New -mac and -macopt options to dgst utility. Reimplement -hmac option in terms of new API.

commit: 2022cfe07e331dc4b69829ca4dd45c295190d471 [log] [tgz]
author: Dr. Stephen Henson <steve@openssl.org> Wed Apr 11 17:20:40 2007 +0000
committer: Dr. Stephen Henson <steve@openssl.org> Wed Apr 11 17:20:40 2007 +0000
tree: 502b38f6f67849331f027bd1a98ebb412b857eec
parent: 47b71e6ee9c421162b1cf610bd1ca22843691764 [diff]
diff --git a/apps/apps.h b/apps/apps.h
index 3b5feba..c7e490a 100644
--- a/apps/apps.h
+++ b/apps/apps.h

@@ -294,6 +294,8 @@
 void policies_print(BIO *out, X509_STORE_CTX *ctx);
 int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
 int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value);
+int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
+			const char *algname, ENGINE *e, int do_param);
 
 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1

diff --git a/apps/dgst.c b/apps/dgst.c
index 70db078..a20a5cb 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c

@@ -76,7 +76,7 @@
 
 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
-	  const char *file,BIO *bmd,const char *hmac_key);
+	  const char *file,BIO *bmd);
 
 int MAIN(int, char **);
 
@@ -106,7 +106,8 @@
 	char *engine=NULL;
 #endif
 	char *hmac_key=NULL;
-	STACK *sigopts = NULL;
+	char *mac_name=NULL;
+	STACK *sigopts = NULL, *macopts = NULL;
 
 	apps_startup();
 
@@ -198,6 +199,12 @@
 				break;
 			hmac_key=*++argv;
 			}
+		else if (!strcmp(*argv,"-mac"))
+			{
+			if (--argc < 1)
+				break;
+			mac_name=*++argv;
+			}
 		else if (strcmp(*argv,"-sigopt") == 0)
 			{
 			if (--argc < 1)
@@ -207,6 +214,15 @@
 			if (!sigopts || !sk_push(sigopts, *(++argv)))
 				break;
 			}
+		else if (strcmp(*argv,"-macopt") == 0)
+			{
+			if (--argc < 1)
+				break;
+			if (!macopts)
+				macopts = sk_new_null();
+			if (!macopts || !sk_push(macopts, *(++argv)))
+				break;
+			}
 		else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
 			md=m;
 		else
@@ -326,6 +342,11 @@
 		ERR_print_errors(bio_err);
 		goto end;
 	}
+	if ((!!mac_name + !!keyfile + !!hmac_key) > 1)
+		{
+		BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
+		goto end;
+		}
 
 	if(keyfile)
 		{
@@ -343,6 +364,50 @@
 			}
 		}
 
+	if (mac_name)
+		{
+		EVP_PKEY_CTX *mac_ctx = NULL;
+		int r = 0;
+		if (!init_gen_str(bio_err, &mac_ctx, mac_name,e, 0))
+			goto mac_end;
+		if (macopts)
+			{
+			char *macopt;
+			for (i = 0; i < sk_num(macopts); i++)
+				{
+				macopt = sk_value(macopts, i);
+				if (pkey_ctrl_string(mac_ctx, macopt) <= 0)
+					{
+					BIO_printf(bio_err,
+						"MAC parameter error \"%s\"\n",
+						macopt);
+					ERR_print_errors(bio_err);
+					goto mac_end;
+					}
+				}
+			}
+		if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0)
+			{
+			BIO_puts(bio_err, "Error generating key\n");
+			ERR_print_errors(bio_err);
+			goto mac_end;
+			}
+		r = 1;
+		mac_end:
+		if (mac_ctx)
+			EVP_PKEY_CTX_free(mac_ctx);
+		if (r == 0)
+			goto end;
+		}
+
+	if (hmac_key)
+		{
+		sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e,
+					(unsigned char *)hmac_key, -1);
+		if (!sigkey)
+			goto end;
+		}
+
 	if (sigkey)
 		{
 		EVP_MD_CTX *mctx = NULL;
@@ -410,7 +475,7 @@
 		{
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 		err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
-			  siglen,"","(stdin)",bmd,hmac_key);
+			  siglen,"","(stdin)",bmd);
 		}
 	else
 		{
@@ -436,7 +501,7 @@
 			else
 				tmp="";
 			r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
-				siglen,tmp,argv[i],bmd,hmac_key);
+				siglen,tmp,argv[i],bmd);
 			if(r)
 			    err=r;
 			if(tofree)
@@ -457,6 +522,8 @@
 	EVP_PKEY_free(sigkey);
 	if (sigopts)
 		sk_free(sigopts);
+	if (macopts)
+		sk_free(macopts);
 	if(sigbuf) OPENSSL_free(sigbuf);
 	if (bmd != NULL) BIO_free(bmd);
 	apps_shutdown();
@@ -465,23 +532,11 @@
 
 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
-	  const char *file,BIO *bmd,const char *hmac_key)
+	  const char *file,BIO *bmd)
 	{
 	unsigned int len;
 	int i;
-	EVP_MD_CTX *md_ctx;
-	HMAC_CTX hmac_ctx;
 
-	if (hmac_key)
-		{
-		EVP_MD *md;
-
-		BIO_get_md(bmd,&md);
-		HMAC_CTX_init(&hmac_ctx);
-		HMAC_Init_ex(&hmac_ctx,hmac_key,strlen(hmac_key),md, NULL);
-		BIO_get_md_ctx(bmd,&md_ctx);
-		BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx);
-		}
 	for (;;)
 		{
 		i=BIO_read(bp,(char *)buf,BUFSIZE);
@@ -524,11 +579,6 @@
 			return 1;
 			}
 		}
-	else if(hmac_key)
-		{
-		HMAC_Final(&hmac_ctx,buf,&len);
-		HMAC_CTX_cleanup(&hmac_ctx);
-		}
 	else
 		len=BIO_gets(bp,(char *)buf,BUFSIZE);
 
@@ -544,10 +594,6 @@
 			}
 		BIO_printf(out, "\n");
 		}
-	if (hmac_key)
-		{
-		BIO_set_md_ctx(bmd,md_ctx);
-		}
 	return 0;
 	}
 

diff --git a/apps/genpkey.c b/apps/genpkey.c
index 1d1a53e..722aa3c 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c

@@ -67,8 +67,6 @@
 
 static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
 				const char *file, ENGINE *e);
-static int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
-				const char *algname, ENGINE *e, int do_param);
 static int genpkey_cb(EVP_PKEY_CTX *ctx);
 
 #define PROG genpkey_main
@@ -362,8 +360,8 @@
 
 	}
 
-static int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
-				const char *algname, ENGINE *e, int do_param)
+int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
+			const char *algname, ENGINE *e, int do_param)
 	{
 	EVP_PKEY_CTX *ctx = NULL;
 	const EVP_PKEY_ASN1_METHOD *ameth;
commit	2022cfe07e331dc4b69829ca4dd45c295190d471	[log] [tgz]
author	Dr. Stephen Henson <steve@openssl.org>	Wed Apr 11 17:20:40 2007 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	Wed Apr 11 17:20:40 2007 +0000
tree	502b38f6f67849331f027bd1a98ebb412b857eec
parent	47b71e6ee9c421162b1cf610bd1ca22843691764 [diff]