Update the demos/README file because it is really old. New demos should provide best practice for API use.

Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14150)

5 files changed, 481 insertions, 6 deletions

diff --git a/demos/README.txt b/demos/README.txt
index d2155ef973..cfb2b3c82d 100644
--- a/demos/README.txt
+++ b/demos/README.txt
@@ -1,9 +1,23 @@
-NOTE: Don't expect any of these programs to work with current
-OpenSSL releases, or even with later SSLeay releases.
+OpenSSL Demonstration Applications
 
-Original README:
-=============================================================================
+This folder contains source code that demonstrates the proper use of the OpenSSL
+library API.
 
-Some demo programs sent to me by various people
+bio:              Demonstration of a simple TLS client and server.
 
-eric
+certs:            Demonstration of creating certs, using OCSP
+
+ciphers:
+
+cms:
+
+digest:
+EVP_MD_demo.c      Compute a digest from multiple buffers
+EVP_MD_stdin.c     Compute a digest with data read from stdin
+EVP_f_md.c         Compute a digest using BIO and EVP_f_md
+
+smime:
+
+pkcs12:            
+pkread.c           Print out a description of a PKCS12 file.
+pkwrite.c          Add a password to an existing PKCS12 file.
diff --git a/demos/digest/BIO_f_md.c b/demos/digest/BIO_f_md.c
new file mode 100755
index 0000000000..ce1dfcc34a
--- /dev/null
+++ b/demos/digest/BIO_f_md.c
@@ -0,0 +1,122 @@
+/*-
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * Example of using EVP_MD_fetch and EVP_Digest* methods to calculate
+ * a digest of static buffers
+ * You can find SHA3 test vectors from NIST here:
+ * https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/sha3/sha-3bytetestvectors.zip
+ * For example, contains these lines:
+    Len = 80
+    Msg = 1ca984dcc913344370cf
+    MD = 6915ea0eeffb99b9b246a0e34daf3947852684c3d618260119a22835659e4f23d4eb66a15d0affb8e93771578f5e8f25b7a5f2a55f511fb8b96325ba2cd14816
+ * use xxd convert the hex message string to binary input for BIO_f_md:
+ * echo "1ca984dcc913344370cf" | xxd -r -p | ./BIO_f_md
+ * and then verify the output matches MD above.
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+
+/*-
+ * This demonstration will show how to digest data using
+ * a BIO configured with a message digest
+ * A message digest name may be passed as an argument.
+ * The default digest is SHA3-512
+ */
+
+int main(int argc, char * argv[])
+{
+    int result = 1;
+    OSSL_LIB_CTX *library_context = NULL;
+    BIO *input = NULL;
+    BIO *bio_digest = NULL;
+    EVP_MD *md = NULL;
+    unsigned char buffer[512];
+    size_t readct, writect;
+    size_t digest_size;
+    char *digest_value=NULL;
+    int j;
+
+    input = BIO_new_fd( fileno(stdin), 1 );
+    if (input == NULL) {
+        fprintf(stderr, "BIO_new_fd() for stdin returned NULL\n");
+        goto cleanup;
+    }
+    library_context = OSSL_LIB_CTX_new();
+    if (library_context == NULL) {
+        fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n");
+        goto cleanup;
+    }
+
+    /*
+     * Fetch a message digest by name
+     * The algorithm name is case insensitive. 
+     * See providers(7) for details about algorithm fetching
+     */
+    md = EVP_MD_fetch( library_context, "SHA3-512", NULL );
+    if (md == NULL) {
+        fprintf(stderr, "EVP_MD_fetch did not find SHA3-512.\n");
+        goto cleanup;
+    }
+    digest_size = EVP_MD_size(md);
+    digest_value = OPENSSL_malloc(digest_size);
+    if (digest_value == NULL) {
+        fprintf(stderr, "Can't allocate %lu bytes for the digest value.\n", (unsigned long)digest_size);
+        goto cleanup;
+    }
+    /* Make a bio that uses the digest */
+    bio_digest = BIO_new(BIO_f_md());
+    if (bio_digest == NULL) {
+        fprintf(stderr, "BIO_new(BIO_f_md()) returned NULL\n");
+        goto cleanup;
+    }
+    /* set our bio_digest BIO to digest data */
+    if (BIO_set_md(bio_digest,md) != 1) {
+           fprintf(stderr, "BIO_set_md failed.\n");
+           goto cleanup;
+    }
+    /*-
+     * We will use BIO chaining so that as we read, the digest gets updated
+     * See the man page for BIO_push
+     */
+    BIO *reading = BIO_push( bio_digest, input );
+    
+    while( BIO_read(reading, buffer, sizeof(buffer)) > 0 )
+        ;
+
+    /*-
+     * BIO_gets must be used to calculate the final
+     * digest value and then copy it to digest_value.
+     */
+    if (BIO_gets(bio_digest, digest_value, digest_size) != digest_size) {
+        fprintf(stderr, "BIO_gets(bio_digest) failed\n");
+        goto cleanup;
+    }
+    for (j=0; j<digest_size; j++) {
+        fprintf(stdout, "%02x", (unsigned char)digest_value[j]);
+    }
+    fprintf(stdout, "\n");
+    result = 0;
+    
+cleanup:
+    if (result != 0) 
+        ERR_print_errors_fp(stderr);
+
+    OPENSSL_free(digest_value);
+    BIO_free(input);
+    BIO_free(bio_digest);
+    EVP_MD_free(md);
+    OSSL_LIB_CTX_free(library_context);
+
+    return result;
+}
diff --git a/demos/digest/EVP_MD_demo.c b/demos/digest/EVP_MD_demo.c
new file mode 100644
index 0000000000..77146e3f00
--- /dev/null
+++ b/demos/digest/EVP_MD_demo.c
@@ -0,0 +1,183 @@
+/*-
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Example of using EVP_MD_fetch and EVP_Digest* methods to calculate
+ * a digest of static buffers
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+
+/*-
+ * This demonstration will show how to digest data using
+ * the soliloqy from Hamlet scene 1 act 3
+ * The soliloqy is split into two parts to demonstrate using EVP_DigestUpdate
+ * more than once.
+ */
+
+const char * hamlet_1 =
+    "To be, or not to be, that is the question,\n"
+    "Whether tis nobler in the minde to suffer\n"
+    "The ſlings and arrowes of outragious fortune,\n"
+    "Or to take Armes again in a sea of troubles,\n"
+    "And by opposing, end them, to die to sleep;\n"
+    "No more, and by a sleep, to say we end\n"
+    "The heart-ache, and the thousand natural shocks\n"
+    "That flesh is heir to? tis a consumation\n"
+    "Devoutly to be wished. To die to sleep,\n"
+    "To sleepe, perchance to dreame, Aye, there's the rub,\n"
+    "For in that sleep of death what dreams may come\n"
+    "When we haue shuffled off this mortal coil\n"
+    "Must give us pause. There's the respect\n"
+    "That makes calamity of so long life:\n"
+    "For who would bear the Ships and Scorns of time,\n"
+    "The oppressor's wrong, the proud man's Contumely,\n"
+    "The pangs of dispised love, the Law's delay,\n"
+;
+const char * hamlet_2 =
+    "The insolence of Office, and the spurns\n"
+    "That patient merit of the'unworthy takes,\n"
+    "When he himself might his Quietas make\n"
+    "With a bare bodkin? Who would fardels bear,\n"
+    "To grunt and sweat under a weary life,\n"
+    "But that the dread of something after death,\n"
+    "The undiscovered country, from whose bourn\n"
+    "No traveller returns, puzzles the will,\n"
+    "And makes us rather bear those ills we have,\n"
+    "Then fly to others we know not of?\n"
+    "Thus conscience does make cowards of us all,\n"
+    "And thus the native hue of Resolution\n"
+    "Is sickled o'er with the pale cast of Thought,\n"
+    "And enterprises of great pith and moment,\n"
+    "With this regard their currents turn awry,\n"
+    "And lose the name of Action. Soft you now,\n"
+    "The fair Ophelia? Nymph in thy Orisons\n"
+    "Be all my sins remember'd.\n"
+; 
+
+/* The known value of the SHA3-512 digest of the above soliloqy */
+const unsigned char known_answer[] = {
+    0xbb, 0x69, 0xf8, 0x09, 0x9c, 0x2e, 0x00, 0x3d,
+    0xa4, 0x29, 0x5f, 0x59, 0x4b, 0x89, 0xe4, 0xd9,
+    0xdb, 0xa2, 0xe5, 0xaf, 0xa5, 0x87, 0x73, 0x9d,
+    0x83, 0x72, 0xcf, 0xea, 0x84, 0x66, 0xc1, 0xf9,
+    0xc9, 0x78, 0xef, 0xba, 0x3d, 0xe9, 0xc1, 0xff,
+    0xa3, 0x75, 0xc7, 0x58, 0x74, 0x8e, 0x9c, 0x1d,
+    0x14, 0xd9, 0xdd, 0xd1, 0xfd, 0x24, 0x30, 0xd6,
+    0x81, 0xca, 0x8f, 0x78, 0x29, 0x19, 0x9a, 0xfe,
+};
+
+int demonstrate_digest(void)
+{
+    OSSL_LIB_CTX *library_context;
+    int result = 0;
+    const char *option_properties = NULL;
+    EVP_MD *message_digest = NULL;
+    EVP_MD_CTX *digest_context = NULL;
+    unsigned int digest_length;
+    unsigned char *digest_value = NULL;
+    int j;
+
+    library_context = OSSL_LIB_CTX_new();
+    if (library_context == NULL) {
+        fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n");
+        goto cleanup;
+    }
+
+    /*
+     * Fetch a message digest by name
+     * The algorithm name is case insensitive. 
+     * See providers(7) for details about algorithm fetching
+     */
+    message_digest = EVP_MD_fetch(library_context,
+                                  "SHA3-512", option_properties);
+    if (message_digest == NULL) {
+        fprintf(stderr, "EVP_MD_fetch could not find SHA3-512.");
+        goto cleanup;
+    }
+    /* Determine the length of the fetched digest type */
+    digest_length = EVP_MD_size(message_digest);
+    if (digest_length <= 0) {
+        fprintf(stderr, "EVP_MD_size returned invalid size.\n");
+        goto cleanup;
+    }
+
+    digest_value = OPENSSL_malloc(digest_length);
+    if (digest_value == NULL) {
+        fprintf(stderr, "No memory.\n");
+        goto cleanup;
+    }
+    /*
+     * Make a message digest context to hold temporary state
+     * during digest creation
+     */
+    digest_context = EVP_MD_CTX_new();
+    if (digest_context == NULL) {
+        fprintf(stderr, "EVP_MD_CTX_new failed.\n");
+        goto cleanup;
+    }
+    /*
+     * Initialize the message digest context to use the fetched 
+     * digest provider
+     */
+    if (EVP_DigestInit(digest_context, message_digest) != 1) {
+        fprintf(stderr, "EVP_DigestInit failed.\n");
+        goto cleanup;
+    }
+    /* Digest parts one and two of the soliloqy */
+    if (EVP_DigestUpdate(digest_context, hamlet_1, strlen(hamlet_1)) != 1) {
+        fprintf(stderr, "EVP_DigestUpdate(hamlet_1) failed.\n");
+        goto cleanup;
+    }
+    if (EVP_DigestUpdate(digest_context, hamlet_2, strlen(hamlet_2)) != 1) {
+        fprintf(stderr, "EVP_DigestUpdate(hamlet_2) failed.\n");
+        goto cleanup;
+    }
+    if (EVP_DigestFinal(digest_context, digest_value, &digest_length) != 1) {
+        fprintf(stderr, "EVP_DigestFinal() failed.\n");
+        goto cleanup;
+    }
+    for (j=0; j<digest_length; j++)  {
+        fprintf(stdout, "%02x", digest_value[j]);
+    }
+    fprintf(stdout, "\n");
+    /* Check digest_value against the known answer */
+    if ((size_t)digest_length != sizeof(known_answer)) {
+        fprintf(stdout, "Digest length(%d) not equal to known answer length(%lu).\n",
+            digest_length, sizeof(known_answer));
+    } else if (memcmp(digest_value, known_answer, digest_length) != 0) {
+        for (j=0; j<sizeof(known_answer); j++) {
+            fprintf(stdout, "%02x", known_answer[j] );
+        }
+        fprintf(stdout, "\nDigest does not match known answer\n");
+    } else {
+        fprintf(stdout, "Digest computed properly.\n");
+        result = 1;
+    }
+
+
+cleanup:
+    if (result != 1)
+        ERR_print_errors_fp(stderr);
+    /* OpenSSL free functions will ignore NULL arguments */
+    EVP_MD_CTX_free(digest_context);
+    OPENSSL_free(digest_value);
+    EVP_MD_free(message_digest);
+
+    OSSL_LIB_CTX_free(library_context);
+    return result;
+}
+
+int main(void)
+{
+    return demonstrate_digest() == 0;
+}
diff --git a/demos/digest/EVP_MD_stdin.c b/demos/digest/EVP_MD_stdin.c
new file mode 100755
index 0000000000..3e24f342cb
--- /dev/null
+++ b/demos/digest/EVP_MD_stdin.c
@@ -0,0 +1,134 @@
+/*-
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * Example of using EVP_MD_fetch and EVP_Digest* methods to calculate
+ * a digest of static buffers
+ * You can find SHA3 test vectors from NIST here:
+ * https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/sha3/sha-3bytetestvectors.zip
+ * For example, contains these lines:
+    Len = 80
+    Msg = 1ca984dcc913344370cf
+    MD = 6915ea0eeffb99b9b246a0e34daf3947852684c3d618260119a22835659e4f23d4eb66a15d0affb8e93771578f5e8f25b7a5f2a55f511fb8b96325ba2cd14816
+ * use xxd convert the hex message string to binary input for EVP_MD_stdin:
+ * echo "1ca984dcc913344370cf" | xxd -r -p | ./EVP_MD_stdin
+ * and then verify the output matches MD above.
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+
+/*-
+ * This demonstration will show how to digest data using
+ * a BIO created to read from stdin
+ */
+
+int demonstrate_digest(BIO *input)
+{
+    OSSL_LIB_CTX *library_context = NULL;
+    int result = 0;
+    const char * option_properties = NULL;
+    EVP_MD *message_digest = NULL;
+    EVP_MD_CTX *digest_context = NULL;
+    unsigned int digest_length;
+    unsigned char *digest_value = NULL;
+    unsigned char buffer[512];
+    int ii;
+
+    library_context = OSSL_LIB_CTX_new();
+    if (library_context == NULL) {
+        fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n");
+        goto cleanup;
+    }
+
+    /*
+     * Fetch a message digest by name
+     * The algorithm name is case insensitive. 
+     * See providers(7) for details about algorithm fetching
+     */
+    message_digest = EVP_MD_fetch(library_context,
+                                  "SHA3-512", option_properties);
+    if (message_digest == NULL) {
+        fprintf(stderr, "EVP_MD_fetch could not find SHA3-512.");
+        ERR_print_errors_fp(stderr);
+        OSSL_LIB_CTX_free(library_context);
+        return 0;
+    }
+    /* Determine the length of the fetched digest type */
+    digest_length = EVP_MD_size(message_digest);
+    if (digest_length <= 0) {
+        fprintf(stderr, "EVP_MD_size returned invalid size.\n");
+        goto cleanup;
+    }
+
+    digest_value = OPENSSL_malloc(digest_length);
+    if (digest_value == NULL) {
+        fprintf(stderr, "No memory.\n");
+        goto cleanup;
+    }
+    /*
+     * Make a message digest context to hold temporary state
+     * during digest creation
+     */
+    digest_context = EVP_MD_CTX_new();
+    if (digest_context == NULL) {
+        fprintf(stderr, "EVP_MD_CTX_new failed.\n");
+        ERR_print_errors_fp(stderr);
+        goto cleanup;
+    }
+    /*
+     * Initialize the message digest context to use the fetched 
+     * digest provider
+     */
+    if (EVP_DigestInit(digest_context, message_digest) != 1) {
+        fprintf(stderr, "EVP_DigestInit failed.\n");
+        ERR_print_errors_fp(stderr);
+        goto cleanup;
+    }
+    while ((ii = BIO_read(input, buffer, sizeof(buffer))) > 0) {
+        if (EVP_DigestUpdate(digest_context, buffer, ii) != 1) {
+            fprintf(stderr, "EVP_DigestUpdate() failed.\n");
+            goto cleanup;
+        }
+    }
+    if (EVP_DigestFinal(digest_context, digest_value, &digest_length) != 1) {
+        fprintf(stderr, "EVP_DigestFinal() failed.\n");
+        goto cleanup;
+    }
+    result = 1;
+    for (ii=0; ii<digest_length; ii++) {
+        fprintf(stdout, "%02x", digest_value[ii]);
+    }
+    fprintf(stdout, "\n");
+
+cleanup:
+    if (result != 1)
+        ERR_print_errors_fp(stderr);
+    /* OpenSSL free functions will ignore NULL arguments */
+    EVP_MD_CTX_free(digest_context);
+    OPENSSL_free(digest_value);
+    EVP_MD_free(message_digest);
+
+    OSSL_LIB_CTX_free(library_context);
+    return result;
+}
+
+int main(void)
+{
+    int result = 1;
+    BIO *input = BIO_new_fd( fileno(stdin), 1 );
+
+    if (input != NULL) {
+        result = demonstrate_digest(input);
+        BIO_free(input);
+    }
+    return result;
+}
diff --git a/demos/digest/Makefile b/demos/digest/Makefile
new file mode 100644
index 0000000000..bcd4c4353b
--- /dev/null
+++ b/demos/digest/Makefile
@@ -0,0 +1,22 @@
+#
+# To run the demos when linked with a shared library (default):
+#
+#    LD_LIBRARY_PATH=../.. ./EVP_MD_demo
+
+CFLAGS = -I../../include -g
+LDFLAGS = -L../..
+LDLIBS = -lcrypto
+
+all: EVP_MD_demo EVP_MD_stdin BIO_f_md
+
+%.o: %.c
+	$(CC) $(CFLAGS) -c $<
+
+EVP_MD_demo: EVP_MD_demo.o
+EVP_MD_stdin: EVP_MD_stdin.o
+BIO_f_md: BIO_f_md.o
+
+test: ;
+
+clean:
+	$(RM) *.o EVP_MD_demo EVP_MD_stdin BIO_f_md