1 files changed, 105 insertions, 99 deletions

diff --git a/drivers/builtin_openssl2/crypto/pkcs7/sign.c b/drivers/builtin_openssl2/crypto/pkcs7/sign.c
index 8b59885f7e..22f53fb601 100644
--- a/drivers/builtin_openssl2/crypto/pkcs7/sign.c
+++ b/drivers/builtin_openssl2/crypto/pkcs7/sign.c
@@ -1,25 +1,25 @@
-/* crypto/pkcs7/sign.c */
+/* demos/sign/sign.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,106 +49,112 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+
+/*
+ * sign-it.cpp - Simple test app using SSLeay envelopes to sign data
+ * 29.9.1996, Sampo Kellomaki <sampo@iki.fi>
+ */
+
+/* converted to C - eay :-) */
+
+/*
+ * reformated a bit and converted to use the more common functions: this was
+ * initially written at the dawn of time :-) - Steve.
+ */
+
 #include <stdio.h>
-#include <string.h>
-#include <openssl/bio.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 #include <openssl/x509.h>
-#include <openssl/pem.h>
 #include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+
+int main()
+{
+    int err;
+    int sig_len;
+    unsigned char sig_buf[4096];
+    static char certfile[] = "cert.pem";
+    static char keyfile[] = "key.pem";
+    static char data[] = "I owe you...";
+    EVP_MD_CTX md_ctx;
+    EVP_PKEY *pkey;
+    FILE *fp;
+    X509 *x509;
+
+    /*
+     * Just load the crypto library error strings, SSL_load_error_strings()
+     * loads the crypto AND the SSL ones
+     */
+    /* SSL_load_error_strings(); */
+    ERR_load_crypto_strings();
+
+    /* Read private key */
+
+    fp = fopen(keyfile, "r");
+    if (fp == NULL)
+        exit(1);
+    pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
+    fclose(fp);
+
+    if (pkey == NULL) {
+        ERR_print_errors_fp(stderr);
+        exit(1);
+    }
+
+    /* Do the signature */
+
+    EVP_SignInit(&md_ctx, EVP_sha1());
+    EVP_SignUpdate(&md_ctx, data, strlen(data));
+    sig_len = sizeof(sig_buf);
+    err = EVP_SignFinal(&md_ctx, sig_buf, &sig_len, pkey);
+
+    if (err != 1) {
+        ERR_print_errors_fp(stderr);
+        exit(1);
+    }
+
+    EVP_PKEY_free(pkey);
+
+    /* Read public key */
+
+    fp = fopen(certfile, "r");
+    if (fp == NULL)
+        exit(1);
+    x509 = PEM_read_X509(fp, NULL, NULL, NULL);
+    fclose(fp);
+
+    if (x509 == NULL) {
+        ERR_print_errors_fp(stderr);
+        exit(1);
+    }
+
+    /* Get public key - eay */
+    pkey = X509_get_pubkey(x509);
+    if (pkey == NULL) {
+        ERR_print_errors_fp(stderr);
+        exit(1);
+    }
+
+    /* Verify the signature */
 
-int main(argc,argv)
-int argc;
-char *argv[];
-	{
-	X509 *x509;
-	EVP_PKEY *pkey;
-	PKCS7 *p7;
-	PKCS7_SIGNER_INFO *si;
-	BIO *in;
-	BIO *data,*p7bio;
-	char buf[1024*4];
-	int i;
-	int nodetach=0;
-
-#ifndef OPENSSL_NO_MD2
-	EVP_add_digest(EVP_md2());
-#endif
-#ifndef OPENSSL_NO_MD5
-	EVP_add_digest(EVP_md5());
-#endif
-#ifndef OPENSSL_NO_SHA1
-	EVP_add_digest(EVP_sha1());
-#endif
-#ifndef OPENSSL_NO_MDC2
-	EVP_add_digest(EVP_mdc2());
-#endif
-
-	data=BIO_new(BIO_s_file());
-again:
-	if (argc > 1)
-		{
-		if (strcmp(argv[1],"-nd") == 0)
-			{
-			nodetach=1;
-			argv++; argc--;
-			goto again;
-			}
-		if (!BIO_read_filename(data,argv[1]))
-			goto err;
-		}
-	else
-		BIO_set_fp(data,stdin,BIO_NOCLOSE);
-
-	if ((in=BIO_new_file("server.pem","r")) == NULL) goto err;
-	if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err;
-	BIO_reset(in);
-	if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL) goto err;
-	BIO_free(in);
-
-	p7=PKCS7_new();
-	PKCS7_set_type(p7,NID_pkcs7_signed);
-	 
-	si=PKCS7_add_signature(p7,x509,pkey,EVP_sha1());
-	if (si == NULL) goto err;
-
-	/* If you do this then you get signing time automatically added */
-	PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT,
-						OBJ_nid2obj(NID_pkcs7_data));
-
-	/* we may want to add more */
-	PKCS7_add_certificate(p7,x509);
-
-	/* Set the content of the signed to 'data' */
-	PKCS7_content_new(p7,NID_pkcs7_data);
-
-	if (!nodetach)
-		PKCS7_set_detached(p7,1);
-
-	if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err;
-
-	for (;;)
-		{
-		i=BIO_read(data,buf,sizeof(buf));
-		if (i <= 0) break;
-		BIO_write(p7bio,buf,i);
-		}
-
-	if (!PKCS7_dataFinal(p7,p7bio)) goto err;
-	BIO_free(p7bio);
-
-	PEM_write_PKCS7(stdout,p7);
-	PKCS7_free(p7);
-
-	exit(0);
-err:
-	ERR_load_crypto_strings();
-	ERR_print_errors_fp(stderr);
-	exit(1);
-	}
+    EVP_VerifyInit(&md_ctx, EVP_sha1());
+    EVP_VerifyUpdate(&md_ctx, data, strlen((char *)data));
+    err = EVP_VerifyFinal(&md_ctx, sig_buf, sig_len, pkey);
+    EVP_PKEY_free(pkey);
 
+    if (err != 1) {
+        ERR_print_errors_fp(stderr);
+        exit(1);
+    }
+    printf("Signature Verified Ok.\n");
+    return (0);
+}