version 1.26, 2023/03/04 21:58:54 |
version 1.27, 2023/03/06 14:32:06 |
|
|
int pbkdf2; |
int pbkdf2; |
int printkey; |
int printkey; |
int verbose; |
int verbose; |
} enc_config; |
} cfg; |
|
|
static int |
static int |
enc_opt_cipher(int argc, char **argv, int *argsused) |
enc_opt_cipher(int argc, char **argv, int *argsused) |
|
|
return (1); |
return (1); |
|
|
if (strcmp(name, "none") == 0) { |
if (strcmp(name, "none") == 0) { |
enc_config.cipher = NULL; |
cfg.cipher = NULL; |
*argsused = 1; |
*argsused = 1; |
return (0); |
return (0); |
} |
} |
|
|
if ((enc_config.cipher = EVP_get_cipherbyname(name)) != NULL) { |
if ((cfg.cipher = EVP_get_cipherbyname(name)) != NULL) { |
*argsused = 1; |
*argsused = 1; |
return (0); |
return (0); |
} |
} |
|
|
.name = "A", |
.name = "A", |
.desc = "Process base64 data on one line (requires -a)", |
.desc = "Process base64 data on one line (requires -a)", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &enc_config.olb64, |
.opt.flag = &cfg.olb64, |
}, |
}, |
{ |
{ |
.name = "a", |
.name = "a", |
.desc = "Perform base64 encoding/decoding (alias -base64)", |
.desc = "Perform base64 encoding/decoding (alias -base64)", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &enc_config.base64, |
.opt.flag = &cfg.base64, |
}, |
}, |
{ |
{ |
.name = "base64", |
.name = "base64", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &enc_config.base64, |
.opt.flag = &cfg.base64, |
}, |
}, |
{ |
{ |
.name = "bufsize", |
.name = "bufsize", |
.argname = "size", |
.argname = "size", |
.desc = "Specify the buffer size to use for I/O", |
.desc = "Specify the buffer size to use for I/O", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &enc_config.bufsize, |
.opt.arg = &cfg.bufsize, |
}, |
}, |
{ |
{ |
.name = "d", |
.name = "d", |
.desc = "Decrypt the input data", |
.desc = "Decrypt the input data", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.opt.value = &enc_config.enc, |
.opt.value = &cfg.enc, |
.value = 0, |
.value = 0, |
}, |
}, |
{ |
{ |
.name = "debug", |
.name = "debug", |
.desc = "Print debugging information", |
.desc = "Print debugging information", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &enc_config.debug, |
.opt.flag = &cfg.debug, |
}, |
}, |
{ |
{ |
.name = "e", |
.name = "e", |
.desc = "Encrypt the input data (default)", |
.desc = "Encrypt the input data (default)", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.opt.value = &enc_config.enc, |
.opt.value = &cfg.enc, |
.value = 1, |
.value = 1, |
}, |
}, |
{ |
{ |
|
|
.argname = "file", |
.argname = "file", |
.desc = "Input file to read from (default stdin)", |
.desc = "Input file to read from (default stdin)", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &enc_config.inf, |
.opt.arg = &cfg.inf, |
}, |
}, |
{ |
{ |
.name = "iter", |
.name = "iter", |
.argname = "iterations", |
.argname = "iterations", |
.desc = "Specify iteration count and force use of PBKDF2", |
.desc = "Specify iteration count and force use of PBKDF2", |
.type = OPTION_ARG_INT, |
.type = OPTION_ARG_INT, |
.opt.value = &enc_config.iter, |
.opt.value = &cfg.iter, |
}, |
}, |
{ |
{ |
.name = "iv", |
.name = "iv", |
.argname = "IV", |
.argname = "IV", |
.desc = "IV to use, specified as a hexadecimal string", |
.desc = "IV to use, specified as a hexadecimal string", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &enc_config.hiv, |
.opt.arg = &cfg.hiv, |
}, |
}, |
{ |
{ |
.name = "K", |
.name = "K", |
.argname = "key", |
.argname = "key", |
.desc = "Key to use, specified as a hexadecimal string", |
.desc = "Key to use, specified as a hexadecimal string", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &enc_config.hkey, |
.opt.arg = &cfg.hkey, |
}, |
}, |
{ |
{ |
.name = "k", /* Superseded by -pass. */ |
.name = "k", /* Superseded by -pass. */ |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &enc_config.keystr, |
.opt.arg = &cfg.keystr, |
}, |
}, |
{ |
{ |
.name = "kfile", /* Superseded by -pass. */ |
.name = "kfile", /* Superseded by -pass. */ |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &enc_config.keyfile, |
.opt.arg = &cfg.keyfile, |
}, |
}, |
{ |
{ |
.name = "md", |
.name = "md", |
.argname = "digest", |
.argname = "digest", |
.desc = "Digest to use to create a key from the passphrase", |
.desc = "Digest to use to create a key from the passphrase", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &enc_config.md, |
.opt.arg = &cfg.md, |
}, |
}, |
{ |
{ |
.name = "none", |
.name = "none", |
|
|
.name = "nopad", |
.name = "nopad", |
.desc = "Disable standard block padding", |
.desc = "Disable standard block padding", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &enc_config.nopad, |
.opt.flag = &cfg.nopad, |
}, |
}, |
{ |
{ |
.name = "nosalt", |
.name = "nosalt", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.opt.value = &enc_config.nosalt, |
.opt.value = &cfg.nosalt, |
.value = 1, |
.value = 1, |
}, |
}, |
{ |
{ |
|
|
.argname = "file", |
.argname = "file", |
.desc = "Output file to write to (default stdout)", |
.desc = "Output file to write to (default stdout)", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &enc_config.outf, |
.opt.arg = &cfg.outf, |
}, |
}, |
{ |
{ |
.name = "P", |
.name = "P", |
.desc = "Print out the salt, key and IV used, then exit\n" |
.desc = "Print out the salt, key and IV used, then exit\n" |
" (no encryption or decryption is performed)", |
" (no encryption or decryption is performed)", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.opt.value = &enc_config.printkey, |
.opt.value = &cfg.printkey, |
.value = 2, |
.value = 2, |
}, |
}, |
{ |
{ |
.name = "p", |
.name = "p", |
.desc = "Print out the salt, key and IV used", |
.desc = "Print out the salt, key and IV used", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.opt.value = &enc_config.printkey, |
.opt.value = &cfg.printkey, |
.value = 1, |
.value = 1, |
}, |
}, |
{ |
{ |
|
|
.argname = "source", |
.argname = "source", |
.desc = "Password source", |
.desc = "Password source", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &enc_config.passarg, |
.opt.arg = &cfg.passarg, |
}, |
}, |
{ |
{ |
.name = "pbkdf2", |
.name = "pbkdf2", |
.desc = "Use the pbkdf2 key derivation function", |
.desc = "Use the pbkdf2 key derivation function", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &enc_config.pbkdf2, |
.opt.flag = &cfg.pbkdf2, |
}, |
}, |
{ |
{ |
.name = "S", |
.name = "S", |
.argname = "salt", |
.argname = "salt", |
.desc = "Salt to use, specified as a hexadecimal string", |
.desc = "Salt to use, specified as a hexadecimal string", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &enc_config.hsalt, |
.opt.arg = &cfg.hsalt, |
}, |
}, |
{ |
{ |
.name = "salt", |
.name = "salt", |
.desc = "Use a salt in the key derivation routines (default)", |
.desc = "Use a salt in the key derivation routines (default)", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.opt.value = &enc_config.nosalt, |
.opt.value = &cfg.nosalt, |
.value = 0, |
.value = 0, |
}, |
}, |
{ |
{ |
.name = "v", |
.name = "v", |
.desc = "Verbose", |
.desc = "Verbose", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &enc_config.verbose, |
.opt.flag = &cfg.verbose, |
}, |
}, |
#ifdef ZLIB |
#ifdef ZLIB |
{ |
{ |
.name = "z", |
.name = "z", |
.desc = "Perform zlib compression/decompression", |
.desc = "Perform zlib compression/decompression", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &enc_config.do_zlib, |
.opt.flag = &cfg.do_zlib, |
}, |
}, |
#endif |
#endif |
{ |
{ |
|
|
exit(1); |
exit(1); |
} |
} |
|
|
memset(&enc_config, 0, sizeof(enc_config)); |
memset(&cfg, 0, sizeof(cfg)); |
enc_config.enc = 1; |
cfg.enc = 1; |
|
|
/* first check the program name */ |
/* first check the program name */ |
program_name(argv[0], pname, sizeof(pname)); |
program_name(argv[0], pname, sizeof(pname)); |
|
|
if (strcmp(pname, "base64") == 0) |
if (strcmp(pname, "base64") == 0) |
enc_config.base64 = 1; |
cfg.base64 = 1; |
|
|
#ifdef ZLIB |
#ifdef ZLIB |
if (strcmp(pname, "zlib") == 0) |
if (strcmp(pname, "zlib") == 0) |
enc_config.do_zlib = 1; |
cfg.do_zlib = 1; |
#endif |
#endif |
|
|
enc_config.cipher = EVP_get_cipherbyname(pname); |
cfg.cipher = EVP_get_cipherbyname(pname); |
|
|
#ifdef ZLIB |
#ifdef ZLIB |
if (!enc_config.do_zlib && !enc_config.base64 && |
if (!cfg.do_zlib && !cfg.base64 && |
enc_config.cipher == NULL && strcmp(pname, "enc") != 0) |
cfg.cipher == NULL && strcmp(pname, "enc") != 0) |
#else |
#else |
if (!enc_config.base64 && enc_config.cipher == NULL && |
if (!cfg.base64 && cfg.cipher == NULL && |
strcmp(pname, "enc") != 0) |
strcmp(pname, "enc") != 0) |
#endif |
#endif |
{ |
{ |
|
|
goto end; |
goto end; |
} |
} |
|
|
if (enc_config.keyfile != NULL) { |
if (cfg.keyfile != NULL) { |
static char buf[128]; |
static char buf[128]; |
FILE *infile; |
FILE *infile; |
|
|
infile = fopen(enc_config.keyfile, "r"); |
infile = fopen(cfg.keyfile, "r"); |
if (infile == NULL) { |
if (infile == NULL) { |
BIO_printf(bio_err, "unable to read key from '%s'\n", |
BIO_printf(bio_err, "unable to read key from '%s'\n", |
enc_config.keyfile); |
cfg.keyfile); |
goto end; |
goto end; |
} |
} |
buf[0] = '\0'; |
buf[0] = '\0'; |
if (!fgets(buf, sizeof buf, infile)) { |
if (!fgets(buf, sizeof buf, infile)) { |
BIO_printf(bio_err, "unable to read key from '%s'\n", |
BIO_printf(bio_err, "unable to read key from '%s'\n", |
enc_config.keyfile); |
cfg.keyfile); |
fclose(infile); |
fclose(infile); |
goto end; |
goto end; |
} |
} |
|
|
BIO_printf(bio_err, "zero length password\n"); |
BIO_printf(bio_err, "zero length password\n"); |
goto end; |
goto end; |
} |
} |
enc_config.keystr = buf; |
cfg.keystr = buf; |
} |
} |
|
|
if (enc_config.cipher != NULL && |
if (cfg.cipher != NULL && |
(EVP_CIPHER_flags(enc_config.cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) { |
(EVP_CIPHER_flags(cfg.cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) { |
BIO_printf(bio_err, "enc does not support AEAD ciphers\n"); |
BIO_printf(bio_err, "enc does not support AEAD ciphers\n"); |
goto end; |
goto end; |
} |
} |
|
|
if (enc_config.cipher != NULL && |
if (cfg.cipher != NULL && |
EVP_CIPHER_mode(enc_config.cipher) == EVP_CIPH_XTS_MODE) { |
EVP_CIPHER_mode(cfg.cipher) == EVP_CIPH_XTS_MODE) { |
BIO_printf(bio_err, "enc does not support XTS mode\n"); |
BIO_printf(bio_err, "enc does not support XTS mode\n"); |
goto end; |
goto end; |
} |
} |
|
|
if (enc_config.md != NULL && |
if (cfg.md != NULL && |
(dgst = EVP_get_digestbyname(enc_config.md)) == NULL) { |
(dgst = EVP_get_digestbyname(cfg.md)) == NULL) { |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
"%s is an unsupported message digest type\n", |
"%s is an unsupported message digest type\n", |
enc_config.md); |
cfg.md); |
goto end; |
goto end; |
} |
} |
if (dgst == NULL) { |
if (dgst == NULL) { |
dgst = EVP_sha256(); |
dgst = EVP_sha256(); |
} |
} |
|
|
if (enc_config.bufsize != NULL) { |
if (cfg.bufsize != NULL) { |
char *p = enc_config.bufsize; |
char *p = cfg.bufsize; |
unsigned long n; |
unsigned long n; |
|
|
/* XXX - provide an OPTION_ARG_DISKUNIT. */ |
/* XXX - provide an OPTION_ARG_DISKUNIT. */ |
|
|
goto end; |
goto end; |
} |
} |
/* It must be large enough for a base64 encoded line. */ |
/* It must be large enough for a base64 encoded line. */ |
if (enc_config.base64 && n < 80) |
if (cfg.base64 && n < 80) |
n = 80; |
n = 80; |
|
|
bsize = (int)n; |
bsize = (int)n; |
if (enc_config.verbose) |
if (cfg.verbose) |
BIO_printf(bio_err, "bufsize=%d\n", bsize); |
BIO_printf(bio_err, "bufsize=%d\n", bsize); |
} |
} |
strbuf = malloc(SIZE); |
strbuf = malloc(SIZE); |
|
|
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
if (enc_config.debug) { |
if (cfg.debug) { |
BIO_set_callback(in, BIO_debug_callback); |
BIO_set_callback(in, BIO_debug_callback); |
BIO_set_callback(out, BIO_debug_callback); |
BIO_set_callback(out, BIO_debug_callback); |
BIO_set_callback_arg(in, (char *) bio_err); |
BIO_set_callback_arg(in, (char *) bio_err); |
BIO_set_callback_arg(out, (char *) bio_err); |
BIO_set_callback_arg(out, (char *) bio_err); |
} |
} |
if (enc_config.inf == NULL) { |
if (cfg.inf == NULL) { |
if (enc_config.bufsize != NULL) |
if (cfg.bufsize != NULL) |
setvbuf(stdin, (char *) NULL, _IONBF, 0); |
setvbuf(stdin, (char *) NULL, _IONBF, 0); |
BIO_set_fp(in, stdin, BIO_NOCLOSE); |
BIO_set_fp(in, stdin, BIO_NOCLOSE); |
} else { |
} else { |
if (BIO_read_filename(in, enc_config.inf) <= 0) { |
if (BIO_read_filename(in, cfg.inf) <= 0) { |
perror(enc_config.inf); |
perror(cfg.inf); |
goto end; |
goto end; |
} |
} |
} |
} |
|
|
if (!enc_config.keystr && enc_config.passarg) { |
if (!cfg.keystr && cfg.passarg) { |
if (!app_passwd(bio_err, enc_config.passarg, NULL, |
if (!app_passwd(bio_err, cfg.passarg, NULL, |
&pass, NULL)) { |
&pass, NULL)) { |
BIO_printf(bio_err, "Error getting password\n"); |
BIO_printf(bio_err, "Error getting password\n"); |
goto end; |
goto end; |
} |
} |
enc_config.keystr = pass; |
cfg.keystr = pass; |
} |
} |
if (enc_config.keystr == NULL && enc_config.cipher != NULL && |
if (cfg.keystr == NULL && cfg.cipher != NULL && |
enc_config.hkey == NULL) { |
cfg.hkey == NULL) { |
for (;;) { |
for (;;) { |
char buf[200]; |
char buf[200]; |
int retval; |
int retval; |
|
|
retval = snprintf(buf, sizeof buf, |
retval = snprintf(buf, sizeof buf, |
"enter %s %s password:", |
"enter %s %s password:", |
OBJ_nid2ln(EVP_CIPHER_nid(enc_config.cipher)), |
OBJ_nid2ln(EVP_CIPHER_nid(cfg.cipher)), |
enc_config.enc ? "encryption" : "decryption"); |
cfg.enc ? "encryption" : "decryption"); |
if ((size_t)retval >= sizeof buf) { |
if ((size_t)retval >= sizeof buf) { |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
"Password prompt too long\n"); |
"Password prompt too long\n"); |
|
|
} |
} |
strbuf[0] = '\0'; |
strbuf[0] = '\0'; |
i = EVP_read_pw_string((char *)strbuf, SIZE, buf, |
i = EVP_read_pw_string((char *)strbuf, SIZE, buf, |
enc_config.enc); |
cfg.enc); |
if (i == 0) { |
if (i == 0) { |
if (strbuf[0] == '\0') { |
if (strbuf[0] == '\0') { |
ret = 1; |
ret = 1; |
goto end; |
goto end; |
} |
} |
enc_config.keystr = strbuf; |
cfg.keystr = strbuf; |
break; |
break; |
} |
} |
if (i < 0) { |
if (i < 0) { |
|
|
} |
} |
} |
} |
} |
} |
if (enc_config.outf == NULL) { |
if (cfg.outf == NULL) { |
BIO_set_fp(out, stdout, BIO_NOCLOSE); |
BIO_set_fp(out, stdout, BIO_NOCLOSE); |
if (enc_config.bufsize != NULL) |
if (cfg.bufsize != NULL) |
setvbuf(stdout, (char *)NULL, _IONBF, 0); |
setvbuf(stdout, (char *)NULL, _IONBF, 0); |
} else { |
} else { |
if (BIO_write_filename(out, enc_config.outf) <= 0) { |
if (BIO_write_filename(out, cfg.outf) <= 0) { |
perror(enc_config.outf); |
perror(cfg.outf); |
goto end; |
goto end; |
} |
} |
} |
} |
|
|
} |
} |
#endif |
#endif |
|
|
if (enc_config.base64) { |
if (cfg.base64) { |
if ((b64 = BIO_new(BIO_f_base64())) == NULL) |
if ((b64 = BIO_new(BIO_f_base64())) == NULL) |
goto end; |
goto end; |
if (enc_config.debug) { |
if (cfg.debug) { |
BIO_set_callback(b64, BIO_debug_callback); |
BIO_set_callback(b64, BIO_debug_callback); |
BIO_set_callback_arg(b64, (char *) bio_err); |
BIO_set_callback_arg(b64, (char *) bio_err); |
} |
} |
if (enc_config.olb64) |
if (cfg.olb64) |
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); |
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); |
if (enc_config.enc) |
if (cfg.enc) |
wbio = BIO_push(b64, wbio); |
wbio = BIO_push(b64, wbio); |
else |
else |
rbio = BIO_push(b64, rbio); |
rbio = BIO_push(b64, rbio); |
} |
} |
if (enc_config.cipher != NULL) { |
if (cfg.cipher != NULL) { |
/* |
/* |
* Note that keystr is NULL if a key was passed on the command |
* Note that keystr is NULL if a key was passed on the command |
* line, so we get no salt in that case. Is this a bug? |
* line, so we get no salt in that case. Is this a bug? |
*/ |
*/ |
if (enc_config.keystr != NULL) { |
if (cfg.keystr != NULL) { |
/* |
/* |
* Salt handling: if encrypting generate a salt and |
* Salt handling: if encrypting generate a salt and |
* write to output BIO. If decrypting read salt from |
* write to output BIO. If decrypting read salt from |
* input BIO. |
* input BIO. |
*/ |
*/ |
unsigned char *sptr; |
unsigned char *sptr; |
if (enc_config.nosalt) |
if (cfg.nosalt) |
sptr = NULL; |
sptr = NULL; |
else { |
else { |
if (enc_config.enc) { |
if (cfg.enc) { |
if (enc_config.hsalt) { |
if (cfg.hsalt) { |
if (!set_hex(enc_config.hsalt, salt, sizeof salt)) { |
if (!set_hex(cfg.hsalt, salt, sizeof salt)) { |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
"invalid hex salt value\n"); |
"invalid hex salt value\n"); |
goto end; |
goto end; |
|
|
* If -P option then don't bother |
* If -P option then don't bother |
* writing |
* writing |
*/ |
*/ |
if ((enc_config.printkey != 2) |
if ((cfg.printkey != 2) |
&& (BIO_write(wbio, magic, |
&& (BIO_write(wbio, magic, |
sizeof magic - 1) != sizeof magic - 1 |
sizeof magic - 1) != sizeof magic - 1 |
|| BIO_write(wbio, |
|| BIO_write(wbio, |
|
|
} |
} |
sptr = salt; |
sptr = salt; |
} |
} |
if (enc_config.pbkdf2 == 1 || enc_config.iter > 0) { |
if (cfg.pbkdf2 == 1 || cfg.iter > 0) { |
/* |
/* |
* derive key and default iv |
* derive key and default iv |
* concatenated into a temporary buffer |
* concatenated into a temporary buffer |
*/ |
*/ |
unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH]; |
unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH]; |
int iklen = EVP_CIPHER_key_length(enc_config.cipher); |
int iklen = EVP_CIPHER_key_length(cfg.cipher); |
int ivlen = EVP_CIPHER_iv_length(enc_config.cipher); |
int ivlen = EVP_CIPHER_iv_length(cfg.cipher); |
/* not needed if HASH_UPDATE() is fixed : */ |
/* not needed if HASH_UPDATE() is fixed : */ |
int islen = (sptr != NULL ? sizeof(salt) : 0); |
int islen = (sptr != NULL ? sizeof(salt) : 0); |
|
|
if (enc_config.iter == 0) |
if (cfg.iter == 0) |
enc_config.iter = 10000; |
cfg.iter = 10000; |
|
|
if (!PKCS5_PBKDF2_HMAC(enc_config.keystr, |
if (!PKCS5_PBKDF2_HMAC(cfg.keystr, |
strlen(enc_config.keystr), sptr, islen, |
strlen(cfg.keystr), sptr, islen, |
enc_config.iter, dgst, iklen+ivlen, tmpkeyiv)) { |
cfg.iter, dgst, iklen+ivlen, tmpkeyiv)) { |
BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n"); |
BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n"); |
goto end; |
goto end; |
} |
} |
|
|
memcpy(iv, tmpkeyiv + iklen, ivlen); |
memcpy(iv, tmpkeyiv + iklen, ivlen); |
explicit_bzero(tmpkeyiv, sizeof tmpkeyiv); |
explicit_bzero(tmpkeyiv, sizeof tmpkeyiv); |
} else { |
} else { |
EVP_BytesToKey(enc_config.cipher, dgst, sptr, |
EVP_BytesToKey(cfg.cipher, dgst, sptr, |
(unsigned char *)enc_config.keystr, |
(unsigned char *)cfg.keystr, |
strlen(enc_config.keystr), 1, key, iv); |
strlen(cfg.keystr), 1, key, iv); |
} |
} |
|
|
/* |
/* |
|
|
* the command line bug picked up by Larry J. Hughes |
* the command line bug picked up by Larry J. Hughes |
* Jr. <hughes@indiana.edu> |
* Jr. <hughes@indiana.edu> |
*/ |
*/ |
if (enc_config.keystr == strbuf) |
if (cfg.keystr == strbuf) |
explicit_bzero(enc_config.keystr, SIZE); |
explicit_bzero(cfg.keystr, SIZE); |
else |
else |
explicit_bzero(enc_config.keystr, |
explicit_bzero(cfg.keystr, |
strlen(enc_config.keystr)); |
strlen(cfg.keystr)); |
} |
} |
if (enc_config.hiv != NULL && |
if (cfg.hiv != NULL && |
!set_hex(enc_config.hiv, iv, sizeof iv)) { |
!set_hex(cfg.hiv, iv, sizeof iv)) { |
BIO_printf(bio_err, "invalid hex iv value\n"); |
BIO_printf(bio_err, "invalid hex iv value\n"); |
goto end; |
goto end; |
} |
} |
if (enc_config.hiv == NULL && enc_config.keystr == NULL && |
if (cfg.hiv == NULL && cfg.keystr == NULL && |
EVP_CIPHER_iv_length(enc_config.cipher) != 0) { |
EVP_CIPHER_iv_length(cfg.cipher) != 0) { |
/* |
/* |
* No IV was explicitly set and no IV was generated |
* No IV was explicitly set and no IV was generated |
* during EVP_BytesToKey. Hence the IV is undefined, |
* during EVP_BytesToKey. Hence the IV is undefined, |
|
|
BIO_printf(bio_err, "iv undefined\n"); |
BIO_printf(bio_err, "iv undefined\n"); |
goto end; |
goto end; |
} |
} |
if (enc_config.hkey != NULL && |
if (cfg.hkey != NULL && |
!set_hex(enc_config.hkey, key, sizeof key)) { |
!set_hex(cfg.hkey, key, sizeof key)) { |
BIO_printf(bio_err, "invalid hex key value\n"); |
BIO_printf(bio_err, "invalid hex key value\n"); |
goto end; |
goto end; |
} |
} |
|
|
|
|
BIO_get_cipher_ctx(benc, &ctx); |
BIO_get_cipher_ctx(benc, &ctx); |
|
|
if (!EVP_CipherInit_ex(ctx, enc_config.cipher, NULL, NULL, |
if (!EVP_CipherInit_ex(ctx, cfg.cipher, NULL, NULL, |
NULL, enc_config.enc)) { |
NULL, cfg.enc)) { |
BIO_printf(bio_err, "Error setting cipher %s\n", |
BIO_printf(bio_err, "Error setting cipher %s\n", |
EVP_CIPHER_name(enc_config.cipher)); |
EVP_CIPHER_name(cfg.cipher)); |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
if (enc_config.nopad) |
if (cfg.nopad) |
EVP_CIPHER_CTX_set_padding(ctx, 0); |
EVP_CIPHER_CTX_set_padding(ctx, 0); |
|
|
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, |
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, |
enc_config.enc)) { |
cfg.enc)) { |
BIO_printf(bio_err, "Error setting cipher %s\n", |
BIO_printf(bio_err, "Error setting cipher %s\n", |
EVP_CIPHER_name(enc_config.cipher)); |
EVP_CIPHER_name(cfg.cipher)); |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
if (enc_config.debug) { |
if (cfg.debug) { |
BIO_set_callback(benc, BIO_debug_callback); |
BIO_set_callback(benc, BIO_debug_callback); |
BIO_set_callback_arg(benc, (char *) bio_err); |
BIO_set_callback_arg(benc, (char *) bio_err); |
} |
} |
if (enc_config.printkey) { |
if (cfg.printkey) { |
int key_len, iv_len; |
int key_len, iv_len; |
|
|
if (!enc_config.nosalt) { |
if (!cfg.nosalt) { |
printf("salt="); |
printf("salt="); |
for (i = 0; i < (int) sizeof(salt); i++) |
for (i = 0; i < (int) sizeof(salt); i++) |
printf("%02X", salt[i]); |
printf("%02X", salt[i]); |
printf("\n"); |
printf("\n"); |
} |
} |
key_len = EVP_CIPHER_key_length(enc_config.cipher); |
key_len = EVP_CIPHER_key_length(cfg.cipher); |
if (key_len > 0) { |
if (key_len > 0) { |
printf("key="); |
printf("key="); |
for (i = 0; i < key_len; i++) |
for (i = 0; i < key_len; i++) |
printf("%02X", key[i]); |
printf("%02X", key[i]); |
printf("\n"); |
printf("\n"); |
} |
} |
iv_len = EVP_CIPHER_iv_length(enc_config.cipher); |
iv_len = EVP_CIPHER_iv_length(cfg.cipher); |
if (iv_len > 0) { |
if (iv_len > 0) { |
printf("iv ="); |
printf("iv ="); |
for (i = 0; i < iv_len; i++) |
for (i = 0; i < iv_len; i++) |
printf("%02X", iv[i]); |
printf("%02X", iv[i]); |
printf("\n"); |
printf("\n"); |
} |
} |
if (enc_config.printkey == 2) { |
if (cfg.printkey == 2) { |
ret = 0; |
ret = 0; |
goto end; |
goto end; |
} |
} |
|
|
goto end; |
goto end; |
} |
} |
ret = 0; |
ret = 0; |
if (enc_config.verbose) { |
if (cfg.verbose) { |
BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in)); |
BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in)); |
BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out)); |
BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out)); |
} |
} |