summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/usr.bin/openssl/dgst.c185
1 files changed, 99 insertions, 86 deletions
diff --git a/src/usr.bin/openssl/dgst.c b/src/usr.bin/openssl/dgst.c
index 5456a6c701..3ec19cc04e 100644
--- a/src/usr.bin/openssl/dgst.c
+++ b/src/usr.bin/openssl/dgst.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dgst.c,v 1.13 2019/01/18 23:33:57 naddy Exp $ */ 1/* $OpenBSD: dgst.c,v 1.14 2019/07/29 10:06:55 inoguchi Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -78,6 +78,26 @@ do_fp(BIO * out, unsigned char *buf, BIO * bp, int sep, int binout,
78 const char *sig_name, const char *md_name, 78 const char *sig_name, const char *md_name,
79 const char *file, BIO * bmd); 79 const char *file, BIO * bmd);
80 80
81static struct {
82 int argsused;
83 int debug;
84 int do_verify;
85 char *hmac_key;
86 char *keyfile;
87 int keyform;
88 const EVP_MD *m;
89 char *mac_name;
90 STACK_OF(OPENSSL_STRING) *macopts;
91 const EVP_MD *md;
92 int out_bin;
93 char *outfile;
94 char *passargin;
95 int separator;
96 char *sigfile;
97 STACK_OF(OPENSSL_STRING) *sigopts;
98 int want_pub;
99} dgst_config;
100
81static void 101static void
82list_md_fn(const EVP_MD * m, const char *from, const char *to, void *arg) 102list_md_fn(const EVP_MD * m, const char *from, const char *to, void *arg)
83{ 103{
@@ -103,25 +123,15 @@ dgst_main(int argc, char **argv)
103{ 123{
104 unsigned char *buf = NULL; 124 unsigned char *buf = NULL;
105 int i, err = 1; 125 int i, err = 1;
106 const EVP_MD *md = NULL, *m;
107 BIO *in = NULL, *inp; 126 BIO *in = NULL, *inp;
108 BIO *bmd = NULL; 127 BIO *bmd = NULL;
109 BIO *out = NULL; 128 BIO *out = NULL;
110#define PROG_NAME_SIZE 39 129#define PROG_NAME_SIZE 39
111 char pname[PROG_NAME_SIZE + 1]; 130 char pname[PROG_NAME_SIZE + 1];
112 int separator = 0;
113 int debug = 0;
114 int keyform = FORMAT_PEM;
115 const char *outfile = NULL, *keyfile = NULL;
116 const char *sigfile = NULL;
117 int out_bin = -1, want_pub = 0, do_verify = 0;
118 EVP_PKEY *sigkey = NULL; 131 EVP_PKEY *sigkey = NULL;
119 unsigned char *sigbuf = NULL; 132 unsigned char *sigbuf = NULL;
120 int siglen = 0; 133 int siglen = 0;
121 char *passargin = NULL, *passin = NULL; 134 char *passin = NULL;
122 char *hmac_key = NULL;
123 char *mac_name = NULL;
124 STACK_OF(OPENSSL_STRING) * sigopts = NULL, *macopts = NULL;
125 135
126 if (single_execution) { 136 if (single_execution) {
127 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 137 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
@@ -135,10 +145,14 @@ dgst_main(int argc, char **argv)
135 goto end; 145 goto end;
136 } 146 }
137 147
148 memset(&dgst_config, 0, sizeof(dgst_config));
149 dgst_config.keyform = FORMAT_PEM;
150 dgst_config.out_bin = -1;
151
138 /* first check the program name */ 152 /* first check the program name */
139 program_name(argv[0], pname, sizeof pname); 153 program_name(argv[0], pname, sizeof pname);
140 154
141 md = EVP_get_digestbyname(pname); 155 dgst_config.md = EVP_get_digestbyname(pname);
142 156
143 argc--; 157 argc--;
144 argv++; 158 argv++;
@@ -146,79 +160,78 @@ dgst_main(int argc, char **argv)
146 if ((*argv)[0] != '-') 160 if ((*argv)[0] != '-')
147 break; 161 break;
148 if (strcmp(*argv, "-c") == 0) 162 if (strcmp(*argv, "-c") == 0)
149 separator = 1; 163 dgst_config.separator = 1;
150 else if (strcmp(*argv, "-r") == 0) 164 else if (strcmp(*argv, "-r") == 0)
151 separator = 2; 165 dgst_config.separator = 2;
152 else if (strcmp(*argv, "-out") == 0) { 166 else if (strcmp(*argv, "-out") == 0) {
153 if (--argc < 1) 167 if (--argc < 1)
154 break; 168 break;
155 outfile = *(++argv); 169 dgst_config.outfile = *(++argv);
156 } else if (strcmp(*argv, "-sign") == 0) { 170 } else if (strcmp(*argv, "-sign") == 0) {
157 if (--argc < 1) 171 if (--argc < 1)
158 break; 172 break;
159 keyfile = *(++argv); 173 dgst_config.keyfile = *(++argv);
160 } else if (!strcmp(*argv, "-passin")) { 174 } else if (!strcmp(*argv, "-passin")) {
161 if (--argc < 1) 175 if (--argc < 1)
162 break; 176 break;
163 passargin = *++argv; 177 dgst_config.passargin = *++argv;
164 } else if (strcmp(*argv, "-verify") == 0) { 178 } else if (strcmp(*argv, "-verify") == 0) {
165 if (--argc < 1) 179 if (--argc < 1)
166 break; 180 break;
167 keyfile = *(++argv); 181 dgst_config.keyfile = *(++argv);
168 want_pub = 1; 182 dgst_config.want_pub = 1;
169 do_verify = 1; 183 dgst_config.do_verify = 1;
170 } else if (strcmp(*argv, "-prverify") == 0) { 184 } else if (strcmp(*argv, "-prverify") == 0) {
171 if (--argc < 1) 185 if (--argc < 1)
172 break; 186 break;
173 keyfile = *(++argv); 187 dgst_config.keyfile = *(++argv);
174 do_verify = 1; 188 dgst_config.do_verify = 1;
175 } else if (strcmp(*argv, "-signature") == 0) { 189 } else if (strcmp(*argv, "-signature") == 0) {
176 if (--argc < 1) 190 if (--argc < 1)
177 break; 191 break;
178 sigfile = *(++argv); 192 dgst_config.sigfile = *(++argv);
179 } else if (strcmp(*argv, "-keyform") == 0) { 193 } else if (strcmp(*argv, "-keyform") == 0) {
180 if (--argc < 1) 194 if (--argc < 1)
181 break; 195 break;
182 keyform = str2fmt(*(++argv)); 196 dgst_config.keyform = str2fmt(*(++argv));
183 } 197 }
184 else if (strcmp(*argv, "-hex") == 0) 198 else if (strcmp(*argv, "-hex") == 0)
185 out_bin = 0; 199 dgst_config.out_bin = 0;
186 else if (strcmp(*argv, "-binary") == 0) 200 else if (strcmp(*argv, "-binary") == 0)
187 out_bin = 1; 201 dgst_config.out_bin = 1;
188 else if (strcmp(*argv, "-d") == 0) 202 else if (strcmp(*argv, "-d") == 0)
189 debug = 1; 203 dgst_config.debug = 1;
190 else if (!strcmp(*argv, "-hmac")) { 204 else if (!strcmp(*argv, "-hmac")) {
191 if (--argc < 1) 205 if (--argc < 1)
192 break; 206 break;
193 hmac_key = *++argv; 207 dgst_config.hmac_key = *++argv;
194 } else if (!strcmp(*argv, "-mac")) { 208 } else if (!strcmp(*argv, "-mac")) {
195 if (--argc < 1) 209 if (--argc < 1)
196 break; 210 break;
197 mac_name = *++argv; 211 dgst_config.mac_name = *++argv;
198 } else if (strcmp(*argv, "-sigopt") == 0) { 212 } else if (strcmp(*argv, "-sigopt") == 0) {
199 if (--argc < 1) 213 if (--argc < 1)
200 break; 214 break;
201 if (!sigopts) 215 if (!dgst_config.sigopts)
202 sigopts = sk_OPENSSL_STRING_new_null(); 216 dgst_config.sigopts = sk_OPENSSL_STRING_new_null();
203 if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv))) 217 if (!dgst_config.sigopts || !sk_OPENSSL_STRING_push(dgst_config.sigopts, *(++argv)))
204 break; 218 break;
205 } else if (strcmp(*argv, "-macopt") == 0) { 219 } else if (strcmp(*argv, "-macopt") == 0) {
206 if (--argc < 1) 220 if (--argc < 1)
207 break; 221 break;
208 if (!macopts) 222 if (!dgst_config.macopts)
209 macopts = sk_OPENSSL_STRING_new_null(); 223 dgst_config.macopts = sk_OPENSSL_STRING_new_null();
210 if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv))) 224 if (!dgst_config.macopts || !sk_OPENSSL_STRING_push(dgst_config.macopts, *(++argv)))
211 break; 225 break;
212 } else if ((m = EVP_get_digestbyname(&((*argv)[1]))) != NULL) 226 } else if ((dgst_config.m = EVP_get_digestbyname(&((*argv)[1]))) != NULL)
213 md = m; 227 dgst_config.md = dgst_config.m;
214 else 228 else
215 break; 229 break;
216 argc--; 230 argc--;
217 argv++; 231 argv++;
218 } 232 }
219 233
220 234 if (dgst_config.do_verify && !dgst_config.sigfile) {
221 if (do_verify && !sigfile) {
222 BIO_printf(bio_err, "No signature to verify: use the -signature option\n"); 235 BIO_printf(bio_err, "No signature to verify: use the -signature option\n");
223 goto end; 236 goto end;
224 } 237 }
@@ -252,47 +265,47 @@ dgst_main(int argc, char **argv)
252 goto end; 265 goto end;
253 } 266 }
254 267
255 if (debug) { 268 if (dgst_config.debug) {
256 BIO_set_callback(in, BIO_debug_callback); 269 BIO_set_callback(in, BIO_debug_callback);
257 /* needed for windows 3.1 */ 270 /* needed for windows 3.1 */
258 BIO_set_callback_arg(in, (char *) bio_err); 271 BIO_set_callback_arg(in, (char *) bio_err);
259 } 272 }
260 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { 273 if (!app_passwd(bio_err, dgst_config.passargin, NULL, &passin, NULL)) {
261 BIO_printf(bio_err, "Error getting password\n"); 274 BIO_printf(bio_err, "Error getting password\n");
262 goto end; 275 goto end;
263 } 276 }
264 if (out_bin == -1) { 277 if (dgst_config.out_bin == -1) {
265 if (keyfile) 278 if (dgst_config.keyfile)
266 out_bin = 1; 279 dgst_config.out_bin = 1;
267 else 280 else
268 out_bin = 0; 281 dgst_config.out_bin = 0;
269 } 282 }
270 283
271 if (outfile) { 284 if (dgst_config.outfile) {
272 if (out_bin) 285 if (dgst_config.out_bin)
273 out = BIO_new_file(outfile, "wb"); 286 out = BIO_new_file(dgst_config.outfile, "wb");
274 else 287 else
275 out = BIO_new_file(outfile, "w"); 288 out = BIO_new_file(dgst_config.outfile, "w");
276 } else { 289 } else {
277 out = BIO_new_fp(stdout, BIO_NOCLOSE); 290 out = BIO_new_fp(stdout, BIO_NOCLOSE);
278 } 291 }
279 292
280 if (!out) { 293 if (!out) {
281 BIO_printf(bio_err, "Error opening output file %s\n", 294 BIO_printf(bio_err, "Error opening output file %s\n",
282 outfile ? outfile : "(stdout)"); 295 dgst_config.outfile ? dgst_config.outfile : "(stdout)");
283 ERR_print_errors(bio_err); 296 ERR_print_errors(bio_err);
284 goto end; 297 goto end;
285 } 298 }
286 if ((!!mac_name + !!keyfile + !!hmac_key) > 1) { 299 if ((!!dgst_config.mac_name + !!dgst_config.keyfile + !!dgst_config.hmac_key) > 1) {
287 BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n"); 300 BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
288 goto end; 301 goto end;
289 } 302 }
290 if (keyfile) { 303 if (dgst_config.keyfile) {
291 if (want_pub) 304 if (dgst_config.want_pub)
292 sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL, 305 sigkey = load_pubkey(bio_err, dgst_config.keyfile, dgst_config.keyform, 0, NULL,
293 "key file"); 306 "key file");
294 else 307 else
295 sigkey = load_key(bio_err, keyfile, keyform, 0, passin, 308 sigkey = load_key(bio_err, dgst_config.keyfile, dgst_config.keyform, 0, passin,
296 "key file"); 309 "key file");
297 if (!sigkey) { 310 if (!sigkey) {
298 /* 311 /*
@@ -302,15 +315,15 @@ dgst_main(int argc, char **argv)
302 goto end; 315 goto end;
303 } 316 }
304 } 317 }
305 if (mac_name) { 318 if (dgst_config.mac_name) {
306 EVP_PKEY_CTX *mac_ctx = NULL; 319 EVP_PKEY_CTX *mac_ctx = NULL;
307 int r = 0; 320 int r = 0;
308 if (!init_gen_str(bio_err, &mac_ctx, mac_name, 0)) 321 if (!init_gen_str(bio_err, &mac_ctx, dgst_config.mac_name, 0))
309 goto mac_end; 322 goto mac_end;
310 if (macopts) { 323 if (dgst_config.macopts) {
311 char *macopt; 324 char *macopt;
312 for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) { 325 for (i = 0; i < sk_OPENSSL_STRING_num(dgst_config.macopts); i++) {
313 macopt = sk_OPENSSL_STRING_value(macopts, i); 326 macopt = sk_OPENSSL_STRING_value(dgst_config.macopts, i);
314 if (pkey_ctrl_string(mac_ctx, macopt) <= 0) { 327 if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
315 BIO_printf(bio_err, 328 BIO_printf(bio_err,
316 "MAC parameter error \"%s\"\n", 329 "MAC parameter error \"%s\"\n",
@@ -332,9 +345,9 @@ mac_end:
332 if (r == 0) 345 if (r == 0)
333 goto end; 346 goto end;
334 } 347 }
335 if (hmac_key) { 348 if (dgst_config.hmac_key) {
336 sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, 349 sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
337 (unsigned char *) hmac_key, -1); 350 (unsigned char *) dgst_config.hmac_key, -1);
338 if (!sigkey) 351 if (!sigkey)
339 goto end; 352 goto end;
340 } 353 }
@@ -347,19 +360,19 @@ mac_end:
347 ERR_print_errors(bio_err); 360 ERR_print_errors(bio_err);
348 goto end; 361 goto end;
349 } 362 }
350 if (do_verify) 363 if (dgst_config.do_verify)
351 r = EVP_DigestVerifyInit(mctx, &pctx, md, NULL, sigkey); 364 r = EVP_DigestVerifyInit(mctx, &pctx, dgst_config.md, NULL, sigkey);
352 else 365 else
353 r = EVP_DigestSignInit(mctx, &pctx, md, NULL, sigkey); 366 r = EVP_DigestSignInit(mctx, &pctx, dgst_config.md, NULL, sigkey);
354 if (!r) { 367 if (!r) {
355 BIO_printf(bio_err, "Error setting context\n"); 368 BIO_printf(bio_err, "Error setting context\n");
356 ERR_print_errors(bio_err); 369 ERR_print_errors(bio_err);
357 goto end; 370 goto end;
358 } 371 }
359 if (sigopts) { 372 if (dgst_config.sigopts) {
360 char *sigopt; 373 char *sigopt;
361 for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) { 374 for (i = 0; i < sk_OPENSSL_STRING_num(dgst_config.sigopts); i++) {
362 sigopt = sk_OPENSSL_STRING_value(sigopts, i); 375 sigopt = sk_OPENSSL_STRING_value(dgst_config.sigopts, i);
363 if (pkey_ctrl_string(pctx, sigopt) <= 0) { 376 if (pkey_ctrl_string(pctx, sigopt) <= 0) {
364 BIO_printf(bio_err, 377 BIO_printf(bio_err,
365 "parameter error \"%s\"\n", 378 "parameter error \"%s\"\n",
@@ -372,16 +385,16 @@ mac_end:
372 } 385 }
373 /* we use md as a filter, reading from 'in' */ 386 /* we use md as a filter, reading from 'in' */
374 else { 387 else {
375 if (md == NULL) 388 if (dgst_config.md == NULL)
376 md = EVP_sha256(); 389 dgst_config.md = EVP_sha256();
377 if (!BIO_set_md(bmd, md)) { 390 if (!BIO_set_md(bmd, dgst_config.md)) {
378 BIO_printf(bio_err, "Error setting digest %s\n", pname); 391 BIO_printf(bio_err, "Error setting digest %s\n", pname);
379 ERR_print_errors(bio_err); 392 ERR_print_errors(bio_err);
380 goto end; 393 goto end;
381 } 394 }
382 } 395 }
383 396
384 if (sigfile && sigkey) { 397 if (dgst_config.sigfile && sigkey) {
385 BIO *sigbio; 398 BIO *sigbio;
386 siglen = EVP_PKEY_size(sigkey); 399 siglen = EVP_PKEY_size(sigkey);
387 sigbuf = malloc(siglen); 400 sigbuf = malloc(siglen);
@@ -390,10 +403,10 @@ mac_end:
390 ERR_print_errors(bio_err); 403 ERR_print_errors(bio_err);
391 goto end; 404 goto end;
392 } 405 }
393 sigbio = BIO_new_file(sigfile, "rb"); 406 sigbio = BIO_new_file(dgst_config.sigfile, "rb");
394 if (!sigbio) { 407 if (!sigbio) {
395 BIO_printf(bio_err, "Error opening signature file %s\n", 408 BIO_printf(bio_err, "Error opening signature file %s\n",
396 sigfile); 409 dgst_config.sigfile);
397 ERR_print_errors(bio_err); 410 ERR_print_errors(bio_err);
398 goto end; 411 goto end;
399 } 412 }
@@ -401,25 +414,25 @@ mac_end:
401 BIO_free(sigbio); 414 BIO_free(sigbio);
402 if (siglen <= 0) { 415 if (siglen <= 0) {
403 BIO_printf(bio_err, "Error reading signature file %s\n", 416 BIO_printf(bio_err, "Error reading signature file %s\n",
404 sigfile); 417 dgst_config.sigfile);
405 ERR_print_errors(bio_err); 418 ERR_print_errors(bio_err);
406 goto end; 419 goto end;
407 } 420 }
408 } 421 }
409 inp = BIO_push(bmd, in); 422 inp = BIO_push(bmd, in);
410 423
411 if (md == NULL) { 424 if (dgst_config.md == NULL) {
412 EVP_MD_CTX *tctx; 425 EVP_MD_CTX *tctx;
413 BIO_get_md_ctx(bmd, &tctx); 426 BIO_get_md_ctx(bmd, &tctx);
414 md = EVP_MD_CTX_md(tctx); 427 dgst_config.md = EVP_MD_CTX_md(tctx);
415 } 428 }
416 if (argc == 0) { 429 if (argc == 0) {
417 BIO_set_fp(in, stdin, BIO_NOCLOSE); 430 BIO_set_fp(in, stdin, BIO_NOCLOSE);
418 err = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf, 431 err = do_fp(out, buf, inp, dgst_config.separator, dgst_config.out_bin, sigkey, sigbuf,
419 siglen, NULL, NULL, "stdin", bmd); 432 siglen, NULL, NULL, "stdin", bmd);
420 } else { 433 } else {
421 const char *md_name = NULL, *sig_name = NULL; 434 const char *md_name = NULL, *sig_name = NULL;
422 if (!out_bin) { 435 if (!dgst_config.out_bin) {
423 if (sigkey) { 436 if (sigkey) {
424 const EVP_PKEY_ASN1_METHOD *ameth; 437 const EVP_PKEY_ASN1_METHOD *ameth;
425 ameth = EVP_PKEY_get0_asn1(sigkey); 438 ameth = EVP_PKEY_get0_asn1(sigkey);
@@ -427,7 +440,7 @@ mac_end:
427 EVP_PKEY_asn1_get0_info(NULL, NULL, 440 EVP_PKEY_asn1_get0_info(NULL, NULL,
428 NULL, NULL, &sig_name, ameth); 441 NULL, NULL, &sig_name, ameth);
429 } 442 }
430 md_name = EVP_MD_name(md); 443 md_name = EVP_MD_name(dgst_config.md);
431 } 444 }
432 err = 0; 445 err = 0;
433 for (i = 0; i < argc; i++) { 446 for (i = 0; i < argc; i++) {
@@ -437,7 +450,7 @@ mac_end:
437 err++; 450 err++;
438 continue; 451 continue;
439 } else { 452 } else {
440 r = do_fp(out, buf, inp, separator, out_bin, 453 r = do_fp(out, buf, inp, dgst_config.separator, dgst_config.out_bin,
441 sigkey, sigbuf, siglen, sig_name, md_name, 454 sigkey, sigbuf, siglen, sig_name, md_name,
442 argv[i], bmd); 455 argv[i], bmd);
443 } 456 }
@@ -454,10 +467,10 @@ mac_end:
454 free(passin); 467 free(passin);
455 BIO_free_all(out); 468 BIO_free_all(out);
456 EVP_PKEY_free(sigkey); 469 EVP_PKEY_free(sigkey);
457 if (sigopts) 470 if (dgst_config.sigopts)
458 sk_OPENSSL_STRING_free(sigopts); 471 sk_OPENSSL_STRING_free(dgst_config.sigopts);
459 if (macopts) 472 if (dgst_config.macopts)
460 sk_OPENSSL_STRING_free(macopts); 473 sk_OPENSSL_STRING_free(dgst_config.macopts);
461 free(sigbuf); 474 free(sigbuf);
462 if (bmd != NULL) 475 if (bmd != NULL)
463 BIO_free(bmd); 476 BIO_free(bmd);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-30 08:08:43 +0000