=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/dgst.c,v retrieving revision 1.20 retrieving revision 1.21 diff -c -r1.20 -r1.21 *** src/usr.bin/openssl/dgst.c 2022/11/11 17:07:38 1.20 --- src/usr.bin/openssl/dgst.c 2023/03/06 14:32:05 1.21 *************** *** 1,4 **** ! /* $OpenBSD: dgst.c,v 1.20 2022/11/11 17:07:38 joshua Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * --- 1,4 ---- ! /* $OpenBSD: dgst.c,v 1.21 2023/03/06 14:32:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * *************** *** 96,102 **** char *sigfile; STACK_OF(OPENSSL_STRING) *sigopts; int want_pub; ! } dgst_config; static int dgst_opt_macopt(char *arg) --- 96,102 ---- char *sigfile; STACK_OF(OPENSSL_STRING) *sigopts; int want_pub; ! } cfg; static int dgst_opt_macopt(char *arg) *************** *** 104,114 **** if (arg == NULL) return (1); ! if (dgst_config.macopts == NULL && ! (dgst_config.macopts = sk_OPENSSL_STRING_new_null()) == NULL) return (1); ! if (!sk_OPENSSL_STRING_push(dgst_config.macopts, arg)) return (1); return (0); --- 104,114 ---- if (arg == NULL) return (1); ! if (cfg.macopts == NULL && ! (cfg.macopts = sk_OPENSSL_STRING_new_null()) == NULL) return (1); ! if (!sk_OPENSSL_STRING_push(cfg.macopts, arg)) return (1); return (0); *************** *** 122,131 **** if (*name++ != '-') return (1); ! if ((dgst_config.m = EVP_get_digestbyname(name)) == NULL) return (1); ! dgst_config.md = dgst_config.m; *argsused = 1; return (0); --- 122,131 ---- if (*name++ != '-') return (1); ! if ((cfg.m = EVP_get_digestbyname(name)) == NULL) return (1); ! cfg.md = cfg.m; *argsused = 1; return (0); *************** *** 137,144 **** if (arg == NULL) return (1); ! dgst_config.keyfile = arg; ! dgst_config.do_verify = 1; return (0); } --- 137,144 ---- if (arg == NULL) return (1); ! cfg.keyfile = arg; ! cfg.do_verify = 1; return (0); } *************** *** 148,158 **** if (arg == NULL) return (1); ! if (dgst_config.sigopts == NULL && ! (dgst_config.sigopts = sk_OPENSSL_STRING_new_null()) == NULL) return (1); ! if (!sk_OPENSSL_STRING_push(dgst_config.sigopts, arg)) return (1); return (0); --- 148,158 ---- if (arg == NULL) return (1); ! if (cfg.sigopts == NULL && ! (cfg.sigopts = sk_OPENSSL_STRING_new_null()) == NULL) return (1); ! if (!sk_OPENSSL_STRING_push(cfg.sigopts, arg)) return (1); return (0); *************** *** 164,172 **** if (arg == NULL) return (1); ! dgst_config.keyfile = arg; ! dgst_config.want_pub = 1; ! dgst_config.do_verify = 1; return (0); } --- 164,172 ---- if (arg == NULL) return (1); ! cfg.keyfile = arg; ! cfg.want_pub = 1; ! cfg.do_verify = 1; return (0); } *************** *** 175,201 **** .name = "binary", .desc = "Output the digest or signature in binary form", .type = OPTION_VALUE, ! .opt.value = &dgst_config.out_bin, .value = 1, }, { .name = "c", .desc = "Print the digest in two-digit groups separated by colons", .type = OPTION_VALUE, ! .opt.value = &dgst_config.separator, .value = 1, }, { .name = "d", .desc = "Print BIO debugging information", .type = OPTION_FLAG, ! .opt.flag = &dgst_config.debug, }, { .name = "hex", .desc = "Output as hex dump", .type = OPTION_VALUE, ! .opt.value = &dgst_config.out_bin, .value = 0, }, { --- 175,201 ---- .name = "binary", .desc = "Output the digest or signature in binary form", .type = OPTION_VALUE, ! .opt.value = &cfg.out_bin, .value = 1, }, { .name = "c", .desc = "Print the digest in two-digit groups separated by colons", .type = OPTION_VALUE, ! .opt.value = &cfg.separator, .value = 1, }, { .name = "d", .desc = "Print BIO debugging information", .type = OPTION_FLAG, ! .opt.flag = &cfg.debug, }, { .name = "hex", .desc = "Output as hex dump", .type = OPTION_VALUE, ! .opt.value = &cfg.out_bin, .value = 0, }, { *************** *** 203,223 **** .argname = "key", .desc = "Create hashed MAC with key", .type = OPTION_ARG, ! .opt.arg = &dgst_config.hmac_key, }, { .name = "keyform", .argname = "format", .desc = "Key file format (PEM)", .type = OPTION_ARG_FORMAT, ! .opt.value = &dgst_config.keyform, }, { .name = "mac", .argname = "algorithm", .desc = "Create MAC (not necessarily HMAC)", .type = OPTION_ARG, ! .opt.arg = &dgst_config.mac_name, }, { .name = "macopt", --- 203,223 ---- .argname = "key", .desc = "Create hashed MAC with key", .type = OPTION_ARG, ! .opt.arg = &cfg.hmac_key, }, { .name = "keyform", .argname = "format", .desc = "Key file format (PEM)", .type = OPTION_ARG_FORMAT, ! .opt.value = &cfg.keyform, }, { .name = "mac", .argname = "algorithm", .desc = "Create MAC (not necessarily HMAC)", .type = OPTION_ARG, ! .opt.arg = &cfg.mac_name, }, { .name = "macopt", *************** *** 231,244 **** .argname = "file", .desc = "Output to file rather than stdout", .type = OPTION_ARG, ! .opt.arg = &dgst_config.outfile, }, { .name = "passin", .argname = "arg", .desc = "Input file passphrase source", .type = OPTION_ARG, ! .opt.arg = &dgst_config.passargin, }, { .name = "prverify", --- 231,244 ---- .argname = "file", .desc = "Output to file rather than stdout", .type = OPTION_ARG, ! .opt.arg = &cfg.outfile, }, { .name = "passin", .argname = "arg", .desc = "Input file passphrase source", .type = OPTION_ARG, ! .opt.arg = &cfg.passargin, }, { .name = "prverify", *************** *** 251,257 **** .name = "r", .desc = "Output the digest in coreutils format", .type = OPTION_VALUE, ! .opt.value = &dgst_config.separator, .value = 2, }, { --- 251,257 ---- .name = "r", .desc = "Output the digest in coreutils format", .type = OPTION_VALUE, ! .opt.value = &cfg.separator, .value = 2, }, { *************** *** 259,272 **** .argname = "file", .desc = "Sign digest using private key in file", .type = OPTION_ARG, ! .opt.arg = &dgst_config.keyfile, }, { .name = "signature", .argname = "file", .desc = "Signature to verify", .type = OPTION_ARG, ! .opt.arg = &dgst_config.sigfile, }, { .name = "sigopt", --- 259,272 ---- .argname = "file", .desc = "Sign digest using private key in file", .type = OPTION_ARG, ! .opt.arg = &cfg.keyfile, }, { .name = "signature", .argname = "file", .desc = "Signature to verify", .type = OPTION_ARG, ! .opt.arg = &cfg.sigfile, }, { .name = "sigopt", *************** *** 348,371 **** goto end; } ! memset(&dgst_config, 0, sizeof(dgst_config)); ! dgst_config.keyform = FORMAT_PEM; ! dgst_config.out_bin = -1; /* first check the program name */ program_name(argv[0], pname, sizeof pname); ! dgst_config.md = EVP_get_digestbyname(pname); if (options_parse(argc, argv, dgst_options, NULL, ! &dgst_config.argsused) != 0) { dgst_usage(); goto end; } ! argc -= dgst_config.argsused; ! argv += dgst_config.argsused; ! if (dgst_config.do_verify && !dgst_config.sigfile) { BIO_printf(bio_err, "No signature to verify: use the -signature option\n"); goto end; --- 348,371 ---- goto end; } ! memset(&cfg, 0, sizeof(cfg)); ! cfg.keyform = FORMAT_PEM; ! cfg.out_bin = -1; /* first check the program name */ program_name(argv[0], pname, sizeof pname); ! cfg.md = EVP_get_digestbyname(pname); if (options_parse(argc, argv, dgst_options, NULL, ! &cfg.argsused) != 0) { dgst_usage(); goto end; } ! argc -= cfg.argsused; ! argv += cfg.argsused; ! if (cfg.do_verify && !cfg.sigfile) { BIO_printf(bio_err, "No signature to verify: use the -signature option\n"); goto end; *************** *** 378,427 **** goto end; } ! if (dgst_config.debug) { BIO_set_callback(in, BIO_debug_callback); /* needed for windows 3.1 */ BIO_set_callback_arg(in, (char *) bio_err); } ! if (!app_passwd(bio_err, dgst_config.passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } ! if (dgst_config.out_bin == -1) { ! if (dgst_config.keyfile) ! dgst_config.out_bin = 1; else ! dgst_config.out_bin = 0; } ! if (dgst_config.outfile) { ! if (dgst_config.out_bin) ! out = BIO_new_file(dgst_config.outfile, "wb"); else ! out = BIO_new_file(dgst_config.outfile, "w"); } else { out = BIO_new_fp(stdout, BIO_NOCLOSE); } if (!out) { BIO_printf(bio_err, "Error opening output file %s\n", ! dgst_config.outfile ? dgst_config.outfile : "(stdout)"); ERR_print_errors(bio_err); goto end; } ! if ((!!dgst_config.mac_name + !!dgst_config.keyfile + ! !!dgst_config.hmac_key) > 1) { BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n"); goto end; } ! if (dgst_config.keyfile) { ! if (dgst_config.want_pub) ! sigkey = load_pubkey(bio_err, dgst_config.keyfile, ! dgst_config.keyform, 0, NULL, "key file"); else ! sigkey = load_key(bio_err, dgst_config.keyfile, ! dgst_config.keyform, 0, passin, "key file"); if (!sigkey) { /* * load_[pub]key() has already printed an appropriate --- 378,427 ---- goto end; } ! if (cfg.debug) { BIO_set_callback(in, BIO_debug_callback); /* needed for windows 3.1 */ BIO_set_callback_arg(in, (char *) bio_err); } ! if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } ! if (cfg.out_bin == -1) { ! if (cfg.keyfile) ! cfg.out_bin = 1; else ! cfg.out_bin = 0; } ! if (cfg.outfile) { ! if (cfg.out_bin) ! out = BIO_new_file(cfg.outfile, "wb"); else ! out = BIO_new_file(cfg.outfile, "w"); } else { out = BIO_new_fp(stdout, BIO_NOCLOSE); } if (!out) { BIO_printf(bio_err, "Error opening output file %s\n", ! cfg.outfile ? cfg.outfile : "(stdout)"); ERR_print_errors(bio_err); goto end; } ! if ((!!cfg.mac_name + !!cfg.keyfile + ! !!cfg.hmac_key) > 1) { BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n"); goto end; } ! if (cfg.keyfile) { ! if (cfg.want_pub) ! sigkey = load_pubkey(bio_err, cfg.keyfile, ! cfg.keyform, 0, NULL, "key file"); else ! sigkey = load_key(bio_err, cfg.keyfile, ! cfg.keyform, 0, passin, "key file"); if (!sigkey) { /* * load_[pub]key() has already printed an appropriate *************** *** 430,446 **** goto end; } } ! if (dgst_config.mac_name) { EVP_PKEY_CTX *mac_ctx = NULL; int r = 0; ! if (!init_gen_str(bio_err, &mac_ctx, dgst_config.mac_name, 0)) goto mac_end; ! if (dgst_config.macopts) { char *macopt; for (i = 0; i < sk_OPENSSL_STRING_num( ! dgst_config.macopts); i++) { macopt = sk_OPENSSL_STRING_value( ! dgst_config.macopts, i); if (pkey_ctrl_string(mac_ctx, macopt) <= 0) { BIO_printf(bio_err, "MAC parameter error \"%s\"\n", --- 430,446 ---- goto end; } } ! if (cfg.mac_name) { EVP_PKEY_CTX *mac_ctx = NULL; int r = 0; ! if (!init_gen_str(bio_err, &mac_ctx, cfg.mac_name, 0)) goto mac_end; ! if (cfg.macopts) { char *macopt; for (i = 0; i < sk_OPENSSL_STRING_num( ! cfg.macopts); i++) { macopt = sk_OPENSSL_STRING_value( ! cfg.macopts, i); if (pkey_ctrl_string(mac_ctx, macopt) <= 0) { BIO_printf(bio_err, "MAC parameter error \"%s\"\n", *************** *** 461,469 **** if (r == 0) goto end; } ! if (dgst_config.hmac_key) { sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, ! (unsigned char *) dgst_config.hmac_key, -1); if (!sigkey) goto end; } --- 461,469 ---- if (r == 0) goto end; } ! if (cfg.hmac_key) { sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, ! (unsigned char *) cfg.hmac_key, -1); if (!sigkey) goto end; } *************** *** 476,498 **** ERR_print_errors(bio_err); goto end; } ! if (dgst_config.do_verify) ! r = EVP_DigestVerifyInit(mctx, &pctx, dgst_config.md, NULL, sigkey); else ! r = EVP_DigestSignInit(mctx, &pctx, dgst_config.md, NULL, sigkey); if (!r) { BIO_printf(bio_err, "Error setting context\n"); ERR_print_errors(bio_err); goto end; } ! if (dgst_config.sigopts) { char *sigopt; for (i = 0; i < sk_OPENSSL_STRING_num( ! dgst_config.sigopts); i++) { sigopt = sk_OPENSSL_STRING_value( ! dgst_config.sigopts, i); if (pkey_ctrl_string(pctx, sigopt) <= 0) { BIO_printf(bio_err, "parameter error \"%s\"\n", --- 476,498 ---- ERR_print_errors(bio_err); goto end; } ! if (cfg.do_verify) ! r = EVP_DigestVerifyInit(mctx, &pctx, cfg.md, NULL, sigkey); else ! r = EVP_DigestSignInit(mctx, &pctx, cfg.md, NULL, sigkey); if (!r) { BIO_printf(bio_err, "Error setting context\n"); ERR_print_errors(bio_err); goto end; } ! if (cfg.sigopts) { char *sigopt; for (i = 0; i < sk_OPENSSL_STRING_num( ! cfg.sigopts); i++) { sigopt = sk_OPENSSL_STRING_value( ! cfg.sigopts, i); if (pkey_ctrl_string(pctx, sigopt) <= 0) { BIO_printf(bio_err, "parameter error \"%s\"\n", *************** *** 505,520 **** } /* we use md as a filter, reading from 'in' */ else { ! if (dgst_config.md == NULL) ! dgst_config.md = EVP_sha256(); ! if (!BIO_set_md(bmd, dgst_config.md)) { BIO_printf(bio_err, "Error setting digest %s\n", pname); ERR_print_errors(bio_err); goto end; } } ! if (dgst_config.sigfile && sigkey) { BIO *sigbio; siglen = EVP_PKEY_size(sigkey); sigbuf = malloc(siglen); --- 505,520 ---- } /* we use md as a filter, reading from 'in' */ else { ! if (cfg.md == NULL) ! cfg.md = EVP_sha256(); ! if (!BIO_set_md(bmd, cfg.md)) { BIO_printf(bio_err, "Error setting digest %s\n", pname); ERR_print_errors(bio_err); goto end; } } ! if (cfg.sigfile && sigkey) { BIO *sigbio; siglen = EVP_PKEY_size(sigkey); sigbuf = malloc(siglen); *************** *** 523,532 **** ERR_print_errors(bio_err); goto end; } ! sigbio = BIO_new_file(dgst_config.sigfile, "rb"); if (!sigbio) { BIO_printf(bio_err, "Error opening signature file %s\n", ! dgst_config.sigfile); ERR_print_errors(bio_err); goto end; } --- 523,532 ---- ERR_print_errors(bio_err); goto end; } ! sigbio = BIO_new_file(cfg.sigfile, "rb"); if (!sigbio) { BIO_printf(bio_err, "Error opening signature file %s\n", ! cfg.sigfile); ERR_print_errors(bio_err); goto end; } *************** *** 534,559 **** BIO_free(sigbio); if (siglen <= 0) { BIO_printf(bio_err, "Error reading signature file %s\n", ! dgst_config.sigfile); ERR_print_errors(bio_err); goto end; } } inp = BIO_push(bmd, in); ! if (dgst_config.md == NULL) { EVP_MD_CTX *tctx; BIO_get_md_ctx(bmd, &tctx); ! dgst_config.md = EVP_MD_CTX_md(tctx); } if (argc == 0) { BIO_set_fp(in, stdin, BIO_NOCLOSE); ! err = do_fp(out, buf, inp, dgst_config.separator, ! dgst_config.out_bin, sigkey, sigbuf, siglen, NULL, NULL, "stdin", bmd); } else { const char *md_name = NULL, *sig_name = NULL; ! if (!dgst_config.out_bin) { if (sigkey) { const EVP_PKEY_ASN1_METHOD *ameth; ameth = EVP_PKEY_get0_asn1(sigkey); --- 534,559 ---- BIO_free(sigbio); if (siglen <= 0) { BIO_printf(bio_err, "Error reading signature file %s\n", ! cfg.sigfile); ERR_print_errors(bio_err); goto end; } } inp = BIO_push(bmd, in); ! if (cfg.md == NULL) { EVP_MD_CTX *tctx; BIO_get_md_ctx(bmd, &tctx); ! cfg.md = EVP_MD_CTX_md(tctx); } if (argc == 0) { BIO_set_fp(in, stdin, BIO_NOCLOSE); ! err = do_fp(out, buf, inp, cfg.separator, ! cfg.out_bin, sigkey, sigbuf, siglen, NULL, NULL, "stdin", bmd); } else { const char *md_name = NULL, *sig_name = NULL; ! if (!cfg.out_bin) { if (sigkey) { const EVP_PKEY_ASN1_METHOD *ameth; ameth = EVP_PKEY_get0_asn1(sigkey); *************** *** 561,567 **** EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &sig_name, ameth); } ! md_name = EVP_MD_name(dgst_config.md); } err = 0; for (i = 0; i < argc; i++) { --- 561,567 ---- EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &sig_name, ameth); } ! md_name = EVP_MD_name(cfg.md); } err = 0; for (i = 0; i < argc; i++) { *************** *** 571,578 **** err++; continue; } else { ! r = do_fp(out, buf, inp, dgst_config.separator, ! dgst_config.out_bin, sigkey, sigbuf, siglen, sig_name, md_name, argv[i], bmd); } if (r) --- 571,578 ---- err++; continue; } else { ! r = do_fp(out, buf, inp, cfg.separator, ! cfg.out_bin, sigkey, sigbuf, siglen, sig_name, md_name, argv[i], bmd); } if (r) *************** *** 587,594 **** free(passin); BIO_free_all(out); EVP_PKEY_free(sigkey); ! sk_OPENSSL_STRING_free(dgst_config.sigopts); ! sk_OPENSSL_STRING_free(dgst_config.macopts); free(sigbuf); BIO_free(bmd); --- 587,594 ---- free(passin); BIO_free_all(out); EVP_PKEY_free(sigkey); ! sk_OPENSSL_STRING_free(cfg.sigopts); ! sk_OPENSSL_STRING_free(cfg.macopts); free(sigbuf); BIO_free(bmd);