X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Fdgst.c;h=d7e524a8835ff8efbdc6f4ba2572c0284bf39786;hp=2926e5514f9b767a1a5b70557529481f8f24778c;hb=688fbf547568f6440cadbbf31cc9da1576a57f67;hpb=6b691a5c85ddc4e407e32781841fee5c029506cd diff --git a/apps/dgst.c b/apps/dgst.c index 2926e5514f..d7e524a883 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -60,12 +60,12 @@ #include #include #include "apps.h" -#include "bio.h" -#include "err.h" -#include "evp.h" -#include "objects.h" -#include "x509.h" -#include "pem.h" +#include +#include +#include +#include +#include +#include #undef BUFSIZE #define BUFSIZE 1024*8 @@ -73,11 +73,10 @@ #undef PROG #define PROG dgst_main -#ifndef NOPROTO -void do_fp(unsigned char *buf,BIO *f,int sep); -#else -void do_fp(); -#endif +void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout, + EVP_PKEY *key, unsigned char *sigin, int siglen); + +int MAIN(int, char **); int MAIN(int argc, char **argv) { @@ -86,15 +85,22 @@ int MAIN(int argc, char **argv) const EVP_MD *md=NULL,*m; BIO *in=NULL,*inp; BIO *bmd=NULL; + BIO *out = NULL; const char *name; #define PROG_NAME_SIZE 16 - char pname[PROG_NAME_SIZE]; + char pname[PROG_NAME_SIZE]; int separator=0; int debug=0; + const char *outfile = NULL, *keyfile = NULL; + const char *sigfile = NULL, *randfile = NULL; + char out_bin = -1, want_pub = 0, do_verify = 0; + EVP_PKEY *sigkey = NULL; + unsigned char *sigbuf = NULL; + int siglen = 0; apps_startup(); - if ((buf=(unsigned char *)Malloc(BUFSIZE)) == NULL) + if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) { BIO_printf(bio_err,"out of memory\n"); goto end; @@ -104,17 +110,54 @@ int MAIN(int argc, char **argv) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); /* first check the program name */ - program_name(argv[0],pname,PROG_NAME_SIZE); + program_name(argv[0],pname,PROG_NAME_SIZE); md=EVP_get_digestbyname(pname); argc--; argv++; - for (i=0; i 0) { if ((*argv)[0] != '-') break; if (strcmp(*argv,"-c") == 0) separator=1; + else if (strcmp(*argv,"-rand") == 0) + { + if (--argc < 1) break; + randfile=*(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) break; + outfile=*(++argv); + } + else if (strcmp(*argv,"-sign") == 0) + { + if (--argc < 1) break; + keyfile=*(++argv); + } + else if (strcmp(*argv,"-verify") == 0) + { + if (--argc < 1) break; + keyfile=*(++argv); + want_pub = 1; + do_verify = 1; + } + else if (strcmp(*argv,"-prverify") == 0) + { + if (--argc < 1) break; + keyfile=*(++argv); + do_verify = 1; + } + else if (strcmp(*argv,"-signature") == 0) + { + if (--argc < 1) break; + sigfile=*(++argv); + } + else if (strcmp(*argv,"-hex") == 0) + out_bin = 0; + else if (strcmp(*argv,"-binary") == 0) + out_bin = 1; else if (strcmp(*argv,"-d") == 0) debug=1; else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL) @@ -128,14 +171,30 @@ int MAIN(int argc, char **argv) if (md == NULL) md=EVP_md5(); + if(do_verify && !sigfile) { + BIO_printf(bio_err, "No signature to verify: use the -signature option\n"); + err = 1; + goto end; + } + if ((argc > 0) && (argv[0][0] == '-')) /* bad option */ { BIO_printf(bio_err,"unknown option '%s'\n",*argv); BIO_printf(bio_err,"options are\n"); - BIO_printf(bio_err,"-c to output the digest with separating colons\n"); - BIO_printf(bio_err,"-d to output debug info\n"); + BIO_printf(bio_err,"-c to output the digest with separating colons\n"); + BIO_printf(bio_err,"-d to output debug info\n"); + BIO_printf(bio_err,"-hex output as hex dump\n"); + BIO_printf(bio_err,"-binary output in binary form\n"); + BIO_printf(bio_err,"-sign file sign digest using private key in file\n"); + BIO_printf(bio_err,"-verify file verify a signature using public key in file\n"); + BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n"); + BIO_printf(bio_err,"-signature file signature to verify\n"); + BIO_printf(bio_err,"-binary output in binary form\n"); + BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n", LN_md5,LN_md5); + BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + LN_md4,LN_md4); BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", LN_md2,LN_md2); BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", @@ -149,7 +208,7 @@ int MAIN(int argc, char **argv) err=1; goto end; } - + in=BIO_new(BIO_s_file()); bmd=BIO_new(BIO_f_md()); if (debug) @@ -165,6 +224,72 @@ int MAIN(int argc, char **argv) goto end; } + if(out_bin == -1) { + if(keyfile) out_bin = 1; + else out_bin = 0; + } + + if(randfile) + app_RAND_load_file(randfile, bio_err, 0); + + if(outfile) { + if(out_bin) + out = BIO_new_file(outfile, "wb"); + else out = BIO_new_file(outfile, "w"); + } else out = BIO_new_fp(stdout, BIO_NOCLOSE); + + if(!out) { + BIO_printf(bio_err, "Error opening output file %s\n", + outfile ? outfile : "(stdout)"); + ERR_print_errors(bio_err); + goto end; + } + + if(keyfile) { + BIO *keybio; + keybio = BIO_new_file(keyfile, "r"); + if(!keybio) { + BIO_printf(bio_err, "Error opening key file %s\n", + keyfile); + ERR_print_errors(bio_err); + goto end; + } + + if(want_pub) + sigkey = PEM_read_bio_PUBKEY(keybio, NULL, NULL, NULL); + else sigkey = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL); + BIO_free(keybio); + if(!sigkey) { + BIO_printf(bio_err, "Error reading key file %s\n", + keyfile); + ERR_print_errors(bio_err); + goto end; + } + } + + if(sigfile && sigkey) { + BIO *sigbio; + sigbio = BIO_new_file(sigfile, "rb"); + siglen = EVP_PKEY_size(sigkey); + sigbuf = OPENSSL_malloc(siglen); + if(!sigbio) { + BIO_printf(bio_err, "Error opening signature file %s\n", + sigfile); + ERR_print_errors(bio_err); + goto end; + } + siglen = BIO_read(sigbio, sigbuf, siglen); + BIO_free(sigbio); + if(siglen <= 0) { + BIO_printf(bio_err, "Error reading signature file %s\n", + sigfile); + ERR_print_errors(bio_err); + goto end; + } + } + + + /* we use md as a filter, reading from 'in' */ BIO_set_md(bmd,md); inp=BIO_push(bmd,in); @@ -172,7 +297,7 @@ int MAIN(int argc, char **argv) if (argc == 0) { BIO_set_fp(in,stdin,BIO_NOCLOSE); - do_fp(buf,inp,separator); + do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, siglen); } else { @@ -185,23 +310,28 @@ int MAIN(int argc, char **argv) err++; continue; } - printf("%s(%s)= ",name,argv[i]); - do_fp(buf,inp,separator); - BIO_reset(bmd); + if(!out_bin) BIO_printf(out, "%s(%s)= ",name,argv[i]); + do_fp(out, buf,inp,separator, out_bin, sigkey, + sigbuf, siglen); + (void)BIO_reset(bmd); } } end: if (buf != NULL) { memset(buf,0,BUFSIZE); - Free(buf); + OPENSSL_free(buf); } if (in != NULL) BIO_free(in); + BIO_free(out); + EVP_PKEY_free(sigkey); + if(sigbuf) OPENSSL_free(sigbuf); if (bmd != NULL) BIO_free(bmd); EXIT(err); } -void do_fp(unsigned char *buf, BIO *bp, int sep) +void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout, + EVP_PKEY *key, unsigned char *sigin, int siglen) { int len; int i; @@ -211,14 +341,44 @@ void do_fp(unsigned char *buf, BIO *bp, int sep) i=BIO_read(bp,(char *)buf,BUFSIZE); if (i <= 0) break; } - len=BIO_gets(bp,(char *)buf,BUFSIZE); + if(sigin) + { + EVP_MD_CTX *ctx; + BIO_get_md_ctx(bp, &ctx); + i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key); + if(i > 0) BIO_printf(out, "Verified OK\n"); + else if(i == 0) BIO_printf(out, "Verification Failure\n"); + else + { + BIO_printf(bio_err, "Error Verifying Data\n"); + ERR_print_errors(bio_err); + } + return; + } + if(key) + { + EVP_MD_CTX *ctx; + BIO_get_md_ctx(bp, &ctx); + if(!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key)) + { + BIO_printf(bio_err, "Error Signing Data\n"); + ERR_print_errors(bio_err); + return; + } + } + else + len=BIO_gets(bp,(char *)buf,BUFSIZE); - for (i=0; i