OpenSSL: openssl/ CHANGES openssl/apps/ dgst.c

  OpenSSL CVS Repository
  http://cvs.openssl.org/
 
____________________________________________________________
________________

  Server: cvs.openssl.org                  Name:   Dr.
Stephen Henson
  Root:   /v/openssl/cvs                   Email:  steveopenssl.org
  Module: openssl                          Date:  
08-Apr-2007 14:47:19
  Branch: HEAD                             Handle:
2007040813471701

  Modified files:
    openssl                 CHANGES
    openssl/apps            dgst.c

  Log:
    New -sigopt option for dgst utility.

  Summary:
    Revision    Changes     Path
    1.1376      +6  -0      openssl/CHANGES
    1.41        +56 -13     openssl/apps/dgst.c
 
____________________________________________________________
________________

  patch -p0 <<' .'
  Index: openssl/CHANGES
 
============================================================
================
  $ cvs diff -u -r1.1375 -r1.1376 CHANGES
  --- openssl/CHANGES	28 Mar 2007 18:41:21 -0000	1.1375
  +++ openssl/CHANGES	8 Apr 2007 12:47:17 -0000	1.1376
   -4,6 +4,12 
   
    Changes between 0.9.8f and 0.9.9  [xx XXX xxxx]
   
  +  *) New option -sigopt to dgst utility. Update dgst to
use
  +     EVP_Digest{Sign,Verify}*. These two changes make it
possible to use
  +     alternative signing paramaters such as X9.31 or PSS
in the dgst 
  +     utility.
  +     [Steve Henson]
  +
     *) Change ssl_cipher_apply_rule(), the internal
function that does
        the work each time a ciphersuite string requests
enabling
        ("foo+bar"), moving
("+foo+bar"), disabling ("-foo+bar", or
   .
  patch -p0 <<' .'
  Index: openssl/apps/dgst.c
 
============================================================
================
  $ cvs diff -u -r1.40 -r1.41 dgst.c
  --- openssl/apps/dgst.c	18 Feb 2007 18:21:57 -0000	1.40
  +++ openssl/apps/dgst.c	8 Apr 2007 12:47:18 -0000	1.41
   -106,6 +106,7 
   	char *engine=NULL;
   #endif
   	char *hmac_key=NULL;
  +	STACK *sigopts = NULL;
   
   	apps_startup();
   
   -197,6 +198,15 
   				break;
   			hmac_key=*++argv;
   			}
  +		else if (strcmp(*argv,"-sigopt") == 0)
  +			{
  +			if (--argc < 1)
  +				break;
  +			if (!sigopts)
  +				sigopts = sk_new_null();
  +			if (!sigopts || !sk_push(sigopts, *(++argv)))
  +				break;
  +			}
   		else if ((m=EVP_get_digestbyname(&((*argv)[1]))) !=
NULL)
   			md=m;
   		else
   -227,6 +237,7 
   		BIO_printf(bio_err,"-prverify file  verify a
signature using private key in filen");
   		BIO_printf(bio_err,"-keyform arg    key file
format (PEM or ENGINE)n");
   		BIO_printf(bio_err,"-signature file signature to
verifyn");
  +		BIO_printf(bio_err,"-sigopt nm:v    signature
parametern");
   		BIO_printf(bio_err,"-binary         output in
binary formn");
   #ifndef OPENSSL_NO_ENGINE
   		BIO_printf(bio_err,"-engine e       use engine e,
possibly a hardware device.n");
   -332,6 +343,47 
   			}
   		}
   
  +	if (sigkey)
  +		{
  +		EVP_MD_CTX *mctx = NULL;
  +		EVP_PKEY_CTX *pctx = NULL;
  +		if (!BIO_get_md_ctx(bmd, &mctx))
  +			{
  +			BIO_printf(bio_err, "Error getting
contextn");
  +			ERR_print_errors(bio_err);
  +			goto end;
  +			}
  +		if (!EVP_DigestSignInit(mctx, &pctx, md, e,
sigkey))
  +			{
  +			BIO_printf(bio_err, "Error setting
contextn");
  +			ERR_print_errors(bio_err);
  +			goto end;
  +			}
  +		if (sigopts)
  +			{
  +			char *sigopt;
  +			for (i = 0; i < sk_num(sigopts); i++)
  +				{
  +				sigopt = sk_value(sigopts, i);
  +				if (pkey_ctrl_string(pctx, sigopt) <= 0)
  +					{
  +					BIO_printf(bio_err,
  +						"parameter error "%s"n",
  +						sigopt);
  +					ERR_print_errors(bio_err);
  +					goto end;
  +					}
  +				}
  +			}
  +		}
  +	/* we use md as a filter, reading from 'in' */
  +	else if (!BIO_set_md(bmd,md))
  +		{
  +		BIO_printf(bio_err, "Error setting digest
%sn", pname);
  +		ERR_print_errors(bio_err);
  +		goto end;
  +		}
  +
   	if(sigfile && sigkey) {
   		BIO *sigbio;
   		sigbio = BIO_new_file(sigfile, "rb");
   -352,17 +404,6 
   			goto end;
   		}
   	}
  -		
  -
  -
  -	/* we use md as a filter, reading from 'in' */
  -	if (!BIO_set_md(bmd,md))
  -		{
  -		BIO_printf(bio_err, "Error setting digest
%sn", pname);
  -		ERR_print_errors(bio_err);
  -		goto end;
  -		}
  -		
   	inp=BIO_push(bmd,in);
   
   	if (argc == 0)
   -414,6 +455,8 
   		OPENSSL_free(passin);
   	BIO_free_all(out);
   	EVP_PKEY_free(sigkey);
  +	if (sigopts)
  +		sk_free(sigopts);
   	if(sigbuf) OPENSSL_free(sigbuf);
   	if (bmd != NULL) BIO_free(bmd);
   	apps_shutdown();
   -454,7 +497,7 
   		{
   		EVP_MD_CTX *ctx;
   		BIO_get_md_ctx(bp, &ctx);
  -		i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen,
key); 
  +		i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned
int)siglen); 
   		if(i > 0)
   			BIO_printf(out, "Verified OKn");
   		else if(i == 0)
   -474,7 +517,7 
   		{
   		EVP_MD_CTX *ctx;
   		BIO_get_md_ctx(bp, &ctx);
  -		if(!EVP_SignFinal(ctx, buf, (unsigned int *)&len,
key)) 
  +		if(!EVP_DigestSignFinal(ctx, buf, (unsigned int
*)&len)) 
   			{
   			BIO_printf(bio_err, "Error Signing
Datan");
   			ERR_print_errors(bio_err);
   .
____________________________________________________________
__________
OpenSSL Project                                 http://www.openssl.org
CVS Repository Commit List                    
openssl-cvsopenssl.org
Automated List Manager                          
majordomoopenssl.org