From 29ce1066bc54838ecb835244b03d763b55d7fadb Mon Sep 17 00:00:00 2001 From: Paul Nelson Date: Wed, 10 Feb 2021 16:49:19 -0600 Subject: [PATCH] Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo Reviewed-by: Paul Dale Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/14150) --- demos/README.txt | 26 +++-- demos/digest/BIO_f_md.c | 122 ++++++++++++++++++++++++ demos/digest/EVP_MD_demo.c | 183 ++++++++++++++++++++++++++++++++++++ demos/digest/EVP_MD_stdin.c | 134 ++++++++++++++++++++++++++ demos/digest/Makefile | 22 +++++ 5 files changed, 481 insertions(+), 6 deletions(-) create mode 100755 demos/digest/BIO_f_md.c create mode 100644 demos/digest/EVP_MD_demo.c create mode 100755 demos/digest/EVP_MD_stdin.c create mode 100644 demos/digest/Makefile diff --git a/demos/README.txt b/demos/README.txt index d2155ef973..cfb2b3c82d 100644 --- a/demos/README.txt +++ b/demos/README.txt @@ -1,9 +1,23 @@ -NOTE: Don't expect any of these programs to work with current -OpenSSL releases, or even with later SSLeay releases. +OpenSSL Demonstration Applications -Original README: -============================================================================= +This folder contains source code that demonstrates the proper use of the OpenSSL +library API. -Some demo programs sent to me by various people +bio: Demonstration of a simple TLS client and server. -eric +certs: Demonstration of creating certs, using OCSP + +ciphers: + +cms: + +digest: +EVP_MD_demo.c Compute a digest from multiple buffers +EVP_MD_stdin.c Compute a digest with data read from stdin +EVP_f_md.c Compute a digest using BIO and EVP_f_md + +smime: + +pkcs12: +pkread.c Print out a description of a PKCS12 file. +pkwrite.c Add a password to an existing PKCS12 file. diff --git a/demos/digest/BIO_f_md.c b/demos/digest/BIO_f_md.c new file mode 100755 index 0000000000..ce1dfcc34a --- /dev/null +++ b/demos/digest/BIO_f_md.c @@ -0,0 +1,122 @@ +/*- + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/*- + * Example of using EVP_MD_fetch and EVP_Digest* methods to calculate + * a digest of static buffers + * You can find SHA3 test vectors from NIST here: + * https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/sha3/sha-3bytetestvectors.zip + * For example, contains these lines: + Len = 80 + Msg = 1ca984dcc913344370cf + MD = 6915ea0eeffb99b9b246a0e34daf3947852684c3d618260119a22835659e4f23d4eb66a15d0affb8e93771578f5e8f25b7a5f2a55f511fb8b96325ba2cd14816 + * use xxd convert the hex message string to binary input for BIO_f_md: + * echo "1ca984dcc913344370cf" | xxd -r -p | ./BIO_f_md + * and then verify the output matches MD above. + */ + +#include +#include +#include +#include +#include + +/*- + * This demonstration will show how to digest data using + * a BIO configured with a message digest + * A message digest name may be passed as an argument. + * The default digest is SHA3-512 + */ + +int main(int argc, char * argv[]) +{ + int result = 1; + OSSL_LIB_CTX *library_context = NULL; + BIO *input = NULL; + BIO *bio_digest = NULL; + EVP_MD *md = NULL; + unsigned char buffer[512]; + size_t readct, writect; + size_t digest_size; + char *digest_value=NULL; + int j; + + input = BIO_new_fd( fileno(stdin), 1 ); + if (input == NULL) { + fprintf(stderr, "BIO_new_fd() for stdin returned NULL\n"); + goto cleanup; + } + library_context = OSSL_LIB_CTX_new(); + if (library_context == NULL) { + fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); + goto cleanup; + } + + /* + * Fetch a message digest by name + * The algorithm name is case insensitive. + * See providers(7) for details about algorithm fetching + */ + md = EVP_MD_fetch( library_context, "SHA3-512", NULL ); + if (md == NULL) { + fprintf(stderr, "EVP_MD_fetch did not find SHA3-512.\n"); + goto cleanup; + } + digest_size = EVP_MD_size(md); + digest_value = OPENSSL_malloc(digest_size); + if (digest_value == NULL) { + fprintf(stderr, "Can't allocate %lu bytes for the digest value.\n", (unsigned long)digest_size); + goto cleanup; + } + /* Make a bio that uses the digest */ + bio_digest = BIO_new(BIO_f_md()); + if (bio_digest == NULL) { + fprintf(stderr, "BIO_new(BIO_f_md()) returned NULL\n"); + goto cleanup; + } + /* set our bio_digest BIO to digest data */ + if (BIO_set_md(bio_digest,md) != 1) { + fprintf(stderr, "BIO_set_md failed.\n"); + goto cleanup; + } + /*- + * We will use BIO chaining so that as we read, the digest gets updated + * See the man page for BIO_push + */ + BIO *reading = BIO_push( bio_digest, input ); + + while( BIO_read(reading, buffer, sizeof(buffer)) > 0 ) + ; + + /*- + * BIO_gets must be used to calculate the final + * digest value and then copy it to digest_value. + */ + if (BIO_gets(bio_digest, digest_value, digest_size) != digest_size) { + fprintf(stderr, "BIO_gets(bio_digest) failed\n"); + goto cleanup; + } + for (j=0; j +#include +#include +#include + +/*- + * This demonstration will show how to digest data using + * the soliloqy from Hamlet scene 1 act 3 + * The soliloqy is split into two parts to demonstrate using EVP_DigestUpdate + * more than once. + */ + +const char * hamlet_1 = + "To be, or not to be, that is the question,\n" + "Whether tis nobler in the minde to suffer\n" + "The ſlings and arrowes of outragious fortune,\n" + "Or to take Armes again in a sea of troubles,\n" + "And by opposing, end them, to die to sleep;\n" + "No more, and by a sleep, to say we end\n" + "The heart-ache, and the thousand natural shocks\n" + "That flesh is heir to? tis a consumation\n" + "Devoutly to be wished. To die to sleep,\n" + "To sleepe, perchance to dreame, Aye, there's the rub,\n" + "For in that sleep of death what dreams may come\n" + "When we haue shuffled off this mortal coil\n" + "Must give us pause. There's the respect\n" + "That makes calamity of so long life:\n" + "For who would bear the Ships and Scorns of time,\n" + "The oppressor's wrong, the proud man's Contumely,\n" + "The pangs of dispised love, the Law's delay,\n" +; +const char * hamlet_2 = + "The insolence of Office, and the spurns\n" + "That patient merit of the'unworthy takes,\n" + "When he himself might his Quietas make\n" + "With a bare bodkin? Who would fardels bear,\n" + "To grunt and sweat under a weary life,\n" + "But that the dread of something after death,\n" + "The undiscovered country, from whose bourn\n" + "No traveller returns, puzzles the will,\n" + "And makes us rather bear those ills we have,\n" + "Then fly to others we know not of?\n" + "Thus conscience does make cowards of us all,\n" + "And thus the native hue of Resolution\n" + "Is sickled o'er with the pale cast of Thought,\n" + "And enterprises of great pith and moment,\n" + "With this regard their currents turn awry,\n" + "And lose the name of Action. Soft you now,\n" + "The fair Ophelia? Nymph in thy Orisons\n" + "Be all my sins remember'd.\n" +; + +/* The known value of the SHA3-512 digest of the above soliloqy */ +const unsigned char known_answer[] = { + 0xbb, 0x69, 0xf8, 0x09, 0x9c, 0x2e, 0x00, 0x3d, + 0xa4, 0x29, 0x5f, 0x59, 0x4b, 0x89, 0xe4, 0xd9, + 0xdb, 0xa2, 0xe5, 0xaf, 0xa5, 0x87, 0x73, 0x9d, + 0x83, 0x72, 0xcf, 0xea, 0x84, 0x66, 0xc1, 0xf9, + 0xc9, 0x78, 0xef, 0xba, 0x3d, 0xe9, 0xc1, 0xff, + 0xa3, 0x75, 0xc7, 0x58, 0x74, 0x8e, 0x9c, 0x1d, + 0x14, 0xd9, 0xdd, 0xd1, 0xfd, 0x24, 0x30, 0xd6, + 0x81, 0xca, 0x8f, 0x78, 0x29, 0x19, 0x9a, 0xfe, +}; + +int demonstrate_digest(void) +{ + OSSL_LIB_CTX *library_context; + int result = 0; + const char *option_properties = NULL; + EVP_MD *message_digest = NULL; + EVP_MD_CTX *digest_context = NULL; + unsigned int digest_length; + unsigned char *digest_value = NULL; + int j; + + library_context = OSSL_LIB_CTX_new(); + if (library_context == NULL) { + fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); + goto cleanup; + } + + /* + * Fetch a message digest by name + * The algorithm name is case insensitive. + * See providers(7) for details about algorithm fetching + */ + message_digest = EVP_MD_fetch(library_context, + "SHA3-512", option_properties); + if (message_digest == NULL) { + fprintf(stderr, "EVP_MD_fetch could not find SHA3-512."); + goto cleanup; + } + /* Determine the length of the fetched digest type */ + digest_length = EVP_MD_size(message_digest); + if (digest_length <= 0) { + fprintf(stderr, "EVP_MD_size returned invalid size.\n"); + goto cleanup; + } + + digest_value = OPENSSL_malloc(digest_length); + if (digest_value == NULL) { + fprintf(stderr, "No memory.\n"); + goto cleanup; + } + /* + * Make a message digest context to hold temporary state + * during digest creation + */ + digest_context = EVP_MD_CTX_new(); + if (digest_context == NULL) { + fprintf(stderr, "EVP_MD_CTX_new failed.\n"); + goto cleanup; + } + /* + * Initialize the message digest context to use the fetched + * digest provider + */ + if (EVP_DigestInit(digest_context, message_digest) != 1) { + fprintf(stderr, "EVP_DigestInit failed.\n"); + goto cleanup; + } + /* Digest parts one and two of the soliloqy */ + if (EVP_DigestUpdate(digest_context, hamlet_1, strlen(hamlet_1)) != 1) { + fprintf(stderr, "EVP_DigestUpdate(hamlet_1) failed.\n"); + goto cleanup; + } + if (EVP_DigestUpdate(digest_context, hamlet_2, strlen(hamlet_2)) != 1) { + fprintf(stderr, "EVP_DigestUpdate(hamlet_2) failed.\n"); + goto cleanup; + } + if (EVP_DigestFinal(digest_context, digest_value, &digest_length) != 1) { + fprintf(stderr, "EVP_DigestFinal() failed.\n"); + goto cleanup; + } + for (j=0; j +#include +#include +#include + +/*- + * This demonstration will show how to digest data using + * a BIO created to read from stdin + */ + +int demonstrate_digest(BIO *input) +{ + OSSL_LIB_CTX *library_context = NULL; + int result = 0; + const char * option_properties = NULL; + EVP_MD *message_digest = NULL; + EVP_MD_CTX *digest_context = NULL; + unsigned int digest_length; + unsigned char *digest_value = NULL; + unsigned char buffer[512]; + int ii; + + library_context = OSSL_LIB_CTX_new(); + if (library_context == NULL) { + fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); + goto cleanup; + } + + /* + * Fetch a message digest by name + * The algorithm name is case insensitive. + * See providers(7) for details about algorithm fetching + */ + message_digest = EVP_MD_fetch(library_context, + "SHA3-512", option_properties); + if (message_digest == NULL) { + fprintf(stderr, "EVP_MD_fetch could not find SHA3-512."); + ERR_print_errors_fp(stderr); + OSSL_LIB_CTX_free(library_context); + return 0; + } + /* Determine the length of the fetched digest type */ + digest_length = EVP_MD_size(message_digest); + if (digest_length <= 0) { + fprintf(stderr, "EVP_MD_size returned invalid size.\n"); + goto cleanup; + } + + digest_value = OPENSSL_malloc(digest_length); + if (digest_value == NULL) { + fprintf(stderr, "No memory.\n"); + goto cleanup; + } + /* + * Make a message digest context to hold temporary state + * during digest creation + */ + digest_context = EVP_MD_CTX_new(); + if (digest_context == NULL) { + fprintf(stderr, "EVP_MD_CTX_new failed.\n"); + ERR_print_errors_fp(stderr); + goto cleanup; + } + /* + * Initialize the message digest context to use the fetched + * digest provider + */ + if (EVP_DigestInit(digest_context, message_digest) != 1) { + fprintf(stderr, "EVP_DigestInit failed.\n"); + ERR_print_errors_fp(stderr); + goto cleanup; + } + while ((ii = BIO_read(input, buffer, sizeof(buffer))) > 0) { + if (EVP_DigestUpdate(digest_context, buffer, ii) != 1) { + fprintf(stderr, "EVP_DigestUpdate() failed.\n"); + goto cleanup; + } + } + if (EVP_DigestFinal(digest_context, digest_value, &digest_length) != 1) { + fprintf(stderr, "EVP_DigestFinal() failed.\n"); + goto cleanup; + } + result = 1; + for (ii=0; ii