Annotation of src/usr.bin/openssl/dgst.c, Revision 1.17
1.17 ! inoguchi 1: /* $OpenBSD: dgst.c,v 1.16 2019/08/30 11:43:34 inoguchi Exp $ */
1.1 jsing 2: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3: * All rights reserved.
4: *
5: * This package is an SSL implementation written
6: * by Eric Young (eay@cryptsoft.com).
7: * The implementation was written so as to conform with Netscapes SSL.
8: *
9: * This library is free for commercial and non-commercial use as long as
10: * the following conditions are aheared to. The following conditions
11: * apply to all code found in this distribution, be it the RC4, RSA,
12: * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13: * included with this distribution is covered by the same copyright terms
14: * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15: *
16: * Copyright remains Eric Young's, and as such any Copyright notices in
17: * the code are not to be removed.
18: * If this package is used in a product, Eric Young should be given attribution
19: * as the author of the parts of the library used.
20: * This can be in the form of a textual message at program startup or
21: * in documentation (online or textual) provided with the package.
22: *
23: * Redistribution and use in source and binary forms, with or without
24: * modification, are permitted provided that the following conditions
25: * are met:
26: * 1. Redistributions of source code must retain the copyright
27: * notice, this list of conditions and the following disclaimer.
28: * 2. Redistributions in binary form must reproduce the above copyright
29: * notice, this list of conditions and the following disclaimer in the
30: * documentation and/or other materials provided with the distribution.
31: * 3. All advertising materials mentioning features or use of this software
32: * must display the following acknowledgement:
33: * "This product includes cryptographic software written by
34: * Eric Young (eay@cryptsoft.com)"
35: * The word 'cryptographic' can be left out if the rouines from the library
36: * being used are not cryptographic related :-).
37: * 4. If you include any Windows specific code (or a derivative thereof) from
38: * the apps directory (application code) you must include an acknowledgement:
39: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40: *
41: * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44: * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51: * SUCH DAMAGE.
52: *
53: * The licence and distribution terms for any publically available version or
54: * derivative of this code cannot be changed. i.e. this code cannot simply be
55: * copied and put under another distribution licence
56: * [including the GNU Public Licence.]
57: */
58:
59: #include <stdio.h>
60: #include <stdlib.h>
61: #include <string.h>
62:
63: #include "apps.h"
64:
65: #include <openssl/bio.h>
66: #include <openssl/err.h>
67: #include <openssl/evp.h>
68: #include <openssl/hmac.h>
69: #include <openssl/objects.h>
70: #include <openssl/pem.h>
71: #include <openssl/x509.h>
72:
73: #define BUFSIZE 1024*8
74:
75: int
76: do_fp(BIO * out, unsigned char *buf, BIO * bp, int sep, int binout,
77: EVP_PKEY * key, unsigned char *sigin, int siglen,
78: const char *sig_name, const char *md_name,
79: const char *file, BIO * bmd);
80:
1.14 inoguchi 81: static struct {
82: int argsused;
83: int debug;
84: int do_verify;
85: char *hmac_key;
86: char *keyfile;
87: int keyform;
88: const EVP_MD *m;
89: char *mac_name;
90: STACK_OF(OPENSSL_STRING) *macopts;
91: const EVP_MD *md;
92: int out_bin;
93: char *outfile;
94: char *passargin;
95: int separator;
96: char *sigfile;
97: STACK_OF(OPENSSL_STRING) *sigopts;
98: int want_pub;
99: } dgst_config;
100:
1.15 inoguchi 101: static int
102: dgst_opt_macopt(char *arg)
103: {
104: if (arg == NULL)
105: return (1);
106:
107: if (dgst_config.macopts == NULL &&
108: (dgst_config.macopts = sk_OPENSSL_STRING_new_null()) == NULL)
109: return (1);
110:
111: if (!sk_OPENSSL_STRING_push(dgst_config.macopts, arg))
112: return (1);
113:
114: return (0);
115: }
116:
117: static int
118: dgst_opt_md(int argc, char **argv, int *argsused)
119: {
120: char *name = argv[0];
121:
122: if (*name++ != '-')
123: return (1);
124:
1.16 inoguchi 125: if ((dgst_config.m = EVP_get_digestbyname(name)) == NULL)
1.15 inoguchi 126: return (1);
127:
1.16 inoguchi 128: dgst_config.md = dgst_config.m;
129:
1.15 inoguchi 130: *argsused = 1;
131: return (0);
132: }
133:
134: static int
135: dgst_opt_prverify(char *arg)
136: {
137: if (arg == NULL)
138: return (1);
139:
140: dgst_config.keyfile = arg;
141: dgst_config.do_verify = 1;
142: return (0);
143: }
144:
145: static int
146: dgst_opt_sigopt(char *arg)
147: {
148: if (arg == NULL)
149: return (1);
150:
151: if (dgst_config.sigopts == NULL &&
152: (dgst_config.sigopts = sk_OPENSSL_STRING_new_null()) == NULL)
153: return (1);
154:
155: if (!sk_OPENSSL_STRING_push(dgst_config.sigopts, arg))
156: return (1);
157:
158: return (0);
159: }
160:
161: static int
162: dgst_opt_verify(char *arg)
163: {
164: if (arg == NULL)
165: return (1);
166:
167: dgst_config.keyfile = arg;
168: dgst_config.want_pub = 1;
169: dgst_config.do_verify = 1;
170: return (0);
171: }
172:
173: static const struct option dgst_options[] = {
174: {
175: .name = "binary",
1.16 inoguchi 176: .desc = "Output the digest or signature in binary form",
1.15 inoguchi 177: .type = OPTION_VALUE,
178: .opt.value = &dgst_config.out_bin,
179: .value = 1,
180: },
181: {
182: .name = "c",
1.16 inoguchi 183: .desc = "Print the digest in two-digit groups separated by colons",
1.15 inoguchi 184: .type = OPTION_VALUE,
185: .opt.value = &dgst_config.separator,
186: .value = 1,
187: },
188: {
189: .name = "d",
1.16 inoguchi 190: .desc = "Print BIO debugging information",
1.15 inoguchi 191: .type = OPTION_FLAG,
192: .opt.flag = &dgst_config.debug,
193: },
194: {
195: .name = "hex",
196: .desc = "Output as hex dump",
197: .type = OPTION_VALUE,
198: .opt.value = &dgst_config.out_bin,
199: .value = 0,
200: },
201: {
202: .name = "hmac",
203: .argname = "key",
204: .desc = "Create hashed MAC with key",
205: .type = OPTION_ARG,
206: .opt.arg = &dgst_config.hmac_key,
207: },
208: {
209: .name = "keyform",
210: .argname = "format",
211: .desc = "Key file format (PEM)",
212: .type = OPTION_ARG_FORMAT,
213: .opt.value = &dgst_config.keyform,
214: },
215: {
216: .name = "mac",
217: .argname = "algorithm",
218: .desc = "Create MAC (not necessarily HMAC)",
219: .type = OPTION_ARG,
220: .opt.arg = &dgst_config.mac_name,
221: },
222: {
223: .name = "macopt",
224: .argname = "nm:v",
225: .desc = "MAC algorithm parameters or key",
226: .type = OPTION_ARG_FUNC,
227: .opt.argfunc = dgst_opt_macopt,
228: },
229: {
230: .name = "out",
231: .argname = "file",
232: .desc = "Output to file rather than stdout",
233: .type = OPTION_ARG,
234: .opt.arg = &dgst_config.outfile,
235: },
236: {
237: .name = "passin",
238: .argname = "arg",
239: .desc = "Input file passphrase source",
240: .type = OPTION_ARG,
241: .opt.arg = &dgst_config.passargin,
242: },
243: {
244: .name = "prverify",
245: .argname = "file",
246: .desc = "Verify a signature using private key in file",
247: .type = OPTION_ARG_FUNC,
248: .opt.argfunc = dgst_opt_prverify,
249: },
250: {
251: .name = "r",
1.16 inoguchi 252: .desc = "Output the digest in coreutils format",
1.15 inoguchi 253: .type = OPTION_VALUE,
254: .opt.value = &dgst_config.separator,
255: .value = 2,
256: },
257: {
258: .name = "sign",
259: .argname = "file",
260: .desc = "Sign digest using private key in file",
261: .type = OPTION_ARG,
262: .opt.arg = &dgst_config.keyfile,
263: },
264: {
265: .name = "signature",
266: .argname = "file",
267: .desc = "Signature to verify",
268: .type = OPTION_ARG,
269: .opt.arg = &dgst_config.sigfile,
270: },
271: {
272: .name = "sigopt",
273: .argname = "nm:v",
274: .desc = "Signature parameter",
275: .type = OPTION_ARG_FUNC,
276: .opt.argfunc = dgst_opt_sigopt,
277: },
278: {
279: .name = "verify",
280: .argname = "file",
281: .desc = "Verify a signature using public key in file",
282: .type = OPTION_ARG_FUNC,
283: .opt.argfunc = dgst_opt_verify,
284: },
285: {
286: .name = NULL,
287: .desc = "",
288: .type = OPTION_ARGV_FUNC,
289: .opt.argvfunc = dgst_opt_md,
290: },
291: { NULL },
292: };
293:
1.1 jsing 294: static void
295: list_md_fn(const EVP_MD * m, const char *from, const char *to, void *arg)
296: {
297: const char *mname;
298: /* Skip aliases */
299: if (!m)
300: return;
301: mname = OBJ_nid2ln(EVP_MD_type(m));
302: /* Skip shortnames */
303: if (strcmp(from, mname))
304: return;
305: /* Skip clones */
306: if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST)
307: return;
308: if (strchr(mname, ' '))
309: mname = EVP_MD_name(m);
1.15 inoguchi 310: BIO_printf(arg, " -%-17s To use the %s message digest algorithm\n",
1.1 jsing 311: mname, mname);
312: }
313:
1.15 inoguchi 314: static void
315: dgst_usage(void)
316: {
317: fprintf(stderr, "usage: dgst [-cdr] [-binary] [-digest] [-hex]");
318: fprintf(stderr, " [-hmac key] [-keyform fmt]\n");
319: fprintf(stderr, " [-mac algorithm] [-macopt nm:v] [-out file]");
320: fprintf(stderr, " [-passin arg]\n");
321: fprintf(stderr, " [-prverify file] [-sign file]");
322: fprintf(stderr, " [-signature file]\n");
323: fprintf(stderr, " [-sigopt nm:v] [-verify file] [file ...]\n\n");
324: options_usage(dgst_options);
325: EVP_MD_do_all_sorted(list_md_fn, bio_err);
326: fprintf(stderr, "\n");
327: }
328:
1.1 jsing 329: int
330: dgst_main(int argc, char **argv)
331: {
332: unsigned char *buf = NULL;
333: int i, err = 1;
334: BIO *in = NULL, *inp;
335: BIO *bmd = NULL;
336: BIO *out = NULL;
337: #define PROG_NAME_SIZE 39
338: char pname[PROG_NAME_SIZE + 1];
339: EVP_PKEY *sigkey = NULL;
340: unsigned char *sigbuf = NULL;
341: int siglen = 0;
1.14 inoguchi 342: char *passin = NULL;
1.7 doug 343:
344: if (single_execution) {
1.10 deraadt 345: if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
1.7 doug 346: perror("pledge");
1.9 doug 347: exit(1);
348: }
1.7 doug 349: }
1.1 jsing 350:
351: if ((buf = malloc(BUFSIZE)) == NULL) {
352: BIO_printf(bio_err, "out of memory\n");
353: goto end;
354: }
355:
1.14 inoguchi 356: memset(&dgst_config, 0, sizeof(dgst_config));
357: dgst_config.keyform = FORMAT_PEM;
358: dgst_config.out_bin = -1;
359:
1.1 jsing 360: /* first check the program name */
361: program_name(argv[0], pname, sizeof pname);
362:
1.14 inoguchi 363: dgst_config.md = EVP_get_digestbyname(pname);
1.1 jsing 364:
1.15 inoguchi 365: if (options_parse(argc, argv, dgst_options, NULL,
366: &dgst_config.argsused) != 0) {
367: dgst_usage();
368: goto end;
1.1 jsing 369: }
1.15 inoguchi 370: argc -= dgst_config.argsused;
371: argv += dgst_config.argsused;
1.1 jsing 372:
1.14 inoguchi 373: if (dgst_config.do_verify && !dgst_config.sigfile) {
1.17 ! inoguchi 374: BIO_printf(bio_err,
! 375: "No signature to verify: use the -signature option\n");
1.1 jsing 376: goto end;
377: }
1.2 doug 378:
1.1 jsing 379: in = BIO_new(BIO_s_file());
380: bmd = BIO_new(BIO_f_md());
1.2 doug 381: if (in == NULL || bmd == NULL) {
382: ERR_print_errors(bio_err);
383: goto end;
384: }
385:
1.14 inoguchi 386: if (dgst_config.debug) {
1.1 jsing 387: BIO_set_callback(in, BIO_debug_callback);
388: /* needed for windows 3.1 */
389: BIO_set_callback_arg(in, (char *) bio_err);
390: }
1.14 inoguchi 391: if (!app_passwd(bio_err, dgst_config.passargin, NULL, &passin, NULL)) {
1.1 jsing 392: BIO_printf(bio_err, "Error getting password\n");
393: goto end;
394: }
1.14 inoguchi 395: if (dgst_config.out_bin == -1) {
396: if (dgst_config.keyfile)
397: dgst_config.out_bin = 1;
1.1 jsing 398: else
1.14 inoguchi 399: dgst_config.out_bin = 0;
1.1 jsing 400: }
401:
1.14 inoguchi 402: if (dgst_config.outfile) {
403: if (dgst_config.out_bin)
404: out = BIO_new_file(dgst_config.outfile, "wb");
1.1 jsing 405: else
1.14 inoguchi 406: out = BIO_new_file(dgst_config.outfile, "w");
1.1 jsing 407: } else {
408: out = BIO_new_fp(stdout, BIO_NOCLOSE);
409: }
410:
411: if (!out) {
412: BIO_printf(bio_err, "Error opening output file %s\n",
1.14 inoguchi 413: dgst_config.outfile ? dgst_config.outfile : "(stdout)");
1.1 jsing 414: ERR_print_errors(bio_err);
415: goto end;
416: }
1.17 ! inoguchi 417: if ((!!dgst_config.mac_name + !!dgst_config.keyfile +
! 418: !!dgst_config.hmac_key) > 1) {
! 419: BIO_printf(bio_err,
! 420: "MAC and Signing key cannot both be specified\n");
1.1 jsing 421: goto end;
422: }
1.14 inoguchi 423: if (dgst_config.keyfile) {
424: if (dgst_config.want_pub)
1.17 ! inoguchi 425: sigkey = load_pubkey(bio_err, dgst_config.keyfile,
! 426: dgst_config.keyform, 0, NULL, "key file");
1.1 jsing 427: else
1.17 ! inoguchi 428: sigkey = load_key(bio_err, dgst_config.keyfile,
! 429: dgst_config.keyform, 0, passin, "key file");
1.1 jsing 430: if (!sigkey) {
431: /*
432: * load_[pub]key() has already printed an appropriate
433: * message
434: */
435: goto end;
436: }
437: }
1.14 inoguchi 438: if (dgst_config.mac_name) {
1.1 jsing 439: EVP_PKEY_CTX *mac_ctx = NULL;
440: int r = 0;
1.14 inoguchi 441: if (!init_gen_str(bio_err, &mac_ctx, dgst_config.mac_name, 0))
1.1 jsing 442: goto mac_end;
1.14 inoguchi 443: if (dgst_config.macopts) {
1.1 jsing 444: char *macopt;
1.17 ! inoguchi 445: for (i = 0; i < sk_OPENSSL_STRING_num(
! 446: dgst_config.macopts); i++) {
! 447: macopt = sk_OPENSSL_STRING_value(
! 448: dgst_config.macopts, i);
1.1 jsing 449: if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
450: BIO_printf(bio_err,
451: "MAC parameter error \"%s\"\n",
452: macopt);
453: ERR_print_errors(bio_err);
454: goto mac_end;
455: }
456: }
457: }
458: if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) {
459: BIO_puts(bio_err, "Error generating key\n");
460: ERR_print_errors(bio_err);
461: goto mac_end;
462: }
463: r = 1;
1.17 ! inoguchi 464: mac_end:
1.1 jsing 465: if (mac_ctx)
466: EVP_PKEY_CTX_free(mac_ctx);
467: if (r == 0)
468: goto end;
469: }
1.14 inoguchi 470: if (dgst_config.hmac_key) {
1.6 bcook 471: sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
1.14 inoguchi 472: (unsigned char *) dgst_config.hmac_key, -1);
1.1 jsing 473: if (!sigkey)
474: goto end;
475: }
476: if (sigkey) {
477: EVP_MD_CTX *mctx = NULL;
478: EVP_PKEY_CTX *pctx = NULL;
479: int r;
480: if (!BIO_get_md_ctx(bmd, &mctx)) {
481: BIO_printf(bio_err, "Error getting context\n");
482: ERR_print_errors(bio_err);
483: goto end;
484: }
1.14 inoguchi 485: if (dgst_config.do_verify)
1.17 ! inoguchi 486: r = EVP_DigestVerifyInit(mctx, &pctx, dgst_config.md,
! 487: NULL, sigkey);
1.1 jsing 488: else
1.17 ! inoguchi 489: r = EVP_DigestSignInit(mctx, &pctx, dgst_config.md,
! 490: NULL, sigkey);
1.1 jsing 491: if (!r) {
492: BIO_printf(bio_err, "Error setting context\n");
493: ERR_print_errors(bio_err);
494: goto end;
495: }
1.14 inoguchi 496: if (dgst_config.sigopts) {
1.1 jsing 497: char *sigopt;
1.17 ! inoguchi 498: for (i = 0; i < sk_OPENSSL_STRING_num(
! 499: dgst_config.sigopts); i++) {
! 500: sigopt = sk_OPENSSL_STRING_value(
! 501: dgst_config.sigopts, i);
1.1 jsing 502: if (pkey_ctrl_string(pctx, sigopt) <= 0) {
503: BIO_printf(bio_err,
504: "parameter error \"%s\"\n",
505: sigopt);
506: ERR_print_errors(bio_err);
507: goto end;
508: }
509: }
510: }
511: }
512: /* we use md as a filter, reading from 'in' */
513: else {
1.14 inoguchi 514: if (dgst_config.md == NULL)
515: dgst_config.md = EVP_sha256();
516: if (!BIO_set_md(bmd, dgst_config.md)) {
1.1 jsing 517: BIO_printf(bio_err, "Error setting digest %s\n", pname);
518: ERR_print_errors(bio_err);
519: goto end;
520: }
521: }
522:
1.14 inoguchi 523: if (dgst_config.sigfile && sigkey) {
1.1 jsing 524: BIO *sigbio;
525: siglen = EVP_PKEY_size(sigkey);
526: sigbuf = malloc(siglen);
1.3 rpointel 527: if (sigbuf == NULL) {
528: BIO_printf(bio_err, "out of memory\n");
529: ERR_print_errors(bio_err);
530: goto end;
531: }
1.14 inoguchi 532: sigbio = BIO_new_file(dgst_config.sigfile, "rb");
1.1 jsing 533: if (!sigbio) {
534: BIO_printf(bio_err, "Error opening signature file %s\n",
1.14 inoguchi 535: dgst_config.sigfile);
1.1 jsing 536: ERR_print_errors(bio_err);
537: goto end;
538: }
539: siglen = BIO_read(sigbio, sigbuf, siglen);
540: BIO_free(sigbio);
541: if (siglen <= 0) {
542: BIO_printf(bio_err, "Error reading signature file %s\n",
1.14 inoguchi 543: dgst_config.sigfile);
1.1 jsing 544: ERR_print_errors(bio_err);
545: goto end;
546: }
547: }
548: inp = BIO_push(bmd, in);
549:
1.14 inoguchi 550: if (dgst_config.md == NULL) {
1.1 jsing 551: EVP_MD_CTX *tctx;
552: BIO_get_md_ctx(bmd, &tctx);
1.14 inoguchi 553: dgst_config.md = EVP_MD_CTX_md(tctx);
1.1 jsing 554: }
555: if (argc == 0) {
556: BIO_set_fp(in, stdin, BIO_NOCLOSE);
1.17 ! inoguchi 557: err = do_fp(out, buf, inp, dgst_config.separator,
! 558: dgst_config.out_bin, sigkey, sigbuf, siglen, NULL, NULL,
! 559: "stdin", bmd);
1.1 jsing 560: } else {
561: const char *md_name = NULL, *sig_name = NULL;
1.14 inoguchi 562: if (!dgst_config.out_bin) {
1.1 jsing 563: if (sigkey) {
564: const EVP_PKEY_ASN1_METHOD *ameth;
565: ameth = EVP_PKEY_get0_asn1(sigkey);
566: if (ameth)
567: EVP_PKEY_asn1_get0_info(NULL, NULL,
568: NULL, NULL, &sig_name, ameth);
569: }
1.14 inoguchi 570: md_name = EVP_MD_name(dgst_config.md);
1.1 jsing 571: }
572: err = 0;
573: for (i = 0; i < argc; i++) {
574: int r;
575: if (BIO_read_filename(in, argv[i]) <= 0) {
576: perror(argv[i]);
577: err++;
578: continue;
579: } else {
1.17 ! inoguchi 580: r = do_fp(out, buf, inp, dgst_config.separator,
! 581: dgst_config.out_bin, sigkey, sigbuf, siglen,
! 582: sig_name, md_name, argv[i], bmd);
1.1 jsing 583: }
584: if (r)
585: err = r;
586: (void) BIO_reset(bmd);
587: }
588: }
589:
1.12 jsing 590: end:
1.11 deraadt 591: freezero(buf, BUFSIZE);
1.1 jsing 592: if (in != NULL)
593: BIO_free(in);
594: free(passin);
595: BIO_free_all(out);
596: EVP_PKEY_free(sigkey);
1.14 inoguchi 597: if (dgst_config.sigopts)
598: sk_OPENSSL_STRING_free(dgst_config.sigopts);
599: if (dgst_config.macopts)
600: sk_OPENSSL_STRING_free(dgst_config.macopts);
1.1 jsing 601: free(sigbuf);
602: if (bmd != NULL)
603: BIO_free(bmd);
604:
605: return (err);
606: }
607:
608: int
609: do_fp(BIO * out, unsigned char *buf, BIO * bp, int sep, int binout,
610: EVP_PKEY * key, unsigned char *sigin, int siglen,
611: const char *sig_name, const char *md_name,
612: const char *file, BIO * bmd)
613: {
614: size_t len;
615: int i;
616:
617: for (;;) {
618: i = BIO_read(bp, (char *) buf, BUFSIZE);
619: if (i < 0) {
620: BIO_printf(bio_err, "Read Error in %s\n", file);
621: ERR_print_errors(bio_err);
622: return 1;
623: }
624: if (i == 0)
625: break;
626: }
627: if (sigin) {
628: EVP_MD_CTX *ctx;
629: BIO_get_md_ctx(bp, &ctx);
630: i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int) siglen);
631: if (i > 0)
632: BIO_printf(out, "Verified OK\n");
633: else if (i == 0) {
634: BIO_printf(out, "Verification Failure\n");
635: return 1;
636: } else {
637: BIO_printf(bio_err, "Error Verifying Data\n");
638: ERR_print_errors(bio_err);
639: return 1;
640: }
641: return 0;
642: }
643: if (key) {
644: EVP_MD_CTX *ctx;
645: BIO_get_md_ctx(bp, &ctx);
646: len = BUFSIZE;
647: if (!EVP_DigestSignFinal(ctx, buf, &len)) {
648: BIO_printf(bio_err, "Error Signing Data\n");
649: ERR_print_errors(bio_err);
650: return 1;
651: }
652: } else {
653: len = BIO_gets(bp, (char *) buf, BUFSIZE);
654: if ((int) len < 0) {
655: ERR_print_errors(bio_err);
656: return 1;
657: }
658: }
659:
660: if (binout)
661: BIO_write(out, buf, len);
662: else if (sep == 2) {
663: for (i = 0; i < (int) len; i++)
664: BIO_printf(out, "%02x", buf[i]);
665: BIO_printf(out, " *%s\n", file);
666: } else {
667: if (sig_name)
668: BIO_printf(out, "%s-%s(%s)= ", sig_name, md_name, file);
669: else if (md_name)
670: BIO_printf(out, "%s(%s)= ", md_name, file);
671: else
672: BIO_printf(out, "(%s)= ", file);
673: for (i = 0; i < (int) len; i++) {
674: if (sep && (i != 0))
675: BIO_printf(out, ":");
676: BIO_printf(out, "%02x", buf[i]);
677: }
678: BIO_printf(out, "\n");
679: }
680: return 0;
681: }