1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/ossrv/ssl/tsrc/topenssl/src/dgst.c Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,516 @@
1.4 +/* apps/dgst.c */
1.5 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
1.6 + * All rights reserved.
1.7 + *
1.8 + * This package is an SSL implementation written
1.9 + * by Eric Young (eay@cryptsoft.com).
1.10 + * The implementation was written so as to conform with Netscapes SSL.
1.11 + *
1.12 + * This library is free for commercial and non-commercial use as long as
1.13 + * the following conditions are aheared to. The following conditions
1.14 + * apply to all code found in this distribution, be it the RC4, RSA,
1.15 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
1.16 + * included with this distribution is covered by the same copyright terms
1.17 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
1.18 + *
1.19 + * Copyright remains Eric Young's, and as such any Copyright notices in
1.20 + * the code are not to be removed.
1.21 + * If this package is used in a product, Eric Young should be given attribution
1.22 + * as the author of the parts of the library used.
1.23 + * This can be in the form of a textual message at program startup or
1.24 + * in documentation (online or textual) provided with the package.
1.25 + *
1.26 + * Redistribution and use in source and binary forms, with or without
1.27 + * modification, are permitted provided that the following conditions
1.28 + * are met:
1.29 + * 1. Redistributions of source code must retain the copyright
1.30 + * notice, this list of conditions and the following disclaimer.
1.31 + * 2. Redistributions in binary form must reproduce the above copyright
1.32 + * notice, this list of conditions and the following disclaimer in the
1.33 + * documentation and/or other materials provided with the distribution.
1.34 + * 3. All advertising materials mentioning features or use of this software
1.35 + * must display the following acknowledgement:
1.36 + * "This product includes cryptographic software written by
1.37 + * Eric Young (eay@cryptsoft.com)"
1.38 + * The word 'cryptographic' can be left out if the rouines from the library
1.39 + * being used are not cryptographic related :-).
1.40 + * 4. If you include any Windows specific code (or a derivative thereof) from
1.41 + * the apps directory (application code) you must include an acknowledgement:
1.42 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
1.43 + *
1.44 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
1.45 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.46 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1.47 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
1.48 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1.49 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1.50 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.51 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1.52 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1.53 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1.54 + * SUCH DAMAGE.
1.55 + *
1.56 + * The licence and distribution terms for any publically available version or
1.57 + * derivative of this code cannot be changed. i.e. this code cannot simply be
1.58 + * copied and put under another distribution licence
1.59 + * [including the GNU Public Licence.]
1.60 + */
1.61 +
1.62 +#include <stdio.h>
1.63 +#include <string.h>
1.64 +#include <stdlib.h>
1.65 +#include "apps.h"
1.66 +#include <openssl/bio.h>
1.67 +#include <openssl/err.h>
1.68 +#include <openssl/evp.h>
1.69 +#include <openssl/objects.h>
1.70 +#include <openssl/x509.h>
1.71 +#include <openssl/pem.h>
1.72 +#include <openssl/hmac.h>
1.73 +
1.74 +#undef BUFSIZE
1.75 +#define BUFSIZE 1024*8
1.76 +
1.77 +#undef PROG
1.78 +#define PROG dgst_main
1.79 +
1.80 +int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
1.81 + EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
1.82 + const char *file,BIO *bmd,const char *hmac_key);
1.83 +
1.84 +
1.85 +int MAIN(int, char **);
1.86 +
1.87 +int MAIN(int argc, char **argv)
1.88 + {
1.89 + ENGINE *e = NULL;
1.90 + unsigned char *buf=NULL;
1.91 + int i,err=0;
1.92 + const EVP_MD *md=NULL,*m;
1.93 + BIO *in=NULL,*inp;
1.94 + BIO *bmd=NULL;
1.95 + BIO *out = NULL;
1.96 + const char *name;
1.97 +#define PROG_NAME_SIZE 39
1.98 + char pname[PROG_NAME_SIZE+1];
1.99 + int separator=0;
1.100 + int debug=0;
1.101 + int keyform=FORMAT_PEM;
1.102 + const char *outfile = NULL, *keyfile = NULL;
1.103 + const char *sigfile = NULL, *randfile = NULL;
1.104 + int out_bin = -1, want_pub = 0, do_verify = 0;
1.105 + EVP_PKEY *sigkey = NULL;
1.106 + unsigned char *sigbuf = NULL;
1.107 + int siglen = 0;
1.108 + char *passargin = NULL, *passin = NULL;
1.109 +#ifndef OPENSSL_NO_ENGINE
1.110 + char *engine=NULL;
1.111 +#endif
1.112 + char *hmac_key=NULL;
1.113 +
1.114 + apps_startup();
1.115 +
1.116 + if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
1.117 + {
1.118 + BIO_printf(bio_err,"out of memory\n");
1.119 + goto end;
1.120 + }
1.121 + if (bio_err == NULL)
1.122 + if ((bio_err=BIO_new(BIO_s_file())) != NULL)
1.123 + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
1.124 +
1.125 +
1.126 +
1.127 + if (!load_config(bio_err, NULL))
1.128 + goto end;
1.129 +
1.130 + /* first check the program name */
1.131 + program_name(argv[0],pname,sizeof pname);
1.132 +
1.133 + md=EVP_get_digestbyname(pname);
1.134 +
1.135 + argc--;
1.136 + argv++;
1.137 + while (argc > 0)
1.138 + {
1.139 + if ((*argv)[0] != '-') break;
1.140 + if (strcmp(*argv,"-c") == 0)
1.141 + separator=1;
1.142 + else if (strcmp(*argv,"-rand") == 0)
1.143 + {
1.144 + if (--argc < 1) break;
1.145 + randfile=*(++argv);
1.146 + }
1.147 + else if (strcmp(*argv,"-out") == 0)
1.148 + {
1.149 + if (--argc < 1) break;
1.150 + outfile=*(++argv);
1.151 + }
1.152 + else if (strcmp(*argv,"-sign") == 0)
1.153 + {
1.154 + if (--argc < 1) break;
1.155 + keyfile=*(++argv);
1.156 + }
1.157 + else if (!strcmp(*argv,"-passin"))
1.158 + {
1.159 + if (--argc < 1)
1.160 + break;
1.161 + passargin=*++argv;
1.162 + }
1.163 + else if (strcmp(*argv,"-verify") == 0)
1.164 + {
1.165 + if (--argc < 1) break;
1.166 + keyfile=*(++argv);
1.167 + want_pub = 1;
1.168 + do_verify = 1;
1.169 + }
1.170 + else if (strcmp(*argv,"-prverify") == 0)
1.171 + {
1.172 + if (--argc < 1) break;
1.173 + keyfile=*(++argv);
1.174 + do_verify = 1;
1.175 + }
1.176 + else if (strcmp(*argv,"-signature") == 0)
1.177 + {
1.178 + if (--argc < 1) break;
1.179 + sigfile=*(++argv);
1.180 + }
1.181 + else if (strcmp(*argv,"-keyform") == 0)
1.182 + {
1.183 + if (--argc < 1) break;
1.184 + keyform=str2fmt(*(++argv));
1.185 + }
1.186 +#ifndef OPENSSL_NO_ENGINE
1.187 + else if (strcmp(*argv,"-engine") == 0)
1.188 + {
1.189 + if (--argc < 1) break;
1.190 + engine= *(++argv);
1.191 + }
1.192 +#endif
1.193 + else if (strcmp(*argv,"-hex") == 0)
1.194 + out_bin = 0;
1.195 + else if (strcmp(*argv,"-binary") == 0)
1.196 + out_bin = 1;
1.197 + else if (strcmp(*argv,"-d") == 0)
1.198 + debug=1;
1.199 + else if (!strcmp(*argv,"-hmac"))
1.200 + {
1.201 + if (--argc < 1)
1.202 + break;
1.203 + hmac_key=*++argv;
1.204 + }
1.205 + else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
1.206 + md=m;
1.207 + else
1.208 + break;
1.209 + argc--;
1.210 + argv++;
1.211 + }
1.212 +
1.213 + if (md == NULL)
1.214 + md=EVP_md5();
1.215 +
1.216 + if(do_verify && !sigfile) {
1.217 + BIO_printf(bio_err, "No signature to verify: use the -signature option\n");
1.218 + err = 1;
1.219 + goto end;
1.220 + }
1.221 +
1.222 + if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
1.223 + {
1.224 + BIO_printf(bio_err,"unknown option '%s'\n",*argv);
1.225 + BIO_printf(bio_err,"options are\n");
1.226 + BIO_printf(bio_err,"-c to output the digest with separating colons\n");
1.227 + BIO_printf(bio_err,"-d to output debug info\n");
1.228 + BIO_printf(bio_err,"-hex output as hex dump\n");
1.229 + BIO_printf(bio_err,"-binary output in binary form\n");
1.230 + BIO_printf(bio_err,"-sign file sign digest using private key in file\n");
1.231 + BIO_printf(bio_err,"-verify file verify a signature using public key in file\n");
1.232 + BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n");
1.233 + BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n");
1.234 + BIO_printf(bio_err,"-signature file signature to verify\n");
1.235 + BIO_printf(bio_err,"-binary output in binary form\n");
1.236 +#ifndef OPENSSL_NO_ENGINE
1.237 + BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
1.238 +#endif
1.239 +
1.240 + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm (default)\n",
1.241 + LN_md5,LN_md5);
1.242 + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
1.243 + LN_md4,LN_md4);
1.244 + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
1.245 + LN_md2,LN_md2);
1.246 +#ifndef OPENSSL_NO_SHA
1.247 + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
1.248 + LN_sha1,LN_sha1);
1.249 + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
1.250 + LN_sha,LN_sha);
1.251 +#ifndef OPENSSL_NO_SHA256
1.252 + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
1.253 + LN_sha224,LN_sha224);
1.254 + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
1.255 + LN_sha256,LN_sha256);
1.256 +#endif
1.257 +#ifndef OPENSSL_NO_SHA512
1.258 + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
1.259 + LN_sha384,LN_sha384);
1.260 + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
1.261 + LN_sha512,LN_sha512);
1.262 +#endif
1.263 +#endif
1.264 + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
1.265 + LN_mdc2,LN_mdc2);
1.266 + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
1.267 + LN_ripemd160,LN_ripemd160);
1.268 + err=1;
1.269 + goto end;
1.270 + }
1.271 +
1.272 +#ifndef OPENSSL_NO_ENGINE
1.273 + e = setup_engine(bio_err, engine, 0);
1.274 +#endif
1.275 +
1.276 + in=BIO_new(BIO_s_file());
1.277 + bmd=BIO_new(BIO_f_md());
1.278 + if (debug)
1.279 + {
1.280 + BIO_set_callback(in,BIO_debug_callback);
1.281 + /* needed for windows 3.1 */
1.282 + BIO_set_callback_arg(in,(char *)bio_err);
1.283 + }
1.284 +
1.285 + if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
1.286 + {
1.287 + BIO_printf(bio_err, "Error getting password\n");
1.288 + goto end;
1.289 + }
1.290 +
1.291 + if ((in == NULL) || (bmd == NULL))
1.292 + {
1.293 + ERR_print_errors(bio_err);
1.294 + goto end;
1.295 + }
1.296 +
1.297 + if(out_bin == -1) {
1.298 + if(keyfile) out_bin = 1;
1.299 + else out_bin = 0;
1.300 + }
1.301 +
1.302 + if(randfile)
1.303 + app_RAND_load_file(randfile, bio_err, 0);
1.304 +
1.305 + if(outfile) {
1.306 + if(out_bin)
1.307 + out = BIO_new_file(outfile, "wb");
1.308 + else out = BIO_new_file(outfile, "w");
1.309 + } else {
1.310 +
1.311 + out = BIO_new_fp(stdout, BIO_NOCLOSE);
1.312 +#ifdef OPENSSL_SYS_VMS
1.313 + {
1.314 + BIO *tmpbio = BIO_new(BIO_f_linebuffer());
1.315 + out = BIO_push(tmpbio, out);
1.316 + }
1.317 +#endif
1.318 + }
1.319 +
1.320 + if(!out) {
1.321 + BIO_printf(bio_err, "Error opening output file %s\n",
1.322 + outfile ? outfile : "(stdout)");
1.323 + ERR_print_errors(bio_err);
1.324 + goto end;
1.325 + }
1.326 +
1.327 + if(keyfile)
1.328 + {
1.329 + if (want_pub)
1.330 + sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
1.331 + e, "key file");
1.332 + else
1.333 + sigkey = load_key(bio_err, keyfile, keyform, 0, passin,
1.334 + e, "key file");
1.335 + if (!sigkey)
1.336 + {
1.337 + /* load_[pub]key() has already printed an appropriate
1.338 + message */
1.339 + goto end;
1.340 + }
1.341 + }
1.342 +
1.343 + if(sigfile && sigkey) {
1.344 + BIO *sigbio;
1.345 + sigbio = BIO_new_file(sigfile, "rb");
1.346 + siglen = EVP_PKEY_size(sigkey);
1.347 + sigbuf = OPENSSL_malloc(siglen);
1.348 + if(!sigbio) {
1.349 + BIO_printf(bio_err, "Error opening signature file %s\n",
1.350 + sigfile);
1.351 + ERR_print_errors(bio_err);
1.352 + goto end;
1.353 + }
1.354 + siglen = BIO_read(sigbio, sigbuf, siglen);
1.355 + BIO_free(sigbio);
1.356 + if(siglen <= 0) {
1.357 + BIO_printf(bio_err, "Error reading signature file %s\n",
1.358 + sigfile);
1.359 + ERR_print_errors(bio_err);
1.360 + goto end;
1.361 + }
1.362 + }
1.363 +
1.364 +
1.365 +
1.366 + /* we use md as a filter, reading from 'in' */
1.367 + if (!BIO_set_md(bmd,md))
1.368 + {
1.369 + BIO_printf(bio_err, "Error setting digest %s\n", pname);
1.370 + ERR_print_errors(bio_err);
1.371 + goto end;
1.372 + }
1.373 +
1.374 + inp=BIO_push(bmd,in);
1.375 +
1.376 + if (argc == 0)
1.377 + {
1.378 +
1.379 + BIO_set_fp(in,stdin,BIO_NOCLOSE);
1.380 + err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
1.381 + siglen,"","(stdin)",bmd,hmac_key);
1.382 + }
1.383 + else
1.384 + {
1.385 + name=OBJ_nid2sn(md->type);
1.386 + for (i=0; i<argc; i++)
1.387 + {
1.388 + char *tmp,*tofree=NULL;
1.389 + int r;
1.390 +
1.391 + if (BIO_read_filename(in,argv[i]) <= 0)
1.392 + {
1.393 + perror(argv[i]);
1.394 + err++;
1.395 + continue;
1.396 + }
1.397 + if(!out_bin)
1.398 + {
1.399 + size_t len = strlen(name)+strlen(argv[i])+(hmac_key ? 5 : 0)+5;
1.400 + tmp=tofree=OPENSSL_malloc(len);
1.401 + BIO_snprintf(tmp,len,"%s%s(%s)= ",
1.402 + hmac_key ? "HMAC-" : "",name,argv[i]);
1.403 + }
1.404 + else
1.405 + tmp="";
1.406 + r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
1.407 + siglen,tmp,argv[i],bmd,hmac_key);
1.408 + if(r)
1.409 + err=r;
1.410 + if(tofree)
1.411 + OPENSSL_free(tofree);
1.412 + (void)BIO_reset(bmd);
1.413 + }
1.414 + }
1.415 +end:
1.416 + if (buf != NULL)
1.417 + {
1.418 + OPENSSL_cleanse(buf,BUFSIZE);
1.419 + OPENSSL_free(buf);
1.420 + }
1.421 + if (in != NULL) BIO_free(in);
1.422 + if (passin)
1.423 + OPENSSL_free(passin);
1.424 + BIO_free_all(out);
1.425 + EVP_PKEY_free(sigkey);
1.426 + if(sigbuf) OPENSSL_free(sigbuf);
1.427 + if (bmd != NULL) BIO_free(bmd);
1.428 + apps_shutdown();
1.429 + OPENSSL_EXIT(err);
1.430 + }
1.431 +
1.432 +int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
1.433 + EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
1.434 + const char *file,BIO *bmd,const char *hmac_key)
1.435 + {
1.436 + unsigned int len;
1.437 + int i;
1.438 + EVP_MD_CTX *md_ctx;
1.439 + HMAC_CTX hmac_ctx;
1.440 +
1.441 + if (hmac_key)
1.442 + {
1.443 + EVP_MD *md;
1.444 +
1.445 + BIO_get_md(bmd,&md);
1.446 + HMAC_CTX_init(&hmac_ctx);
1.447 + HMAC_Init_ex(&hmac_ctx,hmac_key,strlen(hmac_key),md, NULL);
1.448 + BIO_get_md_ctx(bmd,&md_ctx);
1.449 + BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx);
1.450 + }
1.451 + for (;;)
1.452 + {
1.453 + i=BIO_read(bp,(char *)buf,BUFSIZE);
1.454 + if(i < 0)
1.455 + {
1.456 + BIO_printf(bio_err, "Read Error in %s\n",file);
1.457 + ERR_print_errors(bio_err);
1.458 + return 1;
1.459 + }
1.460 + if (i == 0) break;
1.461 + }
1.462 + if(sigin)
1.463 + {
1.464 + EVP_MD_CTX *ctx;
1.465 + BIO_get_md_ctx(bp, &ctx);
1.466 + i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key);
1.467 + if(i > 0)
1.468 + BIO_printf(out, "Verified OK\n");
1.469 + else if(i == 0)
1.470 + {
1.471 + BIO_printf(out, "Verification Failure\n");
1.472 + return 1;
1.473 + }
1.474 + else
1.475 + {
1.476 + BIO_printf(bio_err, "Error Verifying Data\n");
1.477 + ERR_print_errors(bio_err);
1.478 + return 1;
1.479 + }
1.480 + return 0;
1.481 + }
1.482 + if(key)
1.483 + {
1.484 + EVP_MD_CTX *ctx;
1.485 + BIO_get_md_ctx(bp, &ctx);
1.486 + if(!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key))
1.487 + {
1.488 + BIO_printf(bio_err, "Error Signing Data\n");
1.489 + ERR_print_errors(bio_err);
1.490 + return 1;
1.491 + }
1.492 + }
1.493 + else if(hmac_key)
1.494 + {
1.495 + HMAC_Final(&hmac_ctx,buf,&len);
1.496 + HMAC_CTX_cleanup(&hmac_ctx);
1.497 + }
1.498 + else
1.499 + len=BIO_gets(bp,(char *)buf,BUFSIZE);
1.500 +
1.501 + if(binout) BIO_write(out, buf, len);
1.502 + else
1.503 + {
1.504 + BIO_write(out,title,strlen(title));
1.505 + for (i=0; i<(int)len; i++)
1.506 + {
1.507 + if (sep && (i != 0))
1.508 + BIO_printf(out, ":");
1.509 + BIO_printf(out, "%02x",buf[i]);
1.510 + }
1.511 + BIO_printf(out, "\n");
1.512 + }
1.513 + if (hmac_key)
1.514 + {
1.515 + BIO_set_md_ctx(bmd,md_ctx);
1.516 + }
1.517 + return 0;
1.518 + }
1.519 +