[openssl] master update
beldmit at gmail.com
beldmit at gmail.com
Sat Mar 6 09:14:43 UTC 2021
The branch master has been updated
via 29ce1066bc54838ecb835244b03d763b55d7fadb (commit)
from a7a041c2301fcb7fc2080ddd22a6076060bbaa69 (commit)
- Log -----------------------------------------------------------------
commit 29ce1066bc54838ecb835244b03d763b55d7fadb
Author: Paul Nelson <nelson at openssl.org>
Date: Wed Feb 10 16:49:19 2021 -0600
Update the demos/README file because it is really old. New demos should provide best practice for API use.
Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14150)
-----------------------------------------------------------------------
Summary of changes:
demos/README.txt | 26 +++++--
demos/digest/BIO_f_md.c | 122 +++++++++++++++++++++++++++++
demos/digest/EVP_MD_demo.c | 183 ++++++++++++++++++++++++++++++++++++++++++++
demos/digest/EVP_MD_stdin.c | 134 ++++++++++++++++++++++++++++++++
demos/digest/Makefile | 22 ++++++
5 files changed, 481 insertions(+), 6 deletions(-)
create mode 100755 demos/digest/BIO_f_md.c
create mode 100644 demos/digest/EVP_MD_demo.c
create mode 100755 demos/digest/EVP_MD_stdin.c
create mode 100644 demos/digest/Makefile
diff --git a/demos/README.txt b/demos/README.txt
index d2155ef973..cfb2b3c82d 100644
--- a/demos/README.txt
+++ b/demos/README.txt
@@ -1,9 +1,23 @@
-NOTE: Don't expect any of these programs to work with current
-OpenSSL releases, or even with later SSLeay releases.
+OpenSSL Demonstration Applications
-Original README:
-=============================================================================
+This folder contains source code that demonstrates the proper use of the OpenSSL
+library API.
-Some demo programs sent to me by various people
+bio: Demonstration of a simple TLS client and server.
-eric
+certs: Demonstration of creating certs, using OCSP
+
+ciphers:
+
+cms:
+
+digest:
+EVP_MD_demo.c Compute a digest from multiple buffers
+EVP_MD_stdin.c Compute a digest with data read from stdin
+EVP_f_md.c Compute a digest using BIO and EVP_f_md
+
+smime:
+
+pkcs12:
+pkread.c Print out a description of a PKCS12 file.
+pkwrite.c Add a password to an existing PKCS12 file.
diff --git a/demos/digest/BIO_f_md.c b/demos/digest/BIO_f_md.c
new file mode 100755
index 0000000000..ce1dfcc34a
--- /dev/null
+++ b/demos/digest/BIO_f_md.c
@@ -0,0 +1,122 @@
+/*-
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * Example of using EVP_MD_fetch and EVP_Digest* methods to calculate
+ * a digest of static buffers
+ * You can find SHA3 test vectors from NIST here:
+ * https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/sha3/sha-3bytetestvectors.zip
+ * For example, contains these lines:
+ Len = 80
+ Msg = 1ca984dcc913344370cf
+ MD = 6915ea0eeffb99b9b246a0e34daf3947852684c3d618260119a22835659e4f23d4eb66a15d0affb8e93771578f5e8f25b7a5f2a55f511fb8b96325ba2cd14816
+ * use xxd convert the hex message string to binary input for BIO_f_md:
+ * echo "1ca984dcc913344370cf" | xxd -r -p | ./BIO_f_md
+ * and then verify the output matches MD above.
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+
+/*-
+ * This demonstration will show how to digest data using
+ * a BIO configured with a message digest
+ * A message digest name may be passed as an argument.
+ * The default digest is SHA3-512
+ */
+
+int main(int argc, char * argv[])
+{
+ int result = 1;
+ OSSL_LIB_CTX *library_context = NULL;
+ BIO *input = NULL;
+ BIO *bio_digest = NULL;
+ EVP_MD *md = NULL;
+ unsigned char buffer[512];
+ size_t readct, writect;
+ size_t digest_size;
+ char *digest_value=NULL;
+ int j;
+
+ input = BIO_new_fd( fileno(stdin), 1 );
+ if (input == NULL) {
+ fprintf(stderr, "BIO_new_fd() for stdin returned NULL\n");
+ goto cleanup;
+ }
+ library_context = OSSL_LIB_CTX_new();
+ if (library_context == NULL) {
+ fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n");
+ goto cleanup;
+ }
+
+ /*
+ * Fetch a message digest by name
+ * The algorithm name is case insensitive.
+ * See providers(7) for details about algorithm fetching
+ */
+ md = EVP_MD_fetch( library_context, "SHA3-512", NULL );
+ if (md == NULL) {
+ fprintf(stderr, "EVP_MD_fetch did not find SHA3-512.\n");
+ goto cleanup;
+ }
+ digest_size = EVP_MD_size(md);
+ digest_value = OPENSSL_malloc(digest_size);
+ if (digest_value == NULL) {
+ fprintf(stderr, "Can't allocate %lu bytes for the digest value.\n", (unsigned long)digest_size);
+ goto cleanup;
+ }
+ /* Make a bio that uses the digest */
+ bio_digest = BIO_new(BIO_f_md());
+ if (bio_digest == NULL) {
+ fprintf(stderr, "BIO_new(BIO_f_md()) returned NULL\n");
+ goto cleanup;
+ }
+ /* set our bio_digest BIO to digest data */
+ if (BIO_set_md(bio_digest,md) != 1) {
+ fprintf(stderr, "BIO_set_md failed.\n");
+ goto cleanup;
+ }
+ /*-
+ * We will use BIO chaining so that as we read, the digest gets updated
+ * See the man page for BIO_push
+ */
+ BIO *reading = BIO_push( bio_digest, input );
+
+ while( BIO_read(reading, buffer, sizeof(buffer)) > 0 )
+ ;
+
+ /*-
+ * BIO_gets must be used to calculate the final
+ * digest value and then copy it to digest_value.
+ */
+ if (BIO_gets(bio_digest, digest_value, digest_size) != digest_size) {
+ fprintf(stderr, "BIO_gets(bio_digest) failed\n");
+ goto cleanup;
+ }
+ for (j=0; j<digest_size; j++) {
+ fprintf(stdout, "%02x", (unsigned char)digest_value[j]);
+ }
+ fprintf(stdout, "\n");
+ result = 0;
+
+cleanup:
+ if (result != 0)
+ ERR_print_errors_fp(stderr);
+
+ OPENSSL_free(digest_value);
+ BIO_free(input);
+ BIO_free(bio_digest);
+ EVP_MD_free(md);
+ OSSL_LIB_CTX_free(library_context);
+
+ return result;
+}
diff --git a/demos/digest/EVP_MD_demo.c b/demos/digest/EVP_MD_demo.c
new file mode 100644
index 0000000000..77146e3f00
--- /dev/null
+++ b/demos/digest/EVP_MD_demo.c
@@ -0,0 +1,183 @@
+/*-
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Example of using EVP_MD_fetch and EVP_Digest* methods to calculate
+ * a digest of static buffers
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+
+/*-
+ * This demonstration will show how to digest data using
+ * the soliloqy from Hamlet scene 1 act 3
+ * The soliloqy is split into two parts to demonstrate using EVP_DigestUpdate
+ * more than once.
+ */
+
+const char * hamlet_1 =
+ "To be, or not to be, that is the question,\n"
+ "Whether tis nobler in the minde to suffer\n"
+ "The ſlings and arrowes of outragious fortune,\n"
+ "Or to take Armes again in a sea of troubles,\n"
+ "And by opposing, end them, to die to sleep;\n"
+ "No more, and by a sleep, to say we end\n"
+ "The heart-ache, and the thousand natural shocks\n"
+ "That flesh is heir to? tis a consumation\n"
+ "Devoutly to be wished. To die to sleep,\n"
+ "To sleepe, perchance to dreame, Aye, there's the rub,\n"
+ "For in that sleep of death what dreams may come\n"
+ "When we haue shuffled off this mortal coil\n"
+ "Must give us pause. There's the respect\n"
+ "That makes calamity of so long life:\n"
+ "For who would bear the Ships and Scorns of time,\n"
+ "The oppressor's wrong, the proud man's Contumely,\n"
+ "The pangs of dispised love, the Law's delay,\n"
+;
+const char * hamlet_2 =
+ "The insolence of Office, and the spurns\n"
+ "That patient merit of the'unworthy takes,\n"
+ "When he himself might his Quietas make\n"
+ "With a bare bodkin? Who would fardels bear,\n"
+ "To grunt and sweat under a weary life,\n"
+ "But that the dread of something after death,\n"
+ "The undiscovered country, from whose bourn\n"
+ "No traveller returns, puzzles the will,\n"
+ "And makes us rather bear those ills we have,\n"
+ "Then fly to others we know not of?\n"
+ "Thus conscience does make cowards of us all,\n"
+ "And thus the native hue of Resolution\n"
+ "Is sickled o'er with the pale cast of Thought,\n"
+ "And enterprises of great pith and moment,\n"
+ "With this regard their currents turn awry,\n"
+ "And lose the name of Action. Soft you now,\n"
+ "The fair Ophelia? Nymph in thy Orisons\n"
+ "Be all my sins remember'd.\n"
+;
+
+/* The known value of the SHA3-512 digest of the above soliloqy */
+const unsigned char known_answer[] = {
+ 0xbb, 0x69, 0xf8, 0x09, 0x9c, 0x2e, 0x00, 0x3d,
+ 0xa4, 0x29, 0x5f, 0x59, 0x4b, 0x89, 0xe4, 0xd9,
+ 0xdb, 0xa2, 0xe5, 0xaf, 0xa5, 0x87, 0x73, 0x9d,
+ 0x83, 0x72, 0xcf, 0xea, 0x84, 0x66, 0xc1, 0xf9,
+ 0xc9, 0x78, 0xef, 0xba, 0x3d, 0xe9, 0xc1, 0xff,
+ 0xa3, 0x75, 0xc7, 0x58, 0x74, 0x8e, 0x9c, 0x1d,
+ 0x14, 0xd9, 0xdd, 0xd1, 0xfd, 0x24, 0x30, 0xd6,
+ 0x81, 0xca, 0x8f, 0x78, 0x29, 0x19, 0x9a, 0xfe,
+};
+
+int demonstrate_digest(void)
+{
+ OSSL_LIB_CTX *library_context;
+ int result = 0;
+ const char *option_properties = NULL;
+ EVP_MD *message_digest = NULL;
+ EVP_MD_CTX *digest_context = NULL;
+ unsigned int digest_length;
+ unsigned char *digest_value = NULL;
+ int j;
+
+ library_context = OSSL_LIB_CTX_new();
+ if (library_context == NULL) {
+ fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n");
+ goto cleanup;
+ }
+
+ /*
+ * Fetch a message digest by name
+ * The algorithm name is case insensitive.
+ * See providers(7) for details about algorithm fetching
+ */
+ message_digest = EVP_MD_fetch(library_context,
+ "SHA3-512", option_properties);
+ if (message_digest == NULL) {
+ fprintf(stderr, "EVP_MD_fetch could not find SHA3-512.");
+ goto cleanup;
+ }
+ /* Determine the length of the fetched digest type */
+ digest_length = EVP_MD_size(message_digest);
+ if (digest_length <= 0) {
+ fprintf(stderr, "EVP_MD_size returned invalid size.\n");
+ goto cleanup;
+ }
+
+ digest_value = OPENSSL_malloc(digest_length);
+ if (digest_value == NULL) {
+ fprintf(stderr, "No memory.\n");
+ goto cleanup;
+ }
+ /*
+ * Make a message digest context to hold temporary state
+ * during digest creation
+ */
+ digest_context = EVP_MD_CTX_new();
+ if (digest_context == NULL) {
+ fprintf(stderr, "EVP_MD_CTX_new failed.\n");
+ goto cleanup;
+ }
+ /*
+ * Initialize the message digest context to use the fetched
+ * digest provider
+ */
+ if (EVP_DigestInit(digest_context, message_digest) != 1) {
+ fprintf(stderr, "EVP_DigestInit failed.\n");
+ goto cleanup;
+ }
+ /* Digest parts one and two of the soliloqy */
+ if (EVP_DigestUpdate(digest_context, hamlet_1, strlen(hamlet_1)) != 1) {
+ fprintf(stderr, "EVP_DigestUpdate(hamlet_1) failed.\n");
+ goto cleanup;
+ }
+ if (EVP_DigestUpdate(digest_context, hamlet_2, strlen(hamlet_2)) != 1) {
+ fprintf(stderr, "EVP_DigestUpdate(hamlet_2) failed.\n");
+ goto cleanup;
+ }
+ if (EVP_DigestFinal(digest_context, digest_value, &digest_length) != 1) {
+ fprintf(stderr, "EVP_DigestFinal() failed.\n");
+ goto cleanup;
+ }
+ for (j=0; j<digest_length; j++) {
+ fprintf(stdout, "%02x", digest_value[j]);
+ }
+ fprintf(stdout, "\n");
+ /* Check digest_value against the known answer */
+ if ((size_t)digest_length != sizeof(known_answer)) {
+ fprintf(stdout, "Digest length(%d) not equal to known answer length(%lu).\n",
+ digest_length, sizeof(known_answer));
+ } else if (memcmp(digest_value, known_answer, digest_length) != 0) {
+ for (j=0; j<sizeof(known_answer); j++) {
+ fprintf(stdout, "%02x", known_answer[j] );
+ }
+ fprintf(stdout, "\nDigest does not match known answer\n");
+ } else {
+ fprintf(stdout, "Digest computed properly.\n");
+ result = 1;
+ }
+
+
+cleanup:
+ if (result != 1)
+ ERR_print_errors_fp(stderr);
+ /* OpenSSL free functions will ignore NULL arguments */
+ EVP_MD_CTX_free(digest_context);
+ OPENSSL_free(digest_value);
+ EVP_MD_free(message_digest);
+
+ OSSL_LIB_CTX_free(library_context);
+ return result;
+}
+
+int main(void)
+{
+ return demonstrate_digest() == 0;
+}
diff --git a/demos/digest/EVP_MD_stdin.c b/demos/digest/EVP_MD_stdin.c
new file mode 100755
index 0000000000..3e24f342cb
--- /dev/null
+++ b/demos/digest/EVP_MD_stdin.c
@@ -0,0 +1,134 @@
+/*-
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * Example of using EVP_MD_fetch and EVP_Digest* methods to calculate
+ * a digest of static buffers
+ * You can find SHA3 test vectors from NIST here:
+ * https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/sha3/sha-3bytetestvectors.zip
+ * For example, contains these lines:
+ Len = 80
+ Msg = 1ca984dcc913344370cf
+ MD = 6915ea0eeffb99b9b246a0e34daf3947852684c3d618260119a22835659e4f23d4eb66a15d0affb8e93771578f5e8f25b7a5f2a55f511fb8b96325ba2cd14816
+ * use xxd convert the hex message string to binary input for EVP_MD_stdin:
+ * echo "1ca984dcc913344370cf" | xxd -r -p | ./EVP_MD_stdin
+ * and then verify the output matches MD above.
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+
+/*-
+ * This demonstration will show how to digest data using
+ * a BIO created to read from stdin
+ */
+
+int demonstrate_digest(BIO *input)
+{
+ OSSL_LIB_CTX *library_context = NULL;
+ int result = 0;
+ const char * option_properties = NULL;
+ EVP_MD *message_digest = NULL;
+ EVP_MD_CTX *digest_context = NULL;
+ unsigned int digest_length;
+ unsigned char *digest_value = NULL;
+ unsigned char buffer[512];
+ int ii;
+
+ library_context = OSSL_LIB_CTX_new();
+ if (library_context == NULL) {
+ fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n");
+ goto cleanup;
+ }
+
+ /*
+ * Fetch a message digest by name
+ * The algorithm name is case insensitive.
+ * See providers(7) for details about algorithm fetching
+ */
+ message_digest = EVP_MD_fetch(library_context,
+ "SHA3-512", option_properties);
+ if (message_digest == NULL) {
+ fprintf(stderr, "EVP_MD_fetch could not find SHA3-512.");
+ ERR_print_errors_fp(stderr);
+ OSSL_LIB_CTX_free(library_context);
+ return 0;
+ }
+ /* Determine the length of the fetched digest type */
+ digest_length = EVP_MD_size(message_digest);
+ if (digest_length <= 0) {
+ fprintf(stderr, "EVP_MD_size returned invalid size.\n");
+ goto cleanup;
+ }
+
+ digest_value = OPENSSL_malloc(digest_length);
+ if (digest_value == NULL) {
+ fprintf(stderr, "No memory.\n");
+ goto cleanup;
+ }
+ /*
+ * Make a message digest context to hold temporary state
+ * during digest creation
+ */
+ digest_context = EVP_MD_CTX_new();
+ if (digest_context == NULL) {
+ fprintf(stderr, "EVP_MD_CTX_new failed.\n");
+ ERR_print_errors_fp(stderr);
+ goto cleanup;
+ }
+ /*
+ * Initialize the message digest context to use the fetched
+ * digest provider
+ */
+ if (EVP_DigestInit(digest_context, message_digest) != 1) {
+ fprintf(stderr, "EVP_DigestInit failed.\n");
+ ERR_print_errors_fp(stderr);
+ goto cleanup;
+ }
+ while ((ii = BIO_read(input, buffer, sizeof(buffer))) > 0) {
+ if (EVP_DigestUpdate(digest_context, buffer, ii) != 1) {
+ fprintf(stderr, "EVP_DigestUpdate() failed.\n");
+ goto cleanup;
+ }
+ }
+ if (EVP_DigestFinal(digest_context, digest_value, &digest_length) != 1) {
+ fprintf(stderr, "EVP_DigestFinal() failed.\n");
+ goto cleanup;
+ }
+ result = 1;
+ for (ii=0; ii<digest_length; ii++) {
+ fprintf(stdout, "%02x", digest_value[ii]);
+ }
+ fprintf(stdout, "\n");
+
+cleanup:
+ if (result != 1)
+ ERR_print_errors_fp(stderr);
+ /* OpenSSL free functions will ignore NULL arguments */
+ EVP_MD_CTX_free(digest_context);
+ OPENSSL_free(digest_value);
+ EVP_MD_free(message_digest);
+
+ OSSL_LIB_CTX_free(library_context);
+ return result;
+}
+
+int main(void)
+{
+ int result = 1;
+ BIO *input = BIO_new_fd( fileno(stdin), 1 );
+
+ if (input != NULL) {
+ result = demonstrate_digest(input);
+ BIO_free(input);
+ }
+ return result;
+}
diff --git a/demos/digest/Makefile b/demos/digest/Makefile
new file mode 100644
index 0000000000..bcd4c4353b
--- /dev/null
+++ b/demos/digest/Makefile
@@ -0,0 +1,22 @@
+#
+# To run the demos when linked with a shared library (default):
+#
+# LD_LIBRARY_PATH=../.. ./EVP_MD_demo
+
+CFLAGS = -I../../include -g
+LDFLAGS = -L../..
+LDLIBS = -lcrypto
+
+all: EVP_MD_demo EVP_MD_stdin BIO_f_md
+
+%.o: %.c
+ $(CC) $(CFLAGS) -c $<
+
+EVP_MD_demo: EVP_MD_demo.o
+EVP_MD_stdin: EVP_MD_stdin.o
+BIO_f_md: BIO_f_md.o
+
+test: ;
+
+clean:
+ $(RM) *.o EVP_MD_demo EVP_MD_stdin BIO_f_md
More information about the openssl-commits
mailing list