#undef BUFSIZE
#define BUFSIZE 1024*8
-int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int xoflen,
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
const char *file);
OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
- OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT,
+ OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT, OPT_XOFLEN,
OPT_DIGEST,
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
{"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"},
{"hex", OPT_HEX, '-', "Print as hex dump"},
{"binary", OPT_BINARY, '-', "Print in binary form"},
+ {"xoflen", OPT_XOFLEN, 'p', "Output length for XOF algorithms"},
{"d", OPT_DEBUG, '-', "Print debug info"},
{"debug", OPT_DEBUG, '-', "Print debug info"},
OPTION_CHOICE o;
int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0;
int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
+ int xoflen = 0;
unsigned char *buf = NULL, *sigbuf = NULL;
int engine_impl = 0;
struct doall_dgst_digests dec;
case OPT_BINARY:
out_bin = 1;
break;
+ case OPT_XOFLEN:
+ xoflen = atoi(opt_arg());
+ break;
case OPT_DEBUG:
debug = 1;
break;
if (md != NULL)
md_name = EVP_MD_name(md);
+ if (xoflen > 0) {
+ if (!(EVP_MD_flags(md) & EVP_MD_FLAG_XOF)) {
+ BIO_printf(bio_err, "Length can only be specified for XOF\n");
+ goto end;
+ }
+ if (sigkey != NULL) {
+ BIO_printf(bio_err, "Signing key cannot be specified for XOF\n");
+ goto end;
+ }
+ }
+
if (argc == 0) {
BIO_set_fp(in, stdin, BIO_NOCLOSE);
- ret = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
+ ret = do_fp(out, buf, inp, separator, out_bin, xoflen, sigkey, sigbuf,
siglen, NULL, md_name, "stdin");
} else {
const char *sig_name = NULL;
ret++;
continue;
} else {
- r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
- siglen, sig_name, md_name, argv[i]);
+ r = do_fp(out, buf, inp, separator, out_bin, xoflen,
+ sigkey, sigbuf, siglen, sig_name, md_name, argv[i]);
}
if (r)
ret = r;
}
-int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int xoflen,
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
const char *file)
{
size_t len = BUFSIZE;
int i, backslash = 0, ret = 1;
- unsigned char *sigbuf = NULL;
+ unsigned char *allocated_buf = NULL;
while (BIO_pending(bp) || !BIO_eof(bp)) {
i = BIO_read(bp, (char *)buf, BUFSIZE);
}
if (tmplen > BUFSIZE) {
len = tmplen;
- sigbuf = app_malloc(len, "Signature buffer");
- buf = sigbuf;
+ allocated_buf = app_malloc(len, "Signature buffer");
+ buf = allocated_buf;
}
if (!EVP_DigestSignFinal(ctx, buf, &len)) {
BIO_printf(bio_err, "Error Signing Data\n");
ERR_print_errors(bio_err);
goto end;
}
+ } else if (xoflen > 0) {
+ EVP_MD_CTX *ctx;
+
+ len = xoflen;
+ if (len > BUFSIZE) {
+ allocated_buf = app_malloc(len, "Digest buffer");
+ buf = allocated_buf;
+ }
+
+ BIO_get_md_ctx(bp, &ctx);
+
+ if (!EVP_DigestFinalXOF(ctx, buf, len)) {
+ BIO_printf(bio_err, "Error Digesting Data\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
} else {
len = BIO_gets(bp, (char *)buf, BUFSIZE);
if ((int)len < 0) {
ret = 0;
end:
- if (sigbuf != NULL)
- OPENSSL_clear_free(sigbuf, len);
+ if (allocated_buf != NULL)
+ OPENSSL_clear_free(allocated_buf, len);
return ret;
}
setup("test_dgst");
-plan tests => 6;
+plan tests => 7;
sub tsignverify {
my $testtext = shift;
my @hmacdata = run(app(['openssl', 'dgst', '-sha256', '-hmac', '123456',
$testdata, $testdata]), capture => 1);
chomp(@hmacdata);
- my $expected = qr/HMAC-SHA256\([^\)]*data.bin\)= 6f12484129c4a761747f13d8234a1ff0e074adb34e9e9bf3a155c391b97b9a7c/;
+ my $expected = qr/HMAC-SHA256\(\Q$testdata\E\)= 6f12484129c4a761747f13d8234a1ff0e074adb34e9e9bf3a155c391b97b9a7c/;
ok($hmacdata[0] =~ $expected, "HMAC: Check HMAC value is as expected ($hmacdata[0]) vs ($expected)");
ok($hmacdata[1] =~ $expected,
"HMAC: Check second HMAC value is consistent with the first ($hmacdata[1]) vs ($expected)");
};
+
+subtest "Custom length XOF digest generation with `dgst` CLI" => sub {
+ plan tests => 2;
+
+ my $testdata = srctop_file('test', 'data.bin');
+ #Digest the data twice to check consistency
+ my @xofdata = run(app(['openssl', 'dgst', '-shake128', '-xoflen', '64',
+ $testdata, $testdata]), capture => 1);
+ chomp(@xofdata);
+ my $expected = qr/SHAKE128\(\Q$testdata\E\)= bb565dac72640109e1c926ef441d3fa64ffd0b3e2bf8cd73d5182dfba19b6a8a2eab96d2df854b647b3795ef090582abe41ba4e0717dc4df40bc4e17d88e4677/;
+ ok($xofdata[0] =~ $expected, "XOF: Check digest value is as expected ($xofdata[0]) vs ($expected)");
+ ok($xofdata[1] =~ $expected,
+ "XOF: Check second digest value is consistent with the first ($xofdata[1]) vs ($expected)");
+};