dgst.c revision 167612
1/* apps/dgst.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59#include <stdio.h> 60#include <string.h> 61#include <stdlib.h> 62#include "apps.h" 63#include <openssl/bio.h> 64#include <openssl/err.h> 65#include <openssl/evp.h> 66#include <openssl/objects.h> 67#include <openssl/x509.h> 68#include <openssl/pem.h> 69#include <openssl/hmac.h> 70 71#undef BUFSIZE 72#define BUFSIZE 1024*8 73 74#undef PROG 75#define PROG dgst_main 76 77int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, 78 EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, 79 const char *file,BIO *bmd,const char *hmac_key); 80 81int MAIN(int, char **); 82 83int MAIN(int argc, char **argv) 84 { 85 ENGINE *e = NULL; 86 unsigned char *buf=NULL; 87 int i,err=0; 88 const EVP_MD *md=NULL,*m; 89 BIO *in=NULL,*inp; 90 BIO *bmd=NULL; 91 BIO *out = NULL; 92 const char *name; 93#define PROG_NAME_SIZE 39 94 char pname[PROG_NAME_SIZE+1]; 95 int separator=0; 96 int debug=0; 97 int keyform=FORMAT_PEM; 98 const char *outfile = NULL, *keyfile = NULL; 99 const char *sigfile = NULL, *randfile = NULL; 100 int out_bin = -1, want_pub = 0, do_verify = 0; 101 EVP_PKEY *sigkey = NULL; 102 unsigned char *sigbuf = NULL; 103 int siglen = 0; 104 char *passargin = NULL, *passin = NULL; 105#ifndef OPENSSL_NO_ENGINE 106 char *engine=NULL; 107#endif 108 char *hmac_key=NULL; 109 110 apps_startup(); 111 112 if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) 113 { 114 BIO_printf(bio_err,"out of memory\n"); 115 goto end; 116 } 117 if (bio_err == NULL) 118 if ((bio_err=BIO_new(BIO_s_file())) != NULL) 119 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); 120 121 if (!load_config(bio_err, NULL)) 122 goto end; 123 124 /* first check the program name */ 125 program_name(argv[0],pname,sizeof pname); 126 127 md=EVP_get_digestbyname(pname); 128 129 argc--; 130 argv++; 131 while (argc > 0) 132 { 133 if ((*argv)[0] != '-') break; 134 if (strcmp(*argv,"-c") == 0) 135 separator=1; 136 else if (strcmp(*argv,"-rand") == 0) 137 { 138 if (--argc < 1) break; 139 randfile=*(++argv); 140 } 141 else if (strcmp(*argv,"-out") == 0) 142 { 143 if (--argc < 1) break; 144 outfile=*(++argv); 145 } 146 else if (strcmp(*argv,"-sign") == 0) 147 { 148 if (--argc < 1) break; 149 keyfile=*(++argv); 150 } 151 else if (!strcmp(*argv,"-passin")) 152 { 153 if (--argc < 1) 154 break; 155 passargin=*++argv; 156 } 157 else if (strcmp(*argv,"-verify") == 0) 158 { 159 if (--argc < 1) break; 160 keyfile=*(++argv); 161 want_pub = 1; 162 do_verify = 1; 163 } 164 else if (strcmp(*argv,"-prverify") == 0) 165 { 166 if (--argc < 1) break; 167 keyfile=*(++argv); 168 do_verify = 1; 169 } 170 else if (strcmp(*argv,"-signature") == 0) 171 { 172 if (--argc < 1) break; 173 sigfile=*(++argv); 174 } 175 else if (strcmp(*argv,"-keyform") == 0) 176 { 177 if (--argc < 1) break; 178 keyform=str2fmt(*(++argv)); 179 } 180#ifndef OPENSSL_NO_ENGINE 181 else if (strcmp(*argv,"-engine") == 0) 182 { 183 if (--argc < 1) break; 184 engine= *(++argv); 185 } 186#endif 187 else if (strcmp(*argv,"-hex") == 0) 188 out_bin = 0; 189 else if (strcmp(*argv,"-binary") == 0) 190 out_bin = 1; 191 else if (strcmp(*argv,"-d") == 0) 192 debug=1; 193 else if (!strcmp(*argv,"-hmac")) 194 { 195 if (--argc < 1) 196 break; 197 hmac_key=*++argv; 198 } 199 else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL) 200 md=m; 201 else 202 break; 203 argc--; 204 argv++; 205 } 206 207 if (md == NULL) 208 md=EVP_md5(); 209 210 if(do_verify && !sigfile) { 211 BIO_printf(bio_err, "No signature to verify: use the -signature option\n"); 212 err = 1; 213 goto end; 214 } 215 216 if ((argc > 0) && (argv[0][0] == '-')) /* bad option */ 217 { 218 BIO_printf(bio_err,"unknown option '%s'\n",*argv); 219 BIO_printf(bio_err,"options are\n"); 220 BIO_printf(bio_err,"-c to output the digest with separating colons\n"); 221 BIO_printf(bio_err,"-d to output debug info\n"); 222 BIO_printf(bio_err,"-hex output as hex dump\n"); 223 BIO_printf(bio_err,"-binary output in binary form\n"); 224 BIO_printf(bio_err,"-sign file sign digest using private key in file\n"); 225 BIO_printf(bio_err,"-verify file verify a signature using public key in file\n"); 226 BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n"); 227 BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n"); 228 BIO_printf(bio_err,"-signature file signature to verify\n"); 229 BIO_printf(bio_err,"-binary output in binary form\n"); 230#ifndef OPENSSL_NO_ENGINE 231 BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); 232#endif 233 234 BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n", 235 LN_md5,LN_md5); 236 BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", 237 LN_md4,LN_md4); 238 BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", 239 LN_md2,LN_md2); 240#ifndef OPENSSL_NO_SHA 241 BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", 242 LN_sha1,LN_sha1); 243 BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", 244 LN_sha,LN_sha); 245#ifndef OPENSSL_NO_SHA256 246 BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", 247 LN_sha256,LN_sha256); 248#endif 249#ifndef OPENSSL_NO_SHA512 250 BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", 251 LN_sha512,LN_sha512); 252#endif 253#endif 254 BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", 255 LN_mdc2,LN_mdc2); 256 BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", 257 LN_ripemd160,LN_ripemd160); 258 err=1; 259 goto end; 260 } 261 262#ifndef OPENSSL_NO_ENGINE 263 e = setup_engine(bio_err, engine, 0); 264#endif 265 266 in=BIO_new(BIO_s_file()); 267 bmd=BIO_new(BIO_f_md()); 268 if (debug) 269 { 270 BIO_set_callback(in,BIO_debug_callback); 271 /* needed for windows 3.1 */ 272 BIO_set_callback_arg(in,(char *)bio_err); 273 } 274 275 if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) 276 { 277 BIO_printf(bio_err, "Error getting password\n"); 278 goto end; 279 } 280 281 if ((in == NULL) || (bmd == NULL)) 282 { 283 ERR_print_errors(bio_err); 284 goto end; 285 } 286 287 if(out_bin == -1) { 288 if(keyfile) out_bin = 1; 289 else out_bin = 0; 290 } 291 292 if(randfile) 293 app_RAND_load_file(randfile, bio_err, 0); 294 295 if(outfile) { 296 if(out_bin) 297 out = BIO_new_file(outfile, "wb"); 298 else out = BIO_new_file(outfile, "w"); 299 } else { 300 out = BIO_new_fp(stdout, BIO_NOCLOSE); 301#ifdef OPENSSL_SYS_VMS 302 { 303 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 304 out = BIO_push(tmpbio, out); 305 } 306#endif 307 } 308 309 if(!out) { 310 BIO_printf(bio_err, "Error opening output file %s\n", 311 outfile ? outfile : "(stdout)"); 312 ERR_print_errors(bio_err); 313 goto end; 314 } 315 316 if(keyfile) 317 { 318 if (want_pub) 319 sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL, 320 e, "key file"); 321 else 322 sigkey = load_key(bio_err, keyfile, keyform, 0, passin, 323 e, "key file"); 324 if (!sigkey) 325 { 326 /* load_[pub]key() has already printed an appropriate 327 message */ 328 goto end; 329 } 330 } 331 332 if(sigfile && sigkey) { 333 BIO *sigbio; 334 sigbio = BIO_new_file(sigfile, "rb"); 335 siglen = EVP_PKEY_size(sigkey); 336 sigbuf = OPENSSL_malloc(siglen); 337 if(!sigbio) { 338 BIO_printf(bio_err, "Error opening signature file %s\n", 339 sigfile); 340 ERR_print_errors(bio_err); 341 goto end; 342 } 343 siglen = BIO_read(sigbio, sigbuf, siglen); 344 BIO_free(sigbio); 345 if(siglen <= 0) { 346 BIO_printf(bio_err, "Error reading signature file %s\n", 347 sigfile); 348 ERR_print_errors(bio_err); 349 goto end; 350 } 351 } 352 353 354 355 /* we use md as a filter, reading from 'in' */ 356 if (!BIO_set_md(bmd,md)) 357 { 358 BIO_printf(bio_err, "Error setting digest %s\n", pname); 359 ERR_print_errors(bio_err); 360 goto end; 361 } 362 363 inp=BIO_push(bmd,in); 364 365 if (argc == 0) 366 { 367 BIO_set_fp(in,stdin,BIO_NOCLOSE); 368 err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, 369 siglen,"","(stdin)",bmd,hmac_key); 370 } 371 else 372 { 373 name=OBJ_nid2sn(md->type); 374 for (i=0; i<argc; i++) 375 { 376 char *tmp,*tofree=NULL; 377 int r; 378 379 if (BIO_read_filename(in,argv[i]) <= 0) 380 { 381 perror(argv[i]); 382 err++; 383 continue; 384 } 385 if(!out_bin) 386 { 387 size_t len = strlen(name)+strlen(argv[i])+(hmac_key ? 5 : 0)+5; 388 tmp=tofree=OPENSSL_malloc(len); 389 BIO_snprintf(tmp,len,"%s%s(%s)= ", 390 hmac_key ? "HMAC-" : "",name,argv[i]); 391 } 392 else 393 tmp=""; 394 r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf, 395 siglen,tmp,argv[i],bmd,hmac_key); 396 if(r) 397 err=r; 398 if(tofree) 399 OPENSSL_free(tofree); 400 (void)BIO_reset(bmd); 401 } 402 } 403end: 404 if (buf != NULL) 405 { 406 OPENSSL_cleanse(buf,BUFSIZE); 407 OPENSSL_free(buf); 408 } 409 if (in != NULL) BIO_free(in); 410 if (passin) 411 OPENSSL_free(passin); 412 BIO_free_all(out); 413 EVP_PKEY_free(sigkey); 414 if(sigbuf) OPENSSL_free(sigbuf); 415 if (bmd != NULL) BIO_free(bmd); 416 apps_shutdown(); 417 OPENSSL_EXIT(err); 418 } 419 420int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, 421 EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, 422 const char *file,BIO *bmd,const char *hmac_key) 423 { 424 unsigned int len; 425 int i; 426 EVP_MD_CTX *md_ctx; 427 HMAC_CTX hmac_ctx; 428 429 if (hmac_key) 430 { 431 EVP_MD *md; 432 433 BIO_get_md(bmd,&md); 434 HMAC_CTX_init(&hmac_ctx); 435 HMAC_Init_ex(&hmac_ctx,hmac_key,strlen(hmac_key),md, NULL); 436 BIO_get_md_ctx(bmd,&md_ctx); 437 BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx); 438 } 439 for (;;) 440 { 441 i=BIO_read(bp,(char *)buf,BUFSIZE); 442 if(i < 0) 443 { 444 BIO_printf(bio_err, "Read Error in %s\n",file); 445 ERR_print_errors(bio_err); 446 return 1; 447 } 448 if (i == 0) break; 449 } 450 if(sigin) 451 { 452 EVP_MD_CTX *ctx; 453 BIO_get_md_ctx(bp, &ctx); 454 i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key); 455 if(i > 0) 456 BIO_printf(out, "Verified OK\n"); 457 else if(i == 0) 458 { 459 BIO_printf(out, "Verification Failure\n"); 460 return 1; 461 } 462 else 463 { 464 BIO_printf(bio_err, "Error Verifying Data\n"); 465 ERR_print_errors(bio_err); 466 return 1; 467 } 468 return 0; 469 } 470 if(key) 471 { 472 EVP_MD_CTX *ctx; 473 BIO_get_md_ctx(bp, &ctx); 474 if(!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key)) 475 { 476 BIO_printf(bio_err, "Error Signing Data\n"); 477 ERR_print_errors(bio_err); 478 return 1; 479 } 480 } 481 else if(hmac_key) 482 { 483 HMAC_Final(&hmac_ctx,buf,&len); 484 HMAC_CTX_cleanup(&hmac_ctx); 485 } 486 else 487 len=BIO_gets(bp,(char *)buf,BUFSIZE); 488 489 if(binout) BIO_write(out, buf, len); 490 else 491 { 492 BIO_write(out,title,strlen(title)); 493 for (i=0; i<(int)len; i++) 494 { 495 if (sep && (i != 0)) 496 BIO_printf(out, ":"); 497 BIO_printf(out, "%02x",buf[i]); 498 } 499 BIO_printf(out, "\n"); 500 } 501 if (hmac_key) 502 { 503 BIO_set_md_ctx(bmd,md_ctx); 504 } 505 return 0; 506 } 507 508