
  172. break;
  173. keyfile = *(++argv);
  174. do_verify = 1;
  175. } else if (strcmp(*argv, "-signature") == 0) {
  176. if (--argc < 1)
  177. break;
  178. sigfile = *(++argv);
  179. } else if (strcmp(*argv, "-keyform") == 0) {
  180. if (--argc < 1)
  181. break;
  182. keyform = str2fmt(*(++argv));
  183. }
  184. #ifndef OPENSSL_NO_ENGINE
  185. else if (strcmp(*argv, "-engine") == 0) {
  186. if (--argc < 1)
  187. break;
  188. engine = *(++argv);
  189. e = setup_engine(bio_err, engine, 0);
  190. } else if (strcmp(*argv, "-engine_impl") == 0)
  191. engine_impl = 1;
  192. #endif
  193. else if (strcmp(*argv, "-hex") == 0)
  194. out_bin = 0;
  195. else if (strcmp(*argv, "-binary") == 0)
  196. out_bin = 1;
  197. else if (strcmp(*argv, "-d") == 0)
  198. debug = 1;
  199. else if (!strcmp(*argv, "-fips-fingerprint"))
  200. hmac_key = "etaonrishdlcupfm";
  201. else if (strcmp(*argv, "-non-fips-allow") == 0)
  202. non_fips_allow = 1;
  203. else if (!strcmp(*argv, "-hmac")) {
  204. if (--argc < 1)
  205. break;
  206. hmac_key = *++argv;
  207. } else if (!strcmp(*argv, "-mac")) {
  208. if (--argc < 1)
  209. break;
  210. mac_name = *++argv;
  211. } else if (strcmp(*argv, "-sigopt") == 0) {
  212. if (--argc < 1)
  213. break;
  214. if (!sigopts)
  215. sigopts = sk_OPENSSL_STRING_new_null();
  216. if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
  217. break;
  218. } else if (strcmp(*argv, "-macopt") == 0) {
  219. if (--argc < 1)
  220. break;
  221. if (!macopts)
  222. macopts = sk_OPENSSL_STRING_new_null();
  223. if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv)))
  224. break;
  225. } else if ((m = EVP_get_digestbyname(&((*argv)[1]))) != NULL)
  226. md = m;
  227. else
  228. break;
  229. argc--;
  230. argv++;
  231. }
  232. if (keyfile != NULL && argc > 1) {
  233. BIO_printf(bio_err, "Can only sign or verify one file\n");
  234. goto end;
  235. }
  236. if (do_verify && !sigfile) {
  237. BIO_printf(bio_err,
  238. "No signature to verify: use the -signature option\n");
  239. goto end;
  240. }
  241. if ((argc > 0) && (argv[0][0] == '-')) { /* bad option */
  242. BIO_printf(bio_err, "unknown option '%s'\n", *argv);
  243. BIO_printf(bio_err, "options are\n");
  244. BIO_printf(bio_err,
  245. "-c to output the digest with separating colons\n");
  246. BIO_printf(bio_err,
  247. "-r to output the digest in coreutils format\n");
  248. BIO_printf(bio_err, "-d to output debug info\n");
  249. BIO_printf(bio_err, "-hex output as hex dump\n");
  250. BIO_printf(bio_err, "-binary output in binary form\n");
  251. BIO_printf(bio_err, "-hmac arg set the HMAC key to arg\n");
  252. BIO_printf(bio_err, "-non-fips-allow allow use of non FIPS digest\n");
  253. BIO_printf(bio_err,
  254. "-sign file sign digest using private key in file\n");
  255. BIO_printf(bio_err,
  256. "-verify file verify a signature using public key in file\n");
  257. BIO_printf(bio_err,
  258. "-prverify file verify a signature using private key in file\n");
  259. BIO_printf(bio_err,
  260. "-keyform arg key file format (PEM or ENGINE)\n");
  261. BIO_printf(bio_err,
  262. "-out filename output to filename rather than stdout\n");
  263. BIO_printf(bio_err, "-signature file signature to verify\n");
  264. BIO_printf(bio_err, "-sigopt nm:v signature parameter\n");
  265. BIO_printf(bio_err, "-hmac key create hashed MAC with key\n");
  266. BIO_printf(bio_err,
  267. "-mac algorithm create MAC (not neccessarily HMAC)\n");
  268. BIO_printf(bio_err,
  269. "-macopt nm:v MAC algorithm parameters or key\n");
  270. #ifndef OPENSSL_NO_ENGINE
  271. BIO_printf(bio_err,
  272. "-engine e use engine e, possibly a hardware device.\n");
  273. #endif
  274. EVP_MD_do_all_sorted(list_md_fn, bio_err);
  275. goto end;
  276. }
  277. #ifndef OPENSSL_NO_ENGINE
  278. if (engine_impl)
  279. impl = e;
  280. #endif
  281. in = BIO_new(BIO_s_file());
  282. bmd = BIO_new(BIO_f_md());
  283. if ((in == NULL) || (bmd == NULL)) {
  284. ERR_print_errors(bio_err);
  285. goto end;
  286. }
  287. if (debug) {
  288. BIO_set_callback(in, BIO_debug_callback);
  289. /* needed for windows 3.1 */
  290. BIO_set_callback_arg(in, (char *)bio_err);
  291. }
  292. if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
  293. BIO_printf(bio_err, "Error getting password\n");
  294. goto end;
  295. }
  296. if (out_bin == -1) {
  297. if (keyfile)
  298. out_bin = 1;
  299. else
  300. out_bin = 0;
  301. }
  302. if (randfile)
  303. app_RAND_load_file(randfile, bio_err, 0);
  304. if (outfile) {
  305. if (out_bin)
  306. out = BIO_new_file(outfile, "wb");
  307. else
  308. out = BIO_new_file(outfile, "w");
  309. } else {
  310. out = BIO_new_fp(stdout, BIO_NOCLOSE);
  311. #ifdef OPENSSL_SYS_VMS
  312. {
  313. BIO *tmpbio = BIO_new(BIO_f_linebuffer());
  314. out = BIO_push(tmpbio, out);
  315. }
  316. #endif
  317. }
  318. if (!out) {
  319. BIO_printf(bio_err, "Error opening output file %s\n",
  320. outfile ? outfile : "(stdout)");
  321. ERR_print_errors(bio_err);
  322. goto end;
  323. }
  324. if ((! !mac_name + ! !keyfile + ! !hmac_key) > 1) {
  325. BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
  326. goto end;
  327. }
  328. if (keyfile) {
  329. if (want_pub)
  330. sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
  331. e, "key file");
  332. else
  333. sigkey = load_key(bio_err, keyfile, keyform, 0, passin,
  334. e, "key file");
  335. if (!sigkey) {
  336. /*
  337. * load_[pub]key() has already printed an appropriate message
  338. */
  339. goto end;
  340. }
  341. }
  342. if (mac_name) {
  343. EVP_PKEY_CTX *mac_ctx = NULL;
  344. int r = 0;
  345. if (!init_gen_str(bio_err, &mac_ctx, mac_name, impl, 0))
  346. goto mac_end;
  347. if (macopts) {
  348. char *macopt;
  349. for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
  350. macopt = sk_OPENSSL_STRING_value(macopts, i);
  351. if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
  352. BIO_printf(bio_err,
  353. "MAC parameter error \"%s\"\n", macopt);
  354. ERR_print_errors(bio_err);
  355. goto mac_end;
  356. }
  357. }
  358. }
  359. if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) {
  360. BIO_puts(bio_err, "Error generating key\n");
  361. ERR_print_errors(bio_err);
  362. goto mac_end;
  363. }
  364. r = 1;
  365. mac_end:
  366. if (mac_ctx)
  367. EVP_PKEY_CTX_free(mac_ctx);
  368. if (r == 0)
  369. goto end;
  370. }
  371. if (non_fips_allow) {
  372. EVP_MD_CTX *md_ctx;
  373. BIO_get_md_ctx(bmd, &md_ctx);
  374. EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
  375. }
  376. if (hmac_key) {
  377. sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl,
  378. (unsigned char *)hmac_key, -1);
  379. if (!sigkey)
  380. goto end;
  381. }
  382. if (sigkey) {
  383. EVP_MD_CTX *mctx = NULL;
  384. EVP_PKEY_CTX *pctx = NULL;
  385. int r;
  386. if (!BIO_get_md_ctx(bmd, &mctx)) {
  387. BIO_printf(bio_err, "Error getting context\n");
  388. ERR_print_errors(bio_err);
  389. goto end;
  390. }
  391. if (do_verify)
  392. r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
  393. else
  394. r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
  395. if (!r) {
  396. BIO_printf(bio_err, "Error setting context\n");
  397. ERR_print_errors(bio_err);
  398. goto end;
  399. }
  400. if (sigopts) {
  401. char *sigopt;
  402. for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
  403. sigopt = sk_OPENSSL_STRING_value(sigopts, i);
  404. if (pkey_ctrl_string(pctx, sigopt) <= 0) {
  405. BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt);
  406. ERR_print_errors(bio_err);
  407. goto end;
  408. }
  409. }
  410. }
  411. }
  412. /* we use md as a filter, reading from 'in' */
  413. else {
  414. EVP_MD_CTX *mctx = NULL;
  415. if (!BIO_get_md_ctx(bmd, &mctx)) {
  416. BIO_printf(bio_err, "Error getting context\n");
  417. ERR_print_errors(bio_err);
  418. goto end;
  419. }
  420. if (md == NULL)
  421. md = EVP_md5();
  422. if (!EVP_DigestInit_ex(mctx, md, impl)) {
  423. BIO_printf(bio_err, "Error setting digest %s\n", pname);
  424. ERR_print_errors(bio_err);
  425. goto end;
  426. }
  427. }
  428. if (sigfile && sigkey) {
  429. BIO *sigbio;
  430. sigbio = BIO_new_file(sigfile, "rb");
  431. siglen = EVP_PKEY_size(sigkey);
  432. sigbuf = OPENSSL_malloc(siglen);
  433. if (!sigbio) {
  434. BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
  435. ERR_print_errors(bio_err);
  436. goto end;
  437. }
  438. if (!sigbuf) {
  439. BIO_printf(bio_err, "Out of memory\n");
  440. ERR_print_errors(bio_err);
  441. goto end;
  442. }
  443. siglen = BIO_read(sigbio, sigbuf, siglen);
  444. BIO_free(sigbio);
  445. if (siglen <= 0) {
  446. BIO_printf(bio_err, "Error reading signature file %s\n", sigfile);
  447. ERR_print_errors(bio_err);
  448. goto end;
  449. }
  450. }
  451. inp = BIO_push(bmd, in);
  452. if (md == NULL) {
  453. EVP_MD_CTX *tctx;
  454. BIO_get_md_ctx(bmd, &tctx);
  455. md = EVP_MD_CTX_md(tctx);
  456. }
  457. if (argc == 0) {
  458. BIO_set_fp(in, stdin, BIO_NOCLOSE);
  459. err = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
  460. siglen, NULL, NULL, "stdin", bmd);
  461. } else {
  462. const char *md_name = NULL, *sig_name = NULL;
  463. if (!out_bin) {
  464. if (sigkey) {
  465. const EVP_PKEY_ASN1_METHOD *ameth;
  466. ameth = EVP_PKEY_get0_asn1(sigkey);
  467. if (ameth)
  468. EVP_PKEY_asn1_get0_info(NULL, NULL,
  469. NULL, NULL, &sig_name, ameth);
  470. }
  471. if (md)
  472. md_name = EVP_MD_name(md);
  473. }
  474. err = 0;
  475. for (i = 0; i < argc; i++) {
  476. int r;
  477. if (BIO_read_filename(in, argv[i]) <= 0) {
  478. perror(argv[i]);
  479. err++;
  480. continue;
  481. } else
  482. r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
  483. siglen, sig_name, md_name, argv[i], bmd);
  484. if (r)
  485. err = r;
  486. (void)BIO_reset(bmd);
  487. }
  488. }
  489. end:
  490. if (buf != NULL) {
  491. OPENSSL_cleanse(buf, BUFSIZE);
  492. OPENSSL_free(buf);
  493. }
  494. if (in != NULL)
  495. BIO_free(in);
  496. if (passin)
  497. OPENSSL_free(passin);
  498. BIO_free_all(out);
  499. EVP_PKEY_free(sigkey);
  500. if (sigopts)
  501. sk_OPENSSL_STRING_free(sigopts);
  502. if (macopts)
  503. sk_OPENSSL_STRING_free(macopts);
  504. if (sigbuf)
  505. OPENSSL_free(sigbuf);
  506. if (bmd != NULL)
  507. BIO_free(bmd);
  508. release_engine(e);
  509. apps_shutdown();
  510. OPENSSL_EXIT(err);
  511. }
  512. int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
  513. EVP_PKEY *key, unsigned char *sigin, int siglen,
  514. const char *sig_name, const char *md_name,
  515. const char *file, BIO *bmd)
  516. {
  517. size_t len;
  518. int i;
  519. for (;;) {
  520. i = BIO_read(bp, (char *)buf, BUFSIZE);
  521. if (i < 0) {
  522. BIO_printf(bio_err, "Read Error in %s\n", file);
  523. ERR_print_errors(bio_err);
  524. return 1;
  525. }
  526. if (i == 0)
  527. break;
  528. }
  529. if (sigin) {
  530. EVP_MD_CTX *ctx;
  531. BIO_get_md_ctx(bp, &ctx);
  532. i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen);
  533. if (i > 0)
  534. BIO_printf(out, "Verified OK\n");
  535. else if (i == 0) {
  536. BIO_printf(out, "Verification Failure\n");
  537. return 1;
  538. } else {
  539. BIO_printf(bio_err, "Error Verifying Data\n");
  540. ERR_print_errors(bio_err);
  541. return 1;
  542. }
  543. return 0;
  544. }
  545. if (key) {
  546. EVP_MD_CTX *ctx;
  547. BIO_get_md_ctx(bp, &ctx);
  548. len = BUFSIZE;
  549. if (!EVP_DigestSignFinal(ctx, buf, &len)) {
  550. BIO_printf(bio_err, "Error Signing Data\n");
  551. ERR_print_errors(bio_err);
  552. return 1;
  553. }
  554. } else {
  555. len = BIO_gets(bp, (char *)buf, BUFSIZE);
  556. if ((int)len < 0) {
  557. ERR_print_errors(bio_err);
  558. return 1;
  559. }
  560. }
  561. if (binout)
  562. BIO_write(out, buf, len);
  563. else if (sep == 2) {
  564. for (i = 0; i < (int)len; i++)
  565. BIO_printf(out, "%02x", buf[i]);
  566. BIO_printf(out, " *%s\n", file);
  567. } else {
  568. if (sig_name) {
  569. BIO_puts(out, sig_name);
  570. if (md_name)
  571. BIO_printf(out, "-%s", md_name);
  572. BIO_printf(out, "(%s)= ", file);
  573. } else if (md_name)
  574. BIO_printf(out, "%s(%s)= ", md_name, file);
  575. else
  576. BIO_printf(out, "(%s)= ", file);
  577. for (i = 0; i < (int)len; i++) {
  578. if (sep && (i != 0))
  579. BIO_printf(out, ":");
  580. BIO_printf(out, "%02x", buf[i]);
  581. }
  582. BIO_printf(out, "\n");
  583. }
  584. return 0;
  585. }