root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
openssl/apps/dgst.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

746 lines
23 KiB
C
Raw Normal View History

Copyright consolidation 01/10 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-05-18 02:18:30 +08:00
/*
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes
2025-03-12 21:35:59 +08:00
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 18:52:47 +08:00
*
Following the license change, modify the boilerplates in apps/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7765)
2018-12-06 20:00:26 +08:00
* Licensed under the Apache License 2.0 (the "License"). You may not use
Copyright consolidation 01/10 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-05-18 02:18:30 +08:00
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 18:52:47 +08:00
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "apps.h"
apps: Don't include progs.h in apps.h Everything in apps includes apps.h, because that one declares apps internal library routines. However, progs.h doesn't declare library routines, but rather the main commands and their options, and there's no reason why the library modules should include it. So, remove the inclusion of progs.h from apps.h and add that inclusion in all command source files. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5222)
2018-01-31 18:13:10 +08:00
#include "progs.h"
Change #include filenames from <foo.h> to <openssl.h>. Submitted by: Reviewed by: PR:
1999-04-24 06:13:45 +08:00
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
Add -hmac option to dgst from 0.9.7 stable branch.
2007-02-09 03:07:43 +08:00
#include <openssl/hmac.h>
Update dgst.c to show a list of message digests Fixes #9893 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9912)
2019-09-16 20:09:01 +08:00
#include <ctype.h>
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 18:52:47 +08:00
#undef BUFSIZE
#define BUFSIZE 1024*8
dgst commandline support for one shot signing algorithms Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26697)
2025-02-10 17:00:03 +08:00
static int do_fp_oneshot_sign(BIO *out, EVP_MD_CTX *ctx, BIO *in, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *file);
openssl dgst: add option to specify output length for XOF This adds the -xoflen option to control the output length of the XOF algorithms, such as SHAKE128 and SHAKE256. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13245)
2020-10-26 20:23:14 +08:00
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int xoflen,
Prepend signature name in dgst output.
2007-05-18 00:19:17 +08:00
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
Remove unused parameters from internal functions Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-14 11:33:56 +08:00
const char *file);
Update dgst.c to show a list of message digests Fixes #9893 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9912)
2019-09-16 20:09:01 +08:00
static void show_digests(const OBJ_NAME *name, void *bio_);
struct doall_dgst_digests {
BIO *bio;
int n;
};
Make gcc 2.95.2 happy again, even under ``-Wall -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline''.
2000-02-11 17:47:18 +08:00
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
typedef enum OPTION_choice {
APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15111)
2021-05-01 21:29:00 +08:00
OPT_COMMON,
OPT_LIST,
Standardize apps use of -rand, etc. Standardized the -rand flag and added a new one: -rand file... Always reads the specified files -writerand file Always writes to the file on exit For apps that use a config file, the RANDFILE config parameter reads the file at startup (to seed the RNG) and write to it on exit if the -writerand flag isn't used. Ensured that every app that took -rand also took -writerand, and made sure all of that agreed with all the documentation. Fix error reporting in write_file and -rand Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3862)
2017-07-05 22:58:48 +08:00
OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
openssl dgst: add option to specify output length for XOF This adds the -xoflen option to control the output length of the XOF algorithms, such as SHAKE128 and SHAKE256. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13245)
2020-10-26 20:23:14 +08:00
OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT, OPT_XOFLEN,
Standardize apps use of -rand, etc. Standardized the -rand flag and added a new one: -rand file... Always reads the specified files -writerand file Always writes to the file on exit For apps that use a config file, the RANDFILE config parameter reads the file at startup (to seed the RNG) and write to it on exit if the -writerand flag isn't used. Ensured that every app that took -rand also took -writerand, and made sure all of that agreed with all the documentation. Fix error reporting in write_file and -rand Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3862)
2017-07-05 22:58:48 +08:00
OPT_DIGEST,
cmdline app: add provider commandline options. Add a -provider option to allow providers to be loaded. This option can be specified multiple times. Add a -provider_path option to allow the path to providers to be specified. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11167)
2020-02-25 12:29:30 +08:00
OPT_R_ENUM, OPT_PROV_ENUM
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
} OPTION_CHOICE;
Constify command options Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1694)
2016-03-13 21:07:50 +08:00
const OPTIONS dgst_options[] = {
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
{OPT_HELP_STR, 1, '-', "Usage: %s [options] [file...]\n"},
Document command parameters. Add documentation for all commands that have parameters. Fix a couple of minor doc and programming bugs, too. Fixes #10313 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10371)
2019-09-20 09:33:17 +08:00
Add "sections" to -help output Remove "Valid options" label, since all commands have sections (and [almost] always the first one is "General options"). Have "list --options" ignore section headers Reformat ts's additional help Add output section Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9953)
2019-11-08 04:08:30 +08:00
OPT_SECTION("General"),
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
{"help", OPT_HELP, '-', "Display this summary"},
Update dgst.c to show a list of message digests Fixes #9893 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9912)
2019-09-16 20:09:01 +08:00
{"list", OPT_LIST, '-', "List digests"},
Add "sections" to -help output Remove "Valid options" label, since all commands have sections (and [almost] always the first one is "General options"). Have "list --options" ignore section headers Reformat ts's additional help Add output section Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9953)
2019-11-08 04:08:30 +08:00
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
{"engine_impl", OPT_ENGINE_IMPL, '-',
"Also use engine given by -engine for digest operations"},
#endif
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
OPT_SECTION("Output"),
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
{"c", OPT_C, '-', "Print the digest with separating colons"},
{"r", OPT_R, '-', "Print the digest in coreutils format"},
{"out", OPT_OUT, '>', "Output to filename rather than stdout"},
Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c This also adds the more flexible and general load_key_cert_crl() as well as helper functions get_passwd(), cleanse(), and clear_free() to be used also in apps/cmp.c etc. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11755)
2020-05-06 19:51:50 +08:00
{"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"},
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
{"hex", OPT_HEX, '-', "Print as hex dump"},
{"binary", OPT_BINARY, '-', "Print in binary form"},
SHAKE documentation updates for default output length. Fixes #18586 In order to not break existing applications the OpenSSL documentation related to SHAKE has been updated. Background: All digests algorithms (including XOF's) use the bitlen as the default output length. This results in a security strength of bitlen / 2. This means that SHAKE128 will by default have an output length of 16 bytes and a security strength of 64 bits. For SHAKE256 the default output length is 32 bytes and has a security strength of 128 bits. This behaviour was present in 1.1.1 and has been duplicated in the provider SHAKE algorithms for 3.0. The SHAKE XOF algorithms have a security strength of min(bitlen, output xof length in bits / 2). Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18622)
2022-06-22 13:21:13 +08:00
{"xoflen", OPT_XOFLEN, 'p', "Output length for XOF algorithms. To obtain the maximum security strength set this to 32 (or greater) for SHAKE128, and 64 (or greater) for SHAKE256"},
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
{"d", OPT_DEBUG, '-', "Print debug info"},
more doc fixes dgst: using digest instead of specific digest commands the digest list specified in man dgst may be inaccurate, hence using digest and referring to the list in digest-commands 'sha' as a digest name is no longer supported dgst,pkeyutl cmds help cleanup - In dgst, pkeyutl cmds, some options help was missing. - fixed a minor typo in openssl.pod, that fixes make install. - digest-commands was showing ‘sha’, which is not a supported digest anymore. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-08 12:14:12 +08:00
{"debug", OPT_DEBUG, '-', "Print debug info"},
Add "sections" to -help output Remove "Valid options" label, since all commands have sections (and [almost] always the first one is "General options"). Have "list --options" ignore section headers Reformat ts's additional help Add output section Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9953)
2019-11-08 04:08:30 +08:00
OPT_SECTION("Signing"),
{"sign", OPT_SIGN, 's', "Sign digest using private key"},
{"verify", OPT_VERIFY, 's', "Verify a signature using public key"},
{"prverify", OPT_PRVERIFY, 's', "Verify a signature using private key"},
{"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
{"signature", OPT_SIGNATURE, '<', "File with signature to verify"},
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
{"hmac", OPT_HMAC, 's', "Create hashed MAC with key"},
GH601: Various spelling fixes. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-06 04:23:54 +08:00
{"mac", OPT_MAC, 's', "Create MAC (not necessarily HMAC)"},
Fix option name discrepancy There used to be options -macopt and -sigopt in <=1.0.2 for the dgst command line app. These were incorrectly spelled as -macop and -sigop in master. RT#4072 Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-10-12 16:44:15 +08:00
{"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
Standardize handling of #ifdef'd options. Here are the "rules" for handling flags that depend on #ifdef: - Do not ifdef the enum. Only ifdef the OPTIONS table. All ifdef'd entries appear at the end; by convention "engine" is last. This ensures that at run-time, the flag will never be recognized/allowed. The next two bullets entries are for silencing compiler warnings: - In the while/switch parsing statement, use #ifdef for the body to disable it; leave the "case OPT_xxx:" and "break" statements outside the ifdef/ifndef. See ciphers.c for example. - If there are multiple options controlled by a single guard, OPT_FOO, OPT_BAR, etc., put a an #ifdef around the set, and then do "#else" and a series of case labels and a break. See OPENSSL_NO_AES in cms.c for example. Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-16 01:50:38 +08:00
{"", OPT_DIGEST, '-', "Any supported digest"},
Add "sections" to -help output Remove "Valid options" label, since all commands have sections (and [almost] always the first one is "General options"). Have "list --options" ignore section headers Reformat ts's additional help Add output section Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9953)
2019-11-08 04:08:30 +08:00
{"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-',
"Compute HMAC with the key used in OpenSSL-FIPS fingerprint"},
Standardize apps use of -rand, etc. Standardized the -rand flag and added a new one: -rand file... Always reads the specified files -writerand file Always writes to the file on exit For apps that use a config file, the RANDFILE config parameter reads the file at startup (to seed the RNG) and write to it on exit if the -writerand flag isn't used. Ensured that every app that took -rand also took -writerand, and made sure all of that agreed with all the documentation. Fix error reporting in write_file and -rand Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3862)
2017-07-05 22:58:48 +08:00
OPT_R_OPTIONS,
cmdline app: add provider commandline options. Add a -provider option to allow providers to be loaded. This option can be specified multiple times. Add a -provider_path option to allow the path to providers to be specified. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11167)
2020-02-25 12:29:30 +08:00
OPT_PROV_OPTIONS,
Document command parameters. Add documentation for all commands that have parameters. Fix a couple of minor doc and programming bugs, too. Fixes #10313 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10371)
2019-09-20 09:33:17 +08:00
OPT_PARAMETERS(),
{"file", 0, 0, "Files to digest (optional; default is stdin)"},
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
{NULL}
};
int dgst_main(int argc, char **argv)
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 18:52:47 +08:00
{
dgst commandline support for one shot signing algorithms Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26697)
2025-02-10 17:00:03 +08:00
BIO *in = NULL, *inp = NULL, *bmd = NULL, *out = NULL;
Add -engine_impl option to dgst which will use an implementation of an algorithm from the supplied engine instead of just the default one.
2010-03-05 21:28:21 +08:00
ENGINE *e = NULL, *impl = NULL;
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
EVP_PKEY *sigkey = NULL;
STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
char *hmac_key = NULL;
Process digest option after loading providers Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14135)
2021-02-09 03:03:35 +08:00
char *mac_name = NULL, *digestname = NULL;
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
char *passinarg = NULL, *passin = NULL;
Fetch and free cipher and md's Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/14219)
2021-02-18 05:15:27 +08:00
EVP_MD *md = NULL;
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
const char *outfile = NULL, *keyfile = NULL, *prog = NULL;
Standardize apps use of -rand, etc. Standardized the -rand flag and added a new one: -rand file... Always reads the specified files -writerand file Always writes to the file on exit For apps that use a config file, the RANDFILE config parameter reads the file at startup (to seed the RNG) and write to it on exit if the -writerand flag isn't used. Ensured that every app that took -rand also took -writerand, and made sure all of that agreed with all the documentation. Fix error reporting in write_file and -rand Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3862)
2017-07-05 22:58:48 +08:00
const char *sigfile = NULL;
openssl dgst: show MD name at all times When 'openssl dgst' is called with a MD alias (such as sha256) and no further arguments (i.e. input is taken from stdin), the MD name wasn't shown. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8609)
2019-03-29 14:11:57 +08:00
const char *md_name = NULL;
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
OPTION_CHOICE o;
Make the -inform option to be respected if possible Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called. The input type format is enforced only in case the file type file store is used. By default we use FORMAT_UNDEF meaning the input type is not enforced. Fixes #14569 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15100)
2021-04-30 22:57:53 +08:00
int separator = 0, debug = 0, keyform = FORMAT_UNDEF, siglen = 0;
Add warning to key/param generating apps on potential delay due to missing entropy This also introduces app_keygen() and app_paramgen() and cleans up err reporting. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12095)
2020-06-09 16:21:58 +08:00
int i, ret = EXIT_FAILURE, out_bin = -1, want_pub = 0, do_verify = 0;
openssl dgst: add option to specify output length for XOF This adds the -xoflen option to control the output length of the XOF algorithms, such as SHAKE128 and SHAKE256. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13245)
2020-10-26 20:23:14 +08:00
int xoflen = 0;
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
unsigned char *buf = NULL, *sigbuf = NULL;
Add -engine_impl option to dgst which will use an implementation of an algorithm from the supplied engine instead of just the default one.
2010-03-05 21:28:21 +08:00
int engine_impl = 0;
Update dgst.c to show a list of message digests Fixes #9893 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9912)
2019-09-16 20:09:01 +08:00
struct doall_dgst_digests dec;
dgst commandline support for one shot signing algorithms Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26697)
2025-02-10 17:00:03 +08:00
EVP_MD_CTX *signctx = NULL;
int oneshot_sign = 0;
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
In apps, malloc or die No point in proceeding if you're out of memory. So change *all* OPENSSL_malloc calls in apps to use the new routine which prints a message and exits. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-01 05:48:31 +08:00
buf = app_malloc(BUFSIZE, "I/O buffer");
Fetch and free cipher and md's Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/14219)
2021-02-18 05:15:27 +08:00
md = (EVP_MD *)EVP_get_digestbyname(argv[0]);
apps/dgst.c: Set digestname from argv[0] if it is a builtin hash name Fixes #19589 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/19606)
2022-11-04 19:20:08 +08:00
if (md != NULL)
digestname = argv[0];
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
APPS: Add check for multiple 'unknown' options Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16416)
2021-08-24 18:03:12 +08:00
opt_set_unknown_name("digest");
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
prog = opt_init(argc, argv, dgst_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(dgst_options);
Add warning to key/param generating apps on potential delay due to missing entropy This also introduces app_keygen() and app_paramgen() and cleans up err reporting. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12095)
2020-06-09 16:21:58 +08:00
ret = EXIT_SUCCESS;
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
goto end;
Update dgst.c to show a list of message digests Fixes #9893 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9912)
2019-09-16 20:09:01 +08:00
case OPT_LIST:
BIO_printf(bio_out, "Supported digests:\n");
dec.bio = bio_out;
dec.n = 0;
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH,
show_digests, &dec);
BIO_printf(bio_out, "\n");
Add warning to key/param generating apps on potential delay due to missing entropy This also introduces app_keygen() and app_paramgen() and cleans up err reporting. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12095)
2020-06-09 16:21:58 +08:00
ret = EXIT_SUCCESS;
Update dgst.c to show a list of message digests Fixes #9893 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9912)
2019-09-16 20:09:01 +08:00
goto end;
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
case OPT_C:
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 18:52:47 +08:00
separator = 1;
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
break;
case OPT_R:
PR: 2066 Submitted by: Guenter <lists@gknw.net> Approved by: steve@openssl.org Add -r option to dgst to produce format compatible with core utilities.
2009-10-16 01:13:54 +08:00
separator = 2;
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
break;
Standardize apps use of -rand, etc. Standardized the -rand flag and added a new one: -rand file... Always reads the specified files -writerand file Always writes to the file on exit For apps that use a config file, the RANDFILE config parameter reads the file at startup (to seed the RNG) and write to it on exit if the -writerand flag isn't used. Ensured that every app that took -rand also took -writerand, and made sure all of that agreed with all the documentation. Fix error reporting in write_file and -rand Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3862)
2017-07-05 22:58:48 +08:00
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_SIGN:
keyfile = opt_arg();
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_VERIFY:
keyfile = opt_arg();
want_pub = do_verify = 1;
break;
case OPT_PRVERIFY:
keyfile = opt_arg();
Fix typo in i2d_ASN1_ENUMERATED Fix bug in read only memory BIOs so BIO_reset() works. Add sign and verify options to dgst utility, need to update docs.
2000-08-31 00:14:29 +08:00
do_verify = 1;
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
break;
case OPT_SIGNATURE:
sigfile = opt_arg();
break;
case OPT_KEYFORM:
if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
goto opthelp;
break;
case OPT_ENGINE:
fewer NO_ENGINE #ifdef's Make setup_engine be a dummy if NO_ENGINE is enabled. The option is not enabled if NO_ENGINE is enabled, so the one "wasted" variable just sits there. Removes some variables and code. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-26 03:41:29 +08:00
e = setup_engine(opt_arg(), 0);
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
break;
case OPT_ENGINE_IMPL:
Add -engine_impl option to dgst which will use an implementation of an algorithm from the supplied engine instead of just the default one.
2010-03-05 21:28:21 +08:00
engine_impl = 1;
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
break;
case OPT_HEX:
Fix typo in i2d_ASN1_ENUMERATED Fix bug in read only memory BIOs so BIO_reset() works. Add sign and verify options to dgst utility, need to update docs.
2000-08-31 00:14:29 +08:00
out_bin = 0;
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
break;
case OPT_BINARY:
Fix typo in i2d_ASN1_ENUMERATED Fix bug in read only memory BIOs so BIO_reset() works. Add sign and verify options to dgst utility, need to update docs.
2000-08-31 00:14:29 +08:00
out_bin = 1;
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
break;
openssl dgst: add option to specify output length for XOF This adds the -xoflen option to control the output length of the XOF algorithms, such as SHAKE128 and SHAKE256. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13245)
2020-10-26 20:23:14 +08:00
case OPT_XOFLEN:
xoflen = atoi(opt_arg());
break;
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
case OPT_DEBUG:
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 18:52:47 +08:00
debug = 1;
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
break;
case OPT_FIPS_FINGERPRINT:
Add fips hmac key to dgst utility.
2011-04-07 07:40:46 +08:00
hmac_key = "etaonrishdlcupfm";
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
break;
case OPT_HMAC:
hmac_key = opt_arg();
break;
case OPT_MAC:
mac_name = opt_arg();
break;
case OPT_SIGOPT:
New -sigopt option for dgst utility.
2007-04-08 20:47:18 +08:00
if (!sigopts)
Update from 1.0.0-stable
2009-07-28 05:10:00 +08:00
sigopts = sk_OPENSSL_STRING_new_null();
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
goto opthelp;
break;
case OPT_MACOPT:
New -mac and -macopt options to dgst utility. Reimplement -hmac option in terms of new API.
2007-04-12 01:20:40 +08:00
if (!macopts)
Update from 1.0.0-stable
2009-07-28 05:10:00 +08:00
macopts = sk_OPENSSL_STRING_new_null();
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
if (!macopts || !sk_OPENSSL_STRING_push(macopts, opt_arg()))
goto opthelp;
break;
case OPT_DIGEST:
Process digest option after loading providers Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14135)
2021-02-09 03:03:35 +08:00
digestname = opt_unknown();
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 18:52:47 +08:00
break;
cmdline app: add provider commandline options. Add a -provider option to allow providers to be loaded. This option can be specified multiple times. Add a -provider_path option to allow the path to providers to be specified. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11167)
2020-02-25 12:29:30 +08:00
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
}
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 18:52:47 +08:00
}
Check non-option arguments Make sure all commands check to see if there are any "extra" arguments after the options, and print an error if so. Made all error messages consistent (which is to say, minimal). Fixes: #13527 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13563)
2020-11-29 05:12:58 +08:00
/* Remaining args are files to digest. */
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
argc = opt_num_rest();
argv = opt_rest();
RT3669: dgst can only sign/verify one file. Check arg count and print an error message. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-03 05:34:31 +08:00
if (keyfile != NULL && argc > 1) {
BIO_printf(bio_err, "%s: Can only sign or verify one file.\n", prog);
goto end;
}
APPS: make apps strict on app_RAND_load() and app_RAND_write() failure Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14840)
2021-04-03 18:53:51 +08:00
if (!app_RAND_load())
goto end;
Process digest option after loading providers Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14135)
2021-02-09 03:03:35 +08:00
if (digestname != NULL) {
if (!opt_md(digestname, &md))
goto opthelp;
}
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
Clean up a bundle of codingstyle stuff in apps directory Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
2017-06-13 01:24:02 +08:00
if (do_verify && sigfile == NULL) {
Fix typo in i2d_ASN1_ENUMERATED Fix bug in read only memory BIOs so BIO_reset() works. Add sign and verify options to dgst utility, need to update docs.
2000-08-31 00:14:29 +08:00
BIO_printf(bio_err,
"No signature to verify: use the -signature option\n");
goto end;
}
Add -engine_impl option to dgst which will use an implementation of an algorithm from the supplied engine instead of just the default one.
2010-03-05 21:28:21 +08:00
if (engine_impl)
impl = e;
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 18:52:47 +08:00
in = BIO_new(BIO_s_file());
bmd = BIO_new(BIO_f_md());
Add warning to key/param generating apps on potential delay due to missing entropy This also introduces app_keygen() and app_paramgen() and cleans up err reporting. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12095)
2020-06-09 16:21:58 +08:00
if (in == NULL || bmd == NULL)
Move malloc fail checks closer to malloc Move memory allocation failure checks closer to the site of the malloc in dgst app. Only a problem if the debug flag is set...but still should be fixed. Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-12 19:25:03 +08:00
goto end;
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 18:52:47 +08:00
if (debug) {
Deprecate old style BIO callback calls New style BIO_debug_callback_ex() function added to provide replacement for BIO_debug_callback(). Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15440)
2021-05-25 00:15:57 +08:00
BIO_set_callback_ex(in, BIO_debug_callback_ex);
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 18:52:47 +08:00
/* needed for windows 3.1 */
replace macros with functions Submitted by: Tracy Camp <tracyx.e.camp@intel.com>
2006-11-30 04:54:57 +08:00
BIO_set_callback_arg(in, (char *)bio_err);
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 18:52:47 +08:00
}
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
Add -passin argument to dgst command.
2004-12-03 20:26:56 +08:00
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
Fix typo in i2d_ASN1_ENUMERATED Fix bug in read only memory BIOs so BIO_reset() works. Add sign and verify options to dgst utility, need to update docs.
2000-08-31 00:14:29 +08:00
if (out_bin == -1) {
Clean up a bundle of codingstyle stuff in apps directory Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
2017-06-13 01:24:02 +08:00
if (keyfile != NULL)
Fixes for dgst tool. Initialize md_name, sig_name properly. Return error code on failure. Keep output format consistent with previous versions. Also flush stdout after printing ACCEPT in s_server.
2007-05-21 23:53:30 +08:00
out_bin = 1;
else
out_bin = 0;
Fix typo in i2d_ASN1_ENUMERATED Fix bug in read only memory BIOs so BIO_reset() works. Add sign and verify options to dgst utility, need to update docs.
2000-08-31 00:14:29 +08:00
}
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
Change the way apps open their input and output files The different apps had the liberty to decide whether they would open their input and output files in binary mode or not, which could be confusing if two different apps were handling the same type of file in different ways. The solution is to centralise the decision of low level file organisation, and that the apps would use a selection of formats to state the intent of the file. Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-04 18:49:06 +08:00
out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT);
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
if (out == NULL)
Fix typo in i2d_ASN1_ENUMERATED Fix bug in read only memory BIOs so BIO_reset() works. Add sign and verify options to dgst utility, need to update docs.
2000-08-31 00:14:29 +08:00
goto end;
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
Clean up a bundle of codingstyle stuff in apps directory Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
2017-06-13 01:24:02 +08:00
if ((!(mac_name == NULL) + !(keyfile == NULL) + !(hmac_key == NULL)) > 1) {
Add warning to key/param generating apps on potential delay due to missing entropy This also introduces app_keygen() and app_paramgen() and cleans up err reporting. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12095)
2020-06-09 16:21:58 +08:00
BIO_printf(bio_err, "MAC and signing key cannot both be specified\n");
New -mac and -macopt options to dgst utility. Reimplement -hmac option in terms of new API.
2007-04-12 01:20:40 +08:00
goto end;
}
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
Clean up a bundle of codingstyle stuff in apps directory Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
2017-06-13 01:24:02 +08:00
if (keyfile != NULL) {
Extend all the loading functions to take an engine pointer, a pass string (some engines may have certificates protected by a PIN!) and a description to put into error messages. Also, have our own password callback that we can send both a password and some prompt info to. The default password callback in EVP assumes that the passed parameter is a password, which isn't always the right thing, and the ENGINE code (at least the nCipher one) makes other assumptions... Also, in spite of having the functions to load keys, some utilities did the loading all by themselves... That's changed too.
2001-05-30 23:29:28 +08:00
if (want_pub)
load_key_certs_crls(): Restore output of fatal errors Also improve credentials loading diagnostics for many apps. Fixes #12840 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12893)
2020-09-17 07:39:00 +08:00
sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "public key");
Add the possibility to use keys handled by engines in more applications.
2000-10-29 06:40:40 +08:00
else
load_key_certs_crls(): Restore output of fatal errors Also improve credentials loading diagnostics for many apps. Fixes #12840 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12893)
2020-09-17 07:39:00 +08:00
sigkey = load_key(keyfile, keyform, 0, passin, e, "private key");
Clean up a bundle of codingstyle stuff in apps directory Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
2017-06-13 01:24:02 +08:00
if (sigkey == NULL) {
Extend all the loading functions to take an engine pointer, a pass string (some engines may have certificates protected by a PIN!) and a description to put into error messages. Also, have our own password callback that we can send both a password and some prompt info to. The default password callback in EVP assumes that the passed parameter is a password, which isn't always the right thing, and the ENGINE code (at least the nCipher one) makes other assumptions... Also, in spite of having the functions to load keys, some utilities did the loading all by themselves... That's changed too.
2001-05-30 23:29:28 +08:00
/*
* load_[pub]key() has already printed an appropriate message
*/
Fix typo in i2d_ASN1_ENUMERATED Fix bug in read only memory BIOs so BIO_reset() works. Add sign and verify options to dgst utility, need to update docs.
2000-08-31 00:14:29 +08:00
goto end;
}
dgst commandline support for one shot signing algorithms Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26697)
2025-02-10 17:00:03 +08:00
{
char def_md[80];
if (EVP_PKEY_get_default_digest_name(sigkey, def_md,
sizeof(def_md)) == 2
&& strcmp(def_md, "UNDEF") == 0)
oneshot_sign = 1;
signctx = EVP_MD_CTX_new();
if (signctx == NULL)
goto end;
Add a note and better error if using Ed25519/Ed448 in dgst Fixes #5873 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5880)
2018-04-05 20:03:37 +08:00
}
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
}
Clean up a bundle of codingstyle stuff in apps directory Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
2017-06-13 01:24:02 +08:00
if (mac_name != NULL) {
New -mac and -macopt options to dgst utility. Reimplement -hmac option in terms of new API.
2007-04-12 01:20:40 +08:00
EVP_PKEY_CTX *mac_ctx = NULL;
Add warning to key/param generating apps on potential delay due to missing entropy This also introduces app_keygen() and app_paramgen() and cleans up err reporting. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12095)
2020-06-09 16:21:58 +08:00
Add fix for RSA keygen in FIPS using keysizes 2048 < bits < 3072 Fixes #11863 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12162)
2020-06-16 11:04:57 +08:00
if (!init_gen_str(&mac_ctx, mac_name, impl, 0, NULL, NULL))
Add warning to key/param generating apps on potential delay due to missing entropy This also introduces app_keygen() and app_paramgen() and cleans up err reporting. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12095)
2020-06-09 16:21:58 +08:00
goto end;
Clean up a bundle of codingstyle stuff in apps directory Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
2017-06-13 01:24:02 +08:00
if (macopts != NULL) {
Update from 1.0.0-stable
2009-07-28 05:10:00 +08:00
for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
Add warning to key/param generating apps on potential delay due to missing entropy This also introduces app_keygen() and app_paramgen() and cleans up err reporting. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12095)
2020-06-09 16:21:58 +08:00
char *macopt = sk_OPENSSL_STRING_value(macopts, i);
New -mac and -macopt options to dgst utility. Reimplement -hmac option in terms of new API.
2007-04-12 01:20:40 +08:00
if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
Add warning to key/param generating apps on potential delay due to missing entropy This also introduces app_keygen() and app_paramgen() and cleans up err reporting. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12095)
2020-06-09 16:21:58 +08:00
EVP_PKEY_CTX_free(mac_ctx);
BIO_printf(bio_err, "MAC parameter error \"%s\"\n", macopt);
goto end;
New -mac and -macopt options to dgst utility. Reimplement -hmac option in terms of new API.
2007-04-12 01:20:40 +08:00
}
}
}
Add warning to key/param generating apps on potential delay due to missing entropy This also introduces app_keygen() and app_paramgen() and cleans up err reporting. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12095)
2020-06-09 16:21:58 +08:00
sigkey = app_keygen(mac_ctx, mac_name, 0, 0 /* not verbose */);
/* Verbose output would make external-tests gost-engine fail */
free NULL cleanup EVP_.*free; this gets: EVP_CIPHER_CTX_free EVP_PKEY_CTX_free EVP_PKEY_asn1_free EVP_PKEY_asn1_set_free EVP_PKEY_free EVP_PKEY_free_it EVP_PKEY_meth_free; and also EVP_CIPHER_CTX_cleanup Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-28 22:54:15 +08:00
EVP_PKEY_CTX_free(mac_ctx);
Fix some memory leaks in the openssl app In some error cases the normal cleanup did not happen, but instead an exit(1) which caused some memory leaks, as reported in #22049. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/22055)
2023-09-11 12:38:31 +08:00
if (sigkey == NULL)
goto end;
New -mac and -macopt options to dgst utility. Reimplement -hmac option in terms of new API.
2007-04-12 01:20:40 +08:00
}
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
Clean up a bundle of codingstyle stuff in apps directory Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
2017-06-13 01:24:02 +08:00
if (hmac_key != NULL) {
APPS: dgst: Support properties when signing The -provider and -propquery options did not work on dgst when using it for signing or signature verification (including HMACs). Fix this and add tests that check that operations that would usually fail with the FIPS provider work when run with | -provider default -propquery '?fips!=yes' Additionally, modify the behavior of dgst -list to also use the current library context and property query. This reduces the output below the headline "Supported digests" to a list of the digest algorithms that will actually work with the current configuration, which is closer to what users probably expect with this headline. See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously fixed the same problem in dsaparam and gendsa. See also the initial report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18717)
2022-07-04 22:15:07 +08:00
if (md == NULL) {
HMAC doesn't work with a default digest Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15371)
2021-05-20 16:59:07 +08:00
md = (EVP_MD *)EVP_sha256();
APPS: dgst: Support properties when signing The -provider and -propquery options did not work on dgst when using it for signing or signature verification (including HMACs). Fix this and add tests that check that operations that would usually fail with the FIPS provider work when run with | -provider default -propquery '?fips!=yes' Additionally, modify the behavior of dgst -list to also use the current library context and property query. This reduces the output below the headline "Supported digests" to a list of the digest algorithms that will actually work with the current configuration, which is closer to what users probably expect with this headline. See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously fixed the same problem in dsaparam and gendsa. See also the initial report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18717)
2022-07-04 22:15:07 +08:00
digestname = SN_sha256;
}
Rename EVP_PKEY_new_private_key()/EVP_PKEY_new_public_key() Renamed to EVP_PKEY_new_raw_private_key()/EVP_new_raw_public_key() as per feedback. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15 20:19:16 +08:00
sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl,
Don't send -1 as the length of the hmac key The dgst app was using an undocumented behaviour in the EVP_PKEY_new_raw_private_key() function when setting a key length for a MAC. The old EVP_PKEY to MAC bridge, probably by accident, converts a -1 length to a strlen() call, by virtue of the fact that it eventually calls ASN1_STRING_set() which has this feature. As noted above this is undocumented, and unexpected since the len parameter to EVP_PKEY_new_raw_private_key() is an unsigned value (size_t). In the old bridge it was later (silently) cast to an int, and therefore the original -1 value was restored. This only works because sizeof(int) <= sizeof(size_t). If we ever run on a platform where sizeof(int) > sizeof(size_t) then it would have failed. The behaviour also doesn't hold for EVP_PKEY_new_raw_private_key() in general - only when the old MAC bridge was in use. Rather than restore the original behaviour I think it is best to simply fix the dgst app to not assume it exists. We should not bake in this backwards and inconsistent behaviour. Fixes #12837 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12850)
2020-09-10 21:46:41 +08:00
(unsigned char *)hmac_key,
strlen(hmac_key));
Clean up a bundle of codingstyle stuff in apps directory Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
2017-06-13 01:24:02 +08:00
if (sigkey == NULL)
New -mac and -macopt options to dgst utility. Reimplement -hmac option in terms of new API.
2007-04-12 01:20:40 +08:00
goto end;
}
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
Clean up a bundle of codingstyle stuff in apps directory Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
2017-06-13 01:24:02 +08:00
if (sigkey != NULL) {
New -sigopt option for dgst utility.
2007-04-08 20:47:18 +08:00
EVP_MD_CTX *mctx = NULL;
EVP_PKEY_CTX *pctx = NULL;
Add warning to key/param generating apps on potential delay due to missing entropy This also introduces app_keygen() and app_paramgen() and cleans up err reporting. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12095)
2020-06-09 16:21:58 +08:00
int res;
dgst commandline support for one shot signing algorithms Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26697)
2025-02-10 17:00:03 +08:00
if (oneshot_sign) {
mctx = signctx;
} else if (BIO_get_md_ctx(bmd, &mctx) <= 0) {
New -sigopt option for dgst utility.
2007-04-08 20:47:18 +08:00
BIO_printf(bio_err, "Error getting context\n");
goto end;
}
Use EVP_DigestVerify() in dgst.c if verifying.
2007-05-17 20:35:32 +08:00
if (do_verify)
APPS: dgst: Support properties when signing The -provider and -propquery options did not work on dgst when using it for signing or signature verification (including HMACs). Fix this and add tests that check that operations that would usually fail with the FIPS provider work when run with | -provider default -propquery '?fips!=yes' Additionally, modify the behavior of dgst -list to also use the current library context and property query. This reduces the output below the headline "Supported digests" to a list of the digest algorithms that will actually work with the current configuration, which is closer to what users probably expect with this headline. See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously fixed the same problem in dsaparam and gendsa. See also the initial report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18717)
2022-07-04 22:15:07 +08:00
if (impl == NULL)
res = EVP_DigestVerifyInit_ex(mctx, &pctx, digestname,
app_get0_libctx(),
app_get0_propq(), sigkey, NULL);
else
res = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
Use EVP_DigestVerify() in dgst.c if verifying.
2007-05-17 20:35:32 +08:00
else
APPS: dgst: Support properties when signing The -provider and -propquery options did not work on dgst when using it for signing or signature verification (including HMACs). Fix this and add tests that check that operations that would usually fail with the FIPS provider work when run with | -provider default -propquery '?fips!=yes' Additionally, modify the behavior of dgst -list to also use the current library context and property query. This reduces the output below the headline "Supported digests" to a list of the digest algorithms that will actually work with the current configuration, which is closer to what users probably expect with this headline. See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously fixed the same problem in dsaparam and gendsa. See also the initial report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18717)
2022-07-04 22:15:07 +08:00
if (impl == NULL)
res = EVP_DigestSignInit_ex(mctx, &pctx, digestname,
app_get0_libctx(),
app_get0_propq(), sigkey, NULL);
else
res = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
Add warning to key/param generating apps on potential delay due to missing entropy This also introduces app_keygen() and app_paramgen() and cleans up err reporting. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12095)
2020-06-09 16:21:58 +08:00
if (res == 0) {
New -sigopt option for dgst utility.
2007-04-08 20:47:18 +08:00
BIO_printf(bio_err, "Error setting context\n");
goto end;
}
Clean up a bundle of codingstyle stuff in apps directory Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
2017-06-13 01:24:02 +08:00
if (sigopts != NULL) {
Update from 1.0.0-stable
2009-07-28 05:10:00 +08:00
for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
Add warning to key/param generating apps on potential delay due to missing entropy This also introduces app_keygen() and app_paramgen() and cleans up err reporting. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12095)
2020-06-09 16:21:58 +08:00
char *sigopt = sk_OPENSSL_STRING_value(sigopts, i);
New -sigopt option for dgst utility.
2007-04-08 20:47:18 +08:00
if (pkey_ctrl_string(pctx, sigopt) <= 0) {
Add warning to key/param generating apps on potential delay due to missing entropy This also introduces app_keygen() and app_paramgen() and cleans up err reporting. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12095)
2020-06-09 16:21:58 +08:00
BIO_printf(bio_err, "Signature parameter error \"%s\"\n",
sigopt);
New -sigopt option for dgst utility.
2007-04-08 20:47:18 +08:00
goto end;
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
}
}
}
New -sigopt option for dgst utility.
2007-04-08 20:47:18 +08:00
}
/* we use md as a filter, reading from 'in' */
Use default md if none specified in dgst utility.
2007-05-17 20:55:03 +08:00
else {
Add -engine_impl option to dgst which will use an implementation of an algorithm from the supplied engine instead of just the default one.
2010-03-05 21:28:21 +08:00
EVP_MD_CTX *mctx = NULL;
dgst commandline support for one shot signing algorithms Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26697)
2025-02-10 17:00:03 +08:00
if (oneshot_sign) {
BIO_printf(bio_err, "Oneshot algorithms don't use a digest\n");
goto end;
}
Fix unsafe BIO_get_md_ctx check Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16768)
2021-10-07 11:50:59 +08:00
if (BIO_get_md_ctx(bmd, &mctx) <= 0) {
Add -engine_impl option to dgst which will use an implementation of an algorithm from the supplied engine instead of just the default one.
2010-03-05 21:28:21 +08:00
BIO_printf(bio_err, "Error getting context\n");
goto end;
}
Use default md if none specified in dgst utility.
2007-05-17 20:55:03 +08:00
if (md == NULL)
Fetch and free cipher and md's Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/14219)
2021-02-18 05:15:27 +08:00
md = (EVP_MD *)EVP_sha256();
Add -engine_impl option to dgst which will use an implementation of an algorithm from the supplied engine instead of just the default one.
2010-03-05 21:28:21 +08:00
if (!EVP_DigestInit_ex(mctx, md, impl)) {
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
BIO_printf(bio_err, "Error setting digest\n");
Use default md if none specified in dgst utility.
2007-05-17 20:55:03 +08:00
goto end;
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
}
Use default md if none specified in dgst utility.
2007-05-17 20:55:03 +08:00
}
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
Clean up a bundle of codingstyle stuff in apps directory Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
2017-06-13 01:24:02 +08:00
if (sigfile != NULL && sigkey != NULL) {
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
BIO *sigbio = BIO_new_file(sigfile, "rb");
Add warning to key/param generating apps on potential delay due to missing entropy This also introduces app_keygen() and app_paramgen() and cleans up err reporting. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12095)
2020-06-09 16:21:58 +08:00
Clean up a bundle of codingstyle stuff in apps directory Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
2017-06-13 01:24:02 +08:00
if (sigbio == NULL) {
Fix typo in i2d_ASN1_ENUMERATED Fix bug in read only memory BIOs so BIO_reset() works. Add sign and verify options to dgst utility, need to update docs.
2000-08-31 00:14:29 +08:00
BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
goto end;
}
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
siglen = EVP_PKEY_get_size(sigkey);
In apps, malloc or die No point in proceeding if you're out of memory. So change *all* OPENSSL_malloc calls in apps to use the new routine which prints a message and exits. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-01 05:48:31 +08:00
sigbuf = app_malloc(siglen, "signature buffer");
Fix typo in i2d_ASN1_ENUMERATED Fix bug in read only memory BIOs so BIO_reset() works. Add sign and verify options to dgst utility, need to update docs.
2000-08-31 00:14:29 +08:00
siglen = BIO_read(sigbio, sigbuf, siglen);
BIO_free(sigbio);
Fix a typo in apps/pkcs12.c which was using the wrong part of ASN1_TYPE (though they are both ASN1_STRING so it didn't cause any problems). Make 'siglen' an int in apps/dgst.c so we can check the return value of BIO_read() etc.
2000-09-20 01:51:11 +08:00
if (siglen <= 0) {
Fix typo in i2d_ASN1_ENUMERATED Fix bug in read only memory BIOs so BIO_reset() works. Add sign and verify options to dgst utility, need to update docs.
2000-08-31 00:14:29 +08:00
BIO_printf(bio_err, "Error reading signature file %s\n", sigfile);
goto end;
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
}
Fix typo in i2d_ASN1_ENUMERATED Fix bug in read only memory BIOs so BIO_reset() works. Add sign and verify options to dgst utility, need to update docs.
2000-08-31 00:14:29 +08:00
}
dgst commandline support for one shot signing algorithms Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26697)
2025-02-10 17:00:03 +08:00
if (!oneshot_sign) {
inp = BIO_push(bmd, in);
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
dgst commandline support for one shot signing algorithms Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26697)
2025-02-10 17:00:03 +08:00
if (md == NULL) {
EVP_MD_CTX *tctx;
Fetch and free cipher and md's Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/14219)
2021-02-18 05:15:27 +08:00
dgst commandline support for one shot signing algorithms Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26697)
2025-02-10 17:00:03 +08:00
BIO_get_md_ctx(bmd, &tctx);
md = EVP_MD_CTX_get1_md(tctx);
}
if (md != NULL)
md_name = EVP_MD_get0_name(md);
Use default md if none specified in dgst utility.
2007-05-17 20:55:03 +08:00
}
openssl dgst: add option to specify output length for XOF This adds the -xoflen option to control the output length of the XOF algorithms, such as SHAKE128 and SHAKE256. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13245)
2020-10-26 20:23:14 +08:00
if (xoflen > 0) {
Update code to use EVP_MD_xof() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25285)
2024-08-26 09:14:55 +08:00
if (!EVP_MD_xof(md)) {
openssl dgst: add option to specify output length for XOF This adds the -xoflen option to control the output length of the XOF algorithms, such as SHAKE128 and SHAKE256. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13245)
2020-10-26 20:23:14 +08:00
BIO_printf(bio_err, "Length can only be specified for XOF\n");
goto end;
}
SHAKE documentation updates for default output length. Fixes #18586 In order to not break existing applications the OpenSSL documentation related to SHAKE has been updated. Background: All digests algorithms (including XOF's) use the bitlen as the default output length. This results in a security strength of bitlen / 2. This means that SHAKE128 will by default have an output length of 16 bytes and a security strength of 64 bits. For SHAKE256 the default output length is 32 bytes and has a security strength of 128 bits. This behaviour was present in 1.1.1 and has been duplicated in the provider SHAKE algorithms for 3.0. The SHAKE XOF algorithms have a security strength of min(bitlen, output xof length in bits / 2). Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18622)
2022-06-22 13:21:13 +08:00
/*
* Signing using XOF is not supported by any algorithms currently since
* each algorithm only calls EVP_DigestFinal_ex() in their sign_final
* and verify_final methods.
*/
openssl dgst: add option to specify output length for XOF This adds the -xoflen option to control the output length of the XOF algorithms, such as SHAKE128 and SHAKE256. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13245)
2020-10-26 20:23:14 +08:00
if (sigkey != NULL) {
BIO_printf(bio_err, "Signing key cannot be specified for XOF\n");
goto end;
}
}
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 18:52:47 +08:00
if (argc == 0) {
BIO_set_fp(in, stdin, BIO_NOCLOSE);
dgst commandline support for one shot signing algorithms Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26697)
2025-02-10 17:00:03 +08:00
if (oneshot_sign)
ret = do_fp_oneshot_sign(out, signctx, in, separator, out_bin,
sigkey, sigbuf, siglen, NULL, "stdin");
else
ret = do_fp(out, buf, inp, separator, out_bin, xoflen,
sigkey, sigbuf, siglen, NULL, md_name, "stdin");
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 18:52:47 +08:00
} else {
openssl dgst: show MD name at all times When 'openssl dgst' is called with a MD alias (such as sha256) and no further arguments (i.e. input is taken from stdin), the MD name wasn't shown. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8609)
2019-03-29 14:11:57 +08:00
const char *sig_name = NULL;
Add warning to key/param generating apps on potential delay due to missing entropy This also introduces app_keygen() and app_paramgen() and cleans up err reporting. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12095)
2020-06-09 16:21:58 +08:00
if (out_bin == 0) {
Correctly display the signing/hmac algorithm in the dgst app In OpenSSL 1.1.1 doing an HMAC operation with (say) SHA1 would produce output like this: HMAC-SHA1(README.md)= 553154e4c0109ddc320bb495735906ad7135c2f1 Prior to this change master would instead display this like so: SHA1(README.md)= 553154e4c0109ddc320bb495735906ad7135c2f1 The problem is that dgst was using EVP_PKEY_asn1_get0_info() to get the algorithm name from the EVP_PKEY. This doesn't work with provider based keys. Instead we introduce a new EVP_PKEY_get0_first_alg_name() function, and an equivalent EVP_KEYMGMT_get0_first_name() function. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12850)
2020-09-13 18:09:20 +08:00
if (sigkey != NULL)
Rename EVP_PKEY_get0_first_alg_name to EVP_PKEY_get0_type_name We use type elsewhere and documenting the 'first' in the name of the call is a little bit superfluous making the name too mouthful. Also rename EVP_PKEY_typenames_do_all to EVP_PKEY_type_names_do_all to keep the words separated by underscore. Fixes #14701 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14868)
2021-04-14 18:42:30 +08:00
sig_name = EVP_PKEY_get0_type_name(sigkey);
Prepend signature name in dgst output.
2007-05-18 00:19:17 +08:00
}
Add warning to key/param generating apps on potential delay due to missing entropy This also introduces app_keygen() and app_paramgen() and cleans up err reporting. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12095)
2020-06-09 16:21:58 +08:00
ret = EXIT_SUCCESS;
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 18:52:47 +08:00
for (i = 0; i < argc; i++) {
if (BIO_read_filename(in, argv[i]) <= 0) {
perror(argv[i]);
Add warning to key/param generating apps on potential delay due to missing entropy This also introduces app_keygen() and app_paramgen() and cleans up err reporting. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12095)
2020-06-09 16:21:58 +08:00
ret = EXIT_FAILURE;
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 18:52:47 +08:00
continue;
Clean up a bundle of codingstyle stuff in apps directory Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
2017-06-13 01:24:02 +08:00
} else {
dgst commandline support for one shot signing algorithms Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26697)
2025-02-10 17:00:03 +08:00
if (oneshot_sign) {
if (do_fp_oneshot_sign(out, signctx, in, separator, out_bin,
sigkey, sigbuf, siglen, sig_name,
argv[i]))
ret = EXIT_FAILURE;
} else {
if (do_fp(out, buf, inp, separator, out_bin, xoflen,
sigkey, sigbuf, siglen, sig_name, md_name, argv[i]))
ret = EXIT_FAILURE;
}
Clean up a bundle of codingstyle stuff in apps directory Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
2017-06-13 01:24:02 +08:00
}
Avoid warnings.
1999-06-11 00:29:32 +08:00
(void)BIO_reset(bmd);
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
}
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 18:52:47 +08:00
}
end:
Add warning to key/param generating apps on potential delay due to missing entropy This also introduces app_keygen() and app_paramgen() and cleans up err reporting. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12095)
2020-06-09 16:21:58 +08:00
if (ret != EXIT_SUCCESS)
ERR_print_errors(bio_err);
free cleanup almost the finale Add OPENSSL_clear_free which merges cleanse and free. (Names was picked to be similar to BN_clear_free, etc.) Removed OPENSSL_freeFunc macro. Fixed the small simple ones that are left: CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-01 05:57:32 +08:00
OPENSSL_clear_free(buf, BUFSIZE);
free NULL cleanup This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free BIO_free BIO_free_all BIO_vfree Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-25 23:31:18 +08:00
BIO_free(in);
free NULL cleanup -- coda After the finale, the "real" final part. :) Do a recursive grep with "-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are an "if NULL" check that can be removed. Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-02 02:37:16 +08:00
OPENSSL_free(passin);
On VMS, stdout may very well lead to a file that is written to in a record-oriented fashion. That means that every write() will write a separate record, which will be read separately by the programs trying to read from it. This can be very confusing. The solution is to put a BIO filter in the way that will buffer text until a linefeed is reached, and then write everything a line at a time, so every record written will be an actual line, not chunks of lines and not (usually doesn't happen, but I've seen it once) several lines in one record. Voila, BIO_f_linebuffer() is born. Since we're so close to release time, I'm making this VMS-only for now, just to make sure no code is needlessly broken by this. After the release, this BIO method will be enabled on all other platforms as well.
2000-09-20 21:55:50 +08:00
BIO_free_all(out);
Fetch and free cipher and md's Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/14219)
2021-02-18 05:15:27 +08:00
EVP_MD_free(md);
Fix typo in i2d_ASN1_ENUMERATED Fix bug in read only memory BIOs so BIO_reset() works. Add sign and verify options to dgst utility, need to update docs.
2000-08-31 00:14:29 +08:00
EVP_PKEY_free(sigkey);
dgst commandline support for one shot signing algorithms Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26697)
2025-02-10 17:00:03 +08:00
EVP_MD_CTX_free(signctx);
free NULL cleanup -- coda After the finale, the "real" final part. :) Do a recursive grep with "-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are an "if NULL" check that can be removed. Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-02 02:37:16 +08:00
sk_OPENSSL_STRING_free(sigopts);
sk_OPENSSL_STRING_free(macopts);
free null cleanup finale Don't check for NULL before calling OPENSSL_free Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-01 22:02:07 +08:00
OPENSSL_free(sigbuf);
free NULL cleanup This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free BIO_free BIO_free_all BIO_vfree Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-25 23:31:18 +08:00
BIO_free(bmd);
If an engine comes up explicitely, it must also come down explicitely In apps/apps.c, one can set up an engine with setup_engine(). However, we freed the structural reference immediately, which means that for engines that don't already have a structural reference somewhere else (because it's a built in engine), we end up returning an invalid reference. Instead, the function release_engine() is added, and called at the end of the routines that call setup_engine(). Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1643)
2016-09-29 05:39:18 +08:00
release_engine(e);
Remove parentheses of return. Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4541)
2017-10-17 22:04:09 +08:00
return ret;
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 18:52:47 +08:00
}
Update dgst.c to show a list of message digests Fixes #9893 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9912)
2019-09-16 20:09:01 +08:00
static void show_digests(const OBJ_NAME *name, void *arg)
{
struct doall_dgst_digests *dec = (struct doall_dgst_digests *)arg;
Free fetched digest in show_digests Fixes #24892 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25046)
2024-07-31 04:29:34 +08:00
EVP_MD *md = NULL;
Update dgst.c to show a list of message digests Fixes #9893 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9912)
2019-09-16 20:09:01 +08:00
/* Filter out signed digests (a.k.a signature algorithms) */
if (strstr(name->name, "rsa") != NULL || strstr(name->name, "RSA") != NULL)
return;
if (!islower((unsigned char)*name->name))
return;
/* Filter out message digests that we cannot use */
APPS: dgst: Support properties when signing The -provider and -propquery options did not work on dgst when using it for signing or signature verification (including HMACs). Fix this and add tests that check that operations that would usually fail with the FIPS provider work when run with | -provider default -propquery '?fips!=yes' Additionally, modify the behavior of dgst -list to also use the current library context and property query. This reduces the output below the headline "Supported digests" to a list of the digest algorithms that will actually work with the current configuration, which is closer to what users probably expect with this headline. See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously fixed the same problem in dsaparam and gendsa. See also the initial report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18717)
2022-07-04 22:15:07 +08:00
md = EVP_MD_fetch(app_get0_libctx(), name->name, app_get0_propq());
List also non-fetchable hashes in openssl dgst -list CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20651)
2023-03-30 19:30:59 +08:00
if (md == NULL) {
Free fetched digest in show_digests Fixes #24892 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25046)
2024-07-31 04:29:34 +08:00
if (EVP_get_digestbyname(name->name) == NULL)
List also non-fetchable hashes in openssl dgst -list CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20651)
2023-03-30 19:30:59 +08:00
return;
}
Update dgst.c to show a list of message digests Fixes #9893 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9912)
2019-09-16 20:09:01 +08:00
BIO_printf(dec->bio, "-%-25s", name->name);
if (++dec->n == 3) {
BIO_printf(dec->bio, "\n");
dec->n = 0;
} else {
BIO_printf(dec->bio, " ");
}
Free fetched digest in show_digests Fixes #24892 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25046)
2024-07-31 04:29:34 +08:00
EVP_MD_free(md);
Update dgst.c to show a list of message digests Fixes #9893 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9912)
2019-09-16 20:09:01 +08:00
}
issue-8493: Fix for filenames with newlines using openssl dgst The output format now matches coreutils *dgst tools. [ edited to remove trailing white space ] Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8578)
2019-03-30 09:22:51 +08:00
/*
* The newline_escape_filename function performs newline escaping for any
* filename that contains a newline. This function also takes a pointer
* to backslash. The backslash pointer is a flag to indicating whether a newline
* is present in the filename. If a newline is present, the backslash flag is
* set and the output format will contain a backslash at the beginning of the
* digest output. This output format is to replicate the output format found
* in the '*sum' checksum programs. This aims to preserve backward
* compatibility.
*/
"foo * bar" should be "foo *bar" Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21468)
2023-07-17 02:03:40 +08:00
static const char *newline_escape_filename(const char *file, int *backslash)
issue-8493: Fix for filenames with newlines using openssl dgst The output format now matches coreutils *dgst tools. [ edited to remove trailing white space ] Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8578)
2019-03-30 09:22:51 +08:00
{
size_t i, e = 0, length = strlen(file), newline_count = 0, mem_len = 0;
char *file_cpy = NULL;
for (i = 0; i < length; i++)
if (file[i] == '\n')
newline_count++;
mem_len = length + newline_count + 1;
file_cpy = app_malloc(mem_len, file);
i = 0;
fix some code with obvious wrong coding style Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16918)
2021-10-26 15:16:18 +08:00
while (e < length) {
issue-8493: Fix for filenames with newlines using openssl dgst The output format now matches coreutils *dgst tools. [ edited to remove trailing white space ] Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8578)
2019-03-30 09:22:51 +08:00
const char c = file[e];
if (c == '\n') {
file_cpy[i++] = '\\';
file_cpy[i++] = 'n';
*backslash = 1;
} else {
file_cpy[i++] = c;
}
e++;
}
file_cpy[i] = '\0';
return (const char*)file_cpy;
}
dgst commandline support for one shot signing algorithms Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26697)
2025-02-10 17:00:03 +08:00
static void print_out(BIO *out, unsigned char *buf, size_t len,
int sep, int binout,
const char *sig_name, const char *md_name, const char *file)
{
int i, backslash = 0;
if (binout) {
BIO_write(out, buf, len);
} else if (sep == 2) {
file = newline_escape_filename(file, &backslash);
if (backslash == 1)
BIO_puts(out, "\\");
for (i = 0; i < (int)len; i++)
BIO_printf(out, "%02x", buf[i]);
BIO_printf(out, " *%s\n", file);
OPENSSL_free((char *)file);
} else {
if (sig_name != NULL) {
BIO_puts(out, sig_name);
if (md_name != NULL)
BIO_printf(out, "-%s", md_name);
BIO_printf(out, "(%s)= ", file);
} else if (md_name != NULL) {
BIO_printf(out, "%s(%s)= ", md_name, file);
} else {
BIO_printf(out, "(%s)= ", file);
}
for (i = 0; i < (int)len; i++) {
if (sep && (i != 0))
BIO_printf(out, ":");
BIO_printf(out, "%02x", buf[i]);
}
BIO_printf(out, "\n");
}
}
static void print_verify_result(BIO *out, int i)
{
if (i > 0)
BIO_printf(out, "Verified OK\n");
else if (i == 0)
BIO_printf(out, "Verification failure\n");
else
BIO_printf(bio_err, "Error verifying data\n");
}
issue-8493: Fix for filenames with newlines using openssl dgst The output format now matches coreutils *dgst tools. [ edited to remove trailing white space ] Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8578)
2019-03-30 09:22:51 +08:00
openssl dgst: add option to specify output length for XOF This adds the -xoflen option to control the output length of the XOF algorithms, such as SHAKE128 and SHAKE256. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13245)
2020-10-26 20:23:14 +08:00
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int xoflen,
Prepend signature name in dgst output.
2007-05-18 00:19:17 +08:00
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
Remove unused parameters from internal functions Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-14 11:33:56 +08:00
const char *file)
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 18:52:47 +08:00
{
apps/dgst.c: allocate a new signature buffer ... if the fixed-size buffer is too small. Fixes #9732 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/10276)
2019-10-28 10:12:06 +08:00
size_t len = BUFSIZE;
dgst commandline support for one shot signing algorithms Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26697)
2025-02-10 17:00:03 +08:00
int i, ret = EXIT_FAILURE;
openssl dgst: add option to specify output length for XOF This adds the -xoflen option to control the output length of the XOF algorithms, such as SHAKE128 and SHAKE256. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13245)
2020-10-26 20:23:14 +08:00
unsigned char *allocated_buf = NULL;
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
openssl dgst, openssl enc: check for end of input The input reading loop in 'openssl dgst' and 'openssl enc' doesn't check for end of input, and because of the way BIO works, it thereby won't detect that the end is reached before the read is an error. With the FILE BIO, an error occurs when trying to read past EOF, which is fairly much ok, except when the command is used interactively, at least on Unix. The result in that case is that the user has to press Ctrl-D twice for the command to terminate. The issue is further complicated because both these commands use filter BIOs on top of the FILE BIO, so a naïve attempt to check BIO_eof() doesn't quite solve it, since that only checks the state of the source/sink BIO, and the filter BIO may have some buffered data that still needs to be read. Fortunately, there's BIO_pending() that checks exactly that, if any filter BIO has pending data that needs to be processed. We end up having to check both BIO_pending() and BIO_eof(). Thanks to Zsigmond Lőrinczy for the initial effort and inspiration. Fixes #9355 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9668)
2019-08-22 19:34:16 +08:00
while (BIO_pending(bp) || !BIO_eof(bp)) {
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 18:52:47 +08:00
i = BIO_read(bp, (char *)buf, BUFSIZE);
Handle read errors.
2002-06-11 20:41:37 +08:00
if (i < 0) {
Add warning to key/param generating apps on potential delay due to missing entropy This also introduces app_keygen() and app_paramgen() and cleans up err reporting. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12095)
2020-06-09 16:21:58 +08:00
BIO_printf(bio_err, "Read error in %s\n", file);
apps/dgst.c: allocate a new signature buffer ... if the fixed-size buffer is too small. Fixes #9732 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/10276)
2019-10-28 10:12:06 +08:00
goto end;
Handle read errors.
2002-06-11 20:41:37 +08:00
}
if (i == 0)
break;
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 18:52:47 +08:00
}
Clean up a bundle of codingstyle stuff in apps directory Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
2017-06-13 01:24:02 +08:00
if (sigin != NULL) {
Fix typo in i2d_ASN1_ENUMERATED Fix bug in read only memory BIOs so BIO_reset() works. Add sign and verify options to dgst utility, need to update docs.
2000-08-31 00:14:29 +08:00
EVP_MD_CTX *ctx;
BIO_get_md_ctx(bp, &ctx);
New -sigopt option for dgst utility.
2007-04-08 20:47:18 +08:00
i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen);
dgst commandline support for one shot signing algorithms Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26697)
2025-02-10 17:00:03 +08:00
print_verify_result(out, i);
if (i > 0)
ret = EXIT_SUCCESS;
apps/dgst.c: allocate a new signature buffer ... if the fixed-size buffer is too small. Fixes #9732 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/10276)
2019-10-28 10:12:06 +08:00
goto end;
Fix typo in i2d_ASN1_ENUMERATED Fix bug in read only memory BIOs so BIO_reset() works. Add sign and verify options to dgst utility, need to update docs.
2000-08-31 00:14:29 +08:00
}
Clean up a bundle of codingstyle stuff in apps directory Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
2017-06-13 01:24:02 +08:00
if (key != NULL) {
Fix typo in i2d_ASN1_ENUMERATED Fix bug in read only memory BIOs so BIO_reset() works. Add sign and verify options to dgst utility, need to update docs.
2000-08-31 00:14:29 +08:00
EVP_MD_CTX *ctx;
APPS & TEST: Eliminate as much use of EVP_PKEY_size() as possible Some uses were going against documented recommendations. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10798)
2020-01-10 04:37:32 +08:00
size_t tmplen;
Fix typo in i2d_ASN1_ENUMERATED Fix bug in read only memory BIOs so BIO_reset() works. Add sign and verify options to dgst utility, need to update docs.
2000-08-31 00:14:29 +08:00
BIO_get_md_ctx(bp, &ctx);
APPS & TEST: Eliminate as much use of EVP_PKEY_size() as possible Some uses were going against documented recommendations. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10798)
2020-01-10 04:37:32 +08:00
if (!EVP_DigestSignFinal(ctx, NULL, &tmplen)) {
Add warning to key/param generating apps on potential delay due to missing entropy This also introduces app_keygen() and app_paramgen() and cleans up err reporting. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12095)
2020-06-09 16:21:58 +08:00
BIO_printf(bio_err, "Error getting maximum length of signed data\n");
APPS & TEST: Eliminate as much use of EVP_PKEY_size() as possible Some uses were going against documented recommendations. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10798)
2020-01-10 04:37:32 +08:00
goto end;
}
if (tmplen > BUFSIZE) {
len = tmplen;
openssl dgst: add option to specify output length for XOF This adds the -xoflen option to control the output length of the XOF algorithms, such as SHAKE128 and SHAKE256. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13245)
2020-10-26 20:23:14 +08:00
allocated_buf = app_malloc(len, "Signature buffer");
buf = allocated_buf;
apps/dgst.c: allocate a new signature buffer ... if the fixed-size buffer is too small. Fixes #9732 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/10276)
2019-10-28 10:12:06 +08:00
}
Bug in apps/dgst.c.
2007-04-30 23:20:10 +08:00
if (!EVP_DigestSignFinal(ctx, buf, &len)) {
Add warning to key/param generating apps on potential delay due to missing entropy This also introduces app_keygen() and app_paramgen() and cleans up err reporting. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12095)
2020-06-09 16:21:58 +08:00
BIO_printf(bio_err, "Error signing data\n");
apps/dgst.c: allocate a new signature buffer ... if the fixed-size buffer is too small. Fixes #9732 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/10276)
2019-10-28 10:12:06 +08:00
goto end;
Fix typo in i2d_ASN1_ENUMERATED Fix bug in read only memory BIOs so BIO_reset() works. Add sign and verify options to dgst utility, need to update docs.
2000-08-31 00:14:29 +08:00
}
openssl dgst: add option to specify output length for XOF This adds the -xoflen option to control the output length of the XOF algorithms, such as SHAKE128 and SHAKE256. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13245)
2020-10-26 20:23:14 +08:00
} else if (xoflen > 0) {
EVP_MD_CTX *ctx;
len = xoflen;
if (len > BUFSIZE) {
allocated_buf = app_malloc(len, "Digest buffer");
buf = allocated_buf;
}
BIO_get_md_ctx(bp, &ctx);
if (!EVP_DigestFinalXOF(ctx, buf, len)) {
BIO_printf(bio_err, "Error Digesting Data\n");
goto end;
}
Fix typo in i2d_ASN1_ENUMERATED Fix bug in read only memory BIOs so BIO_reset() works. Add sign and verify options to dgst utility, need to update docs.
2000-08-31 00:14:29 +08:00
} else {
len = BIO_gets(bp, (char *)buf, BUFSIZE);
Add warning to key/param generating apps on potential delay due to missing entropy This also introduces app_keygen() and app_paramgen() and cleans up err reporting. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12095)
2020-06-09 16:21:58 +08:00
if ((int)len < 0)
apps/dgst.c: allocate a new signature buffer ... if the fixed-size buffer is too small. Fixes #9732 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/10276)
2019-10-28 10:12:06 +08:00
goto end;
Submitted by: Victor B. Wagner <vitus@cryptocom.ru> Reviewed by: steve@openssl.org Check return codes properly in md BIO and dgst command.
2009-03-19 02:53:08 +08:00
}
dgst commandline support for one shot signing algorithms Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26697)
2025-02-10 17:00:03 +08:00
print_out(out, buf, len, sep, binout, sig_name, md_name, file);
ret = EXIT_SUCCESS;
end:
if (allocated_buf != NULL)
OPENSSL_clear_free(allocated_buf, len);
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
dgst commandline support for one shot signing algorithms Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26697)
2025-02-10 17:00:03 +08:00
return ret;
}
issue-8493: Fix for filenames with newlines using openssl dgst The output format now matches coreutils *dgst tools. [ edited to remove trailing white space ] Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8578)
2019-03-30 09:22:51 +08:00
dgst commandline support for one shot signing algorithms Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26697)
2025-02-10 17:00:03 +08:00
/*
* Some new algorithms only support one shot operations.
* For these we need to buffer all input and then do the sign on the
* total buffered input. These algorithms set a NULL digest name which is
* then used inside EVP_DigestVerify() and EVP_DigestSign().
*/
static int do_fp_oneshot_sign(BIO *out, EVP_MD_CTX *ctx, BIO *in, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *file)
{
int res, ret = EXIT_FAILURE;
size_t len = 0;
int buflen = 0;
int maxlen = 16 * 1024 * 1024;
uint8_t *buf = NULL, *sig = NULL;
buflen = bio_to_mem(&buf, maxlen, in);
if (buflen <= 0) {
BIO_printf(bio_err, "Read error in %s\n", file);
Address non-FP coverity nits Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26765)
2025-02-15 12:57:48 +08:00
return ret;
dgst commandline support for one shot signing algorithms Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26697)
2025-02-10 17:00:03 +08:00
}
if (sigin != NULL) {
res = EVP_DigestVerify(ctx, sigin, siglen, buf, buflen);
print_verify_result(out, res);
if (res > 0)
ret = EXIT_SUCCESS;
goto end;
}
if (key != NULL) {
if (EVP_DigestSign(ctx, NULL, &len, buf, buflen) != 1) {
BIO_printf(bio_err, "Error getting maximum length of signed data\n");
goto end;
Clean up a bundle of codingstyle stuff in apps directory Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
2017-06-13 01:24:02 +08:00
}
dgst commandline support for one shot signing algorithms Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26697)
2025-02-10 17:00:03 +08:00
sig = app_malloc(len, "Signature buffer");
if (EVP_DigestSign(ctx, sig, &len, buf, buflen) != 1) {
BIO_printf(bio_err, "Error signing data\n");
goto end;
Fix typo in i2d_ASN1_ENUMERATED Fix bug in read only memory BIOs so BIO_reset() works. Add sign and verify options to dgst utility, need to update docs.
2000-08-31 00:14:29 +08:00
}
dgst commandline support for one shot signing algorithms Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26697)
2025-02-10 17:00:03 +08:00
print_out(out, sig, len, sep, binout, sig_name, NULL, file);
ret = EXIT_SUCCESS;
} else {
BIO_printf(bio_err, "key must be set for one-shot algorithms\n");
goto end;
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 18:52:47 +08:00
}
apps/dgst.c: allocate a new signature buffer ... if the fixed-size buffer is too small. Fixes #9732 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/10276)
2019-10-28 10:12:06 +08:00
end:
dgst commandline support for one shot signing algorithms Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26697)
2025-02-10 17:00:03 +08:00
OPENSSL_free(sig);
OPENSSL_clear_free(buf, buflen);
apps/dgst.c: allocate a new signature buffer ... if the fixed-size buffer is too small. Fixes #9732 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/10276)
2019-10-28 10:12:06 +08:00
return ret;
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 18:52:47 +08:00
}