| version 1.26, 2023/03/04 21:58:54 |
version 1.27, 2023/03/06 14:32:06 |
|
|
| int pbkdf2; |
int pbkdf2; |
| int printkey; |
int printkey; |
| int verbose; |
int verbose; |
| } enc_config; |
} cfg; |
| |
|
| static int |
static int |
| enc_opt_cipher(int argc, char **argv, int *argsused) |
enc_opt_cipher(int argc, char **argv, int *argsused) |
|
|
| return (1); |
return (1); |
| |
|
| if (strcmp(name, "none") == 0) { |
if (strcmp(name, "none") == 0) { |
| enc_config.cipher = NULL; |
cfg.cipher = NULL; |
| *argsused = 1; |
*argsused = 1; |
| return (0); |
return (0); |
| } |
} |
| |
|
| if ((enc_config.cipher = EVP_get_cipherbyname(name)) != NULL) { |
if ((cfg.cipher = EVP_get_cipherbyname(name)) != NULL) { |
| *argsused = 1; |
*argsused = 1; |
| return (0); |
return (0); |
| } |
} |
|
|
| .name = "A", |
.name = "A", |
| .desc = "Process base64 data on one line (requires -a)", |
.desc = "Process base64 data on one line (requires -a)", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &enc_config.olb64, |
.opt.flag = &cfg.olb64, |
| }, |
}, |
| { |
{ |
| .name = "a", |
.name = "a", |
| .desc = "Perform base64 encoding/decoding (alias -base64)", |
.desc = "Perform base64 encoding/decoding (alias -base64)", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &enc_config.base64, |
.opt.flag = &cfg.base64, |
| }, |
}, |
| { |
{ |
| .name = "base64", |
.name = "base64", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &enc_config.base64, |
.opt.flag = &cfg.base64, |
| }, |
}, |
| { |
{ |
| .name = "bufsize", |
.name = "bufsize", |
| .argname = "size", |
.argname = "size", |
| .desc = "Specify the buffer size to use for I/O", |
.desc = "Specify the buffer size to use for I/O", |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &enc_config.bufsize, |
.opt.arg = &cfg.bufsize, |
| }, |
}, |
| { |
{ |
| .name = "d", |
.name = "d", |
| .desc = "Decrypt the input data", |
.desc = "Decrypt the input data", |
| .type = OPTION_VALUE, |
.type = OPTION_VALUE, |
| .opt.value = &enc_config.enc, |
.opt.value = &cfg.enc, |
| .value = 0, |
.value = 0, |
| }, |
}, |
| { |
{ |
| .name = "debug", |
.name = "debug", |
| .desc = "Print debugging information", |
.desc = "Print debugging information", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &enc_config.debug, |
.opt.flag = &cfg.debug, |
| }, |
}, |
| { |
{ |
| .name = "e", |
.name = "e", |
| .desc = "Encrypt the input data (default)", |
.desc = "Encrypt the input data (default)", |
| .type = OPTION_VALUE, |
.type = OPTION_VALUE, |
| .opt.value = &enc_config.enc, |
.opt.value = &cfg.enc, |
| .value = 1, |
.value = 1, |
| }, |
}, |
| { |
{ |
|
|
| .argname = "file", |
.argname = "file", |
| .desc = "Input file to read from (default stdin)", |
.desc = "Input file to read from (default stdin)", |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &enc_config.inf, |
.opt.arg = &cfg.inf, |
| }, |
}, |
| { |
{ |
| .name = "iter", |
.name = "iter", |
| .argname = "iterations", |
.argname = "iterations", |
| .desc = "Specify iteration count and force use of PBKDF2", |
.desc = "Specify iteration count and force use of PBKDF2", |
| .type = OPTION_ARG_INT, |
.type = OPTION_ARG_INT, |
| .opt.value = &enc_config.iter, |
.opt.value = &cfg.iter, |
| }, |
}, |
| { |
{ |
| .name = "iv", |
.name = "iv", |
| .argname = "IV", |
.argname = "IV", |
| .desc = "IV to use, specified as a hexadecimal string", |
.desc = "IV to use, specified as a hexadecimal string", |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &enc_config.hiv, |
.opt.arg = &cfg.hiv, |
| }, |
}, |
| { |
{ |
| .name = "K", |
.name = "K", |
| .argname = "key", |
.argname = "key", |
| .desc = "Key to use, specified as a hexadecimal string", |
.desc = "Key to use, specified as a hexadecimal string", |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &enc_config.hkey, |
.opt.arg = &cfg.hkey, |
| }, |
}, |
| { |
{ |
| .name = "k", /* Superseded by -pass. */ |
.name = "k", /* Superseded by -pass. */ |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &enc_config.keystr, |
.opt.arg = &cfg.keystr, |
| }, |
}, |
| { |
{ |
| .name = "kfile", /* Superseded by -pass. */ |
.name = "kfile", /* Superseded by -pass. */ |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &enc_config.keyfile, |
.opt.arg = &cfg.keyfile, |
| }, |
}, |
| { |
{ |
| .name = "md", |
.name = "md", |
| .argname = "digest", |
.argname = "digest", |
| .desc = "Digest to use to create a key from the passphrase", |
.desc = "Digest to use to create a key from the passphrase", |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &enc_config.md, |
.opt.arg = &cfg.md, |
| }, |
}, |
| { |
{ |
| .name = "none", |
.name = "none", |
|
|
| .name = "nopad", |
.name = "nopad", |
| .desc = "Disable standard block padding", |
.desc = "Disable standard block padding", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &enc_config.nopad, |
.opt.flag = &cfg.nopad, |
| }, |
}, |
| { |
{ |
| .name = "nosalt", |
.name = "nosalt", |
| .type = OPTION_VALUE, |
.type = OPTION_VALUE, |
| .opt.value = &enc_config.nosalt, |
.opt.value = &cfg.nosalt, |
| .value = 1, |
.value = 1, |
| }, |
}, |
| { |
{ |
|
|
| .argname = "file", |
.argname = "file", |
| .desc = "Output file to write to (default stdout)", |
.desc = "Output file to write to (default stdout)", |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &enc_config.outf, |
.opt.arg = &cfg.outf, |
| }, |
}, |
| { |
{ |
| .name = "P", |
.name = "P", |
| .desc = "Print out the salt, key and IV used, then exit\n" |
.desc = "Print out the salt, key and IV used, then exit\n" |
| " (no encryption or decryption is performed)", |
" (no encryption or decryption is performed)", |
| .type = OPTION_VALUE, |
.type = OPTION_VALUE, |
| .opt.value = &enc_config.printkey, |
.opt.value = &cfg.printkey, |
| .value = 2, |
.value = 2, |
| }, |
}, |
| { |
{ |
| .name = "p", |
.name = "p", |
| .desc = "Print out the salt, key and IV used", |
.desc = "Print out the salt, key and IV used", |
| .type = OPTION_VALUE, |
.type = OPTION_VALUE, |
| .opt.value = &enc_config.printkey, |
.opt.value = &cfg.printkey, |
| .value = 1, |
.value = 1, |
| }, |
}, |
| { |
{ |
|
|
| .argname = "source", |
.argname = "source", |
| .desc = "Password source", |
.desc = "Password source", |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &enc_config.passarg, |
.opt.arg = &cfg.passarg, |
| }, |
}, |
| { |
{ |
| .name = "pbkdf2", |
.name = "pbkdf2", |
| .desc = "Use the pbkdf2 key derivation function", |
.desc = "Use the pbkdf2 key derivation function", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &enc_config.pbkdf2, |
.opt.flag = &cfg.pbkdf2, |
| }, |
}, |
| { |
{ |
| .name = "S", |
.name = "S", |
| .argname = "salt", |
.argname = "salt", |
| .desc = "Salt to use, specified as a hexadecimal string", |
.desc = "Salt to use, specified as a hexadecimal string", |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &enc_config.hsalt, |
.opt.arg = &cfg.hsalt, |
| }, |
}, |
| { |
{ |
| .name = "salt", |
.name = "salt", |
| .desc = "Use a salt in the key derivation routines (default)", |
.desc = "Use a salt in the key derivation routines (default)", |
| .type = OPTION_VALUE, |
.type = OPTION_VALUE, |
| .opt.value = &enc_config.nosalt, |
.opt.value = &cfg.nosalt, |
| .value = 0, |
.value = 0, |
| }, |
}, |
| { |
{ |
| .name = "v", |
.name = "v", |
| .desc = "Verbose", |
.desc = "Verbose", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &enc_config.verbose, |
.opt.flag = &cfg.verbose, |
| }, |
}, |
| #ifdef ZLIB |
#ifdef ZLIB |
| { |
{ |
| .name = "z", |
.name = "z", |
| .desc = "Perform zlib compression/decompression", |
.desc = "Perform zlib compression/decompression", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &enc_config.do_zlib, |
.opt.flag = &cfg.do_zlib, |
| }, |
}, |
| #endif |
#endif |
| { |
{ |
|
|
| exit(1); |
exit(1); |
| } |
} |
| |
|
| memset(&enc_config, 0, sizeof(enc_config)); |
memset(&cfg, 0, sizeof(cfg)); |
| enc_config.enc = 1; |
cfg.enc = 1; |
| |
|
| /* first check the program name */ |
/* first check the program name */ |
| program_name(argv[0], pname, sizeof(pname)); |
program_name(argv[0], pname, sizeof(pname)); |
| |
|
| if (strcmp(pname, "base64") == 0) |
if (strcmp(pname, "base64") == 0) |
| enc_config.base64 = 1; |
cfg.base64 = 1; |
| |
|
| #ifdef ZLIB |
#ifdef ZLIB |
| if (strcmp(pname, "zlib") == 0) |
if (strcmp(pname, "zlib") == 0) |
| enc_config.do_zlib = 1; |
cfg.do_zlib = 1; |
| #endif |
#endif |
| |
|
| enc_config.cipher = EVP_get_cipherbyname(pname); |
cfg.cipher = EVP_get_cipherbyname(pname); |
| |
|
| #ifdef ZLIB |
#ifdef ZLIB |
| if (!enc_config.do_zlib && !enc_config.base64 && |
if (!cfg.do_zlib && !cfg.base64 && |
| enc_config.cipher == NULL && strcmp(pname, "enc") != 0) |
cfg.cipher == NULL && strcmp(pname, "enc") != 0) |
| #else |
#else |
| if (!enc_config.base64 && enc_config.cipher == NULL && |
if (!cfg.base64 && cfg.cipher == NULL && |
| strcmp(pname, "enc") != 0) |
strcmp(pname, "enc") != 0) |
| #endif |
#endif |
| { |
{ |
|
|
| goto end; |
goto end; |
| } |
} |
| |
|
| if (enc_config.keyfile != NULL) { |
if (cfg.keyfile != NULL) { |
| static char buf[128]; |
static char buf[128]; |
| FILE *infile; |
FILE *infile; |
| |
|
| infile = fopen(enc_config.keyfile, "r"); |
infile = fopen(cfg.keyfile, "r"); |
| if (infile == NULL) { |
if (infile == NULL) { |
| BIO_printf(bio_err, "unable to read key from '%s'\n", |
BIO_printf(bio_err, "unable to read key from '%s'\n", |
| enc_config.keyfile); |
cfg.keyfile); |
| goto end; |
goto end; |
| } |
} |
| buf[0] = '\0'; |
buf[0] = '\0'; |
| if (!fgets(buf, sizeof buf, infile)) { |
if (!fgets(buf, sizeof buf, infile)) { |
| BIO_printf(bio_err, "unable to read key from '%s'\n", |
BIO_printf(bio_err, "unable to read key from '%s'\n", |
| enc_config.keyfile); |
cfg.keyfile); |
| fclose(infile); |
fclose(infile); |
| goto end; |
goto end; |
| } |
} |
|
|
| BIO_printf(bio_err, "zero length password\n"); |
BIO_printf(bio_err, "zero length password\n"); |
| goto end; |
goto end; |
| } |
} |
| enc_config.keystr = buf; |
cfg.keystr = buf; |
| } |
} |
| |
|
| if (enc_config.cipher != NULL && |
if (cfg.cipher != NULL && |
| (EVP_CIPHER_flags(enc_config.cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) { |
(EVP_CIPHER_flags(cfg.cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) { |
| BIO_printf(bio_err, "enc does not support AEAD ciphers\n"); |
BIO_printf(bio_err, "enc does not support AEAD ciphers\n"); |
| goto end; |
goto end; |
| } |
} |
| |
|
| if (enc_config.cipher != NULL && |
if (cfg.cipher != NULL && |
| EVP_CIPHER_mode(enc_config.cipher) == EVP_CIPH_XTS_MODE) { |
EVP_CIPHER_mode(cfg.cipher) == EVP_CIPH_XTS_MODE) { |
| BIO_printf(bio_err, "enc does not support XTS mode\n"); |
BIO_printf(bio_err, "enc does not support XTS mode\n"); |
| goto end; |
goto end; |
| } |
} |
| |
|
| if (enc_config.md != NULL && |
if (cfg.md != NULL && |
| (dgst = EVP_get_digestbyname(enc_config.md)) == NULL) { |
(dgst = EVP_get_digestbyname(cfg.md)) == NULL) { |
| BIO_printf(bio_err, |
BIO_printf(bio_err, |
| "%s is an unsupported message digest type\n", |
"%s is an unsupported message digest type\n", |
| enc_config.md); |
cfg.md); |
| goto end; |
goto end; |
| } |
} |
| if (dgst == NULL) { |
if (dgst == NULL) { |
| dgst = EVP_sha256(); |
dgst = EVP_sha256(); |
| } |
} |
| |
|
| if (enc_config.bufsize != NULL) { |
if (cfg.bufsize != NULL) { |
| char *p = enc_config.bufsize; |
char *p = cfg.bufsize; |
| unsigned long n; |
unsigned long n; |
| |
|
| /* XXX - provide an OPTION_ARG_DISKUNIT. */ |
/* XXX - provide an OPTION_ARG_DISKUNIT. */ |
|
|
| goto end; |
goto end; |
| } |
} |
| /* It must be large enough for a base64 encoded line. */ |
/* It must be large enough for a base64 encoded line. */ |
| if (enc_config.base64 && n < 80) |
if (cfg.base64 && n < 80) |
| n = 80; |
n = 80; |
| |
|
| bsize = (int)n; |
bsize = (int)n; |
| if (enc_config.verbose) |
if (cfg.verbose) |
| BIO_printf(bio_err, "bufsize=%d\n", bsize); |
BIO_printf(bio_err, "bufsize=%d\n", bsize); |
| } |
} |
| strbuf = malloc(SIZE); |
strbuf = malloc(SIZE); |
|
|
| ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
| goto end; |
goto end; |
| } |
} |
| if (enc_config.debug) { |
if (cfg.debug) { |
| BIO_set_callback(in, BIO_debug_callback); |
BIO_set_callback(in, BIO_debug_callback); |
| BIO_set_callback(out, BIO_debug_callback); |
BIO_set_callback(out, BIO_debug_callback); |
| BIO_set_callback_arg(in, (char *) bio_err); |
BIO_set_callback_arg(in, (char *) bio_err); |
| BIO_set_callback_arg(out, (char *) bio_err); |
BIO_set_callback_arg(out, (char *) bio_err); |
| } |
} |
| if (enc_config.inf == NULL) { |
if (cfg.inf == NULL) { |
| if (enc_config.bufsize != NULL) |
if (cfg.bufsize != NULL) |
| setvbuf(stdin, (char *) NULL, _IONBF, 0); |
setvbuf(stdin, (char *) NULL, _IONBF, 0); |
| BIO_set_fp(in, stdin, BIO_NOCLOSE); |
BIO_set_fp(in, stdin, BIO_NOCLOSE); |
| } else { |
} else { |
| if (BIO_read_filename(in, enc_config.inf) <= 0) { |
if (BIO_read_filename(in, cfg.inf) <= 0) { |
| perror(enc_config.inf); |
perror(cfg.inf); |
| goto end; |
goto end; |
| } |
} |
| } |
} |
| |
|
| if (!enc_config.keystr && enc_config.passarg) { |
if (!cfg.keystr && cfg.passarg) { |
| if (!app_passwd(bio_err, enc_config.passarg, NULL, |
if (!app_passwd(bio_err, cfg.passarg, NULL, |
| &pass, NULL)) { |
&pass, NULL)) { |
| BIO_printf(bio_err, "Error getting password\n"); |
BIO_printf(bio_err, "Error getting password\n"); |
| goto end; |
goto end; |
| } |
} |
| enc_config.keystr = pass; |
cfg.keystr = pass; |
| } |
} |
| if (enc_config.keystr == NULL && enc_config.cipher != NULL && |
if (cfg.keystr == NULL && cfg.cipher != NULL && |
| enc_config.hkey == NULL) { |
cfg.hkey == NULL) { |
| for (;;) { |
for (;;) { |
| char buf[200]; |
char buf[200]; |
| int retval; |
int retval; |
| |
|
| retval = snprintf(buf, sizeof buf, |
retval = snprintf(buf, sizeof buf, |
| "enter %s %s password:", |
"enter %s %s password:", |
| OBJ_nid2ln(EVP_CIPHER_nid(enc_config.cipher)), |
OBJ_nid2ln(EVP_CIPHER_nid(cfg.cipher)), |
| enc_config.enc ? "encryption" : "decryption"); |
cfg.enc ? "encryption" : "decryption"); |
| if ((size_t)retval >= sizeof buf) { |
if ((size_t)retval >= sizeof buf) { |
| BIO_printf(bio_err, |
BIO_printf(bio_err, |
| "Password prompt too long\n"); |
"Password prompt too long\n"); |
|
|
| } |
} |
| strbuf[0] = '\0'; |
strbuf[0] = '\0'; |
| i = EVP_read_pw_string((char *)strbuf, SIZE, buf, |
i = EVP_read_pw_string((char *)strbuf, SIZE, buf, |
| enc_config.enc); |
cfg.enc); |
| if (i == 0) { |
if (i == 0) { |
| if (strbuf[0] == '\0') { |
if (strbuf[0] == '\0') { |
| ret = 1; |
ret = 1; |
| goto end; |
goto end; |
| } |
} |
| enc_config.keystr = strbuf; |
cfg.keystr = strbuf; |
| break; |
break; |
| } |
} |
| if (i < 0) { |
if (i < 0) { |
|
|
| } |
} |
| } |
} |
| } |
} |
| if (enc_config.outf == NULL) { |
if (cfg.outf == NULL) { |
| BIO_set_fp(out, stdout, BIO_NOCLOSE); |
BIO_set_fp(out, stdout, BIO_NOCLOSE); |
| if (enc_config.bufsize != NULL) |
if (cfg.bufsize != NULL) |
| setvbuf(stdout, (char *)NULL, _IONBF, 0); |
setvbuf(stdout, (char *)NULL, _IONBF, 0); |
| } else { |
} else { |
| if (BIO_write_filename(out, enc_config.outf) <= 0) { |
if (BIO_write_filename(out, cfg.outf) <= 0) { |
| perror(enc_config.outf); |
perror(cfg.outf); |
| goto end; |
goto end; |
| } |
} |
| } |
} |
|
|
| } |
} |
| #endif |
#endif |
| |
|
| if (enc_config.base64) { |
if (cfg.base64) { |
| if ((b64 = BIO_new(BIO_f_base64())) == NULL) |
if ((b64 = BIO_new(BIO_f_base64())) == NULL) |
| goto end; |
goto end; |
| if (enc_config.debug) { |
if (cfg.debug) { |
| BIO_set_callback(b64, BIO_debug_callback); |
BIO_set_callback(b64, BIO_debug_callback); |
| BIO_set_callback_arg(b64, (char *) bio_err); |
BIO_set_callback_arg(b64, (char *) bio_err); |
| } |
} |
| if (enc_config.olb64) |
if (cfg.olb64) |
| BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); |
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); |
| if (enc_config.enc) |
if (cfg.enc) |
| wbio = BIO_push(b64, wbio); |
wbio = BIO_push(b64, wbio); |
| else |
else |
| rbio = BIO_push(b64, rbio); |
rbio = BIO_push(b64, rbio); |
| } |
} |
| if (enc_config.cipher != NULL) { |
if (cfg.cipher != NULL) { |
| /* |
/* |
| * Note that keystr is NULL if a key was passed on the command |
* Note that keystr is NULL if a key was passed on the command |
| * line, so we get no salt in that case. Is this a bug? |
* line, so we get no salt in that case. Is this a bug? |
| */ |
*/ |
| if (enc_config.keystr != NULL) { |
if (cfg.keystr != NULL) { |
| /* |
/* |
| * Salt handling: if encrypting generate a salt and |
* Salt handling: if encrypting generate a salt and |
| * write to output BIO. If decrypting read salt from |
* write to output BIO. If decrypting read salt from |
| * input BIO. |
* input BIO. |
| */ |
*/ |
| unsigned char *sptr; |
unsigned char *sptr; |
| if (enc_config.nosalt) |
if (cfg.nosalt) |
| sptr = NULL; |
sptr = NULL; |
| else { |
else { |
| if (enc_config.enc) { |
if (cfg.enc) { |
| if (enc_config.hsalt) { |
if (cfg.hsalt) { |
| if (!set_hex(enc_config.hsalt, salt, sizeof salt)) { |
if (!set_hex(cfg.hsalt, salt, sizeof salt)) { |
| BIO_printf(bio_err, |
BIO_printf(bio_err, |
| "invalid hex salt value\n"); |
"invalid hex salt value\n"); |
| goto end; |
goto end; |
|
|
| * If -P option then don't bother |
* If -P option then don't bother |
| * writing |
* writing |
| */ |
*/ |
| if ((enc_config.printkey != 2) |
if ((cfg.printkey != 2) |
| && (BIO_write(wbio, magic, |
&& (BIO_write(wbio, magic, |
| sizeof magic - 1) != sizeof magic - 1 |
sizeof magic - 1) != sizeof magic - 1 |
| || BIO_write(wbio, |
|| BIO_write(wbio, |
|
|
| } |
} |
| sptr = salt; |
sptr = salt; |
| } |
} |
| if (enc_config.pbkdf2 == 1 || enc_config.iter > 0) { |
if (cfg.pbkdf2 == 1 || cfg.iter > 0) { |
| /* |
/* |
| * derive key and default iv |
* derive key and default iv |
| * concatenated into a temporary buffer |
* concatenated into a temporary buffer |
| */ |
*/ |
| unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH]; |
unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH]; |
| int iklen = EVP_CIPHER_key_length(enc_config.cipher); |
int iklen = EVP_CIPHER_key_length(cfg.cipher); |
| int ivlen = EVP_CIPHER_iv_length(enc_config.cipher); |
int ivlen = EVP_CIPHER_iv_length(cfg.cipher); |
| /* not needed if HASH_UPDATE() is fixed : */ |
/* not needed if HASH_UPDATE() is fixed : */ |
| int islen = (sptr != NULL ? sizeof(salt) : 0); |
int islen = (sptr != NULL ? sizeof(salt) : 0); |
| |
|
| if (enc_config.iter == 0) |
if (cfg.iter == 0) |
| enc_config.iter = 10000; |
cfg.iter = 10000; |
| |
|
| if (!PKCS5_PBKDF2_HMAC(enc_config.keystr, |
if (!PKCS5_PBKDF2_HMAC(cfg.keystr, |
| strlen(enc_config.keystr), sptr, islen, |
strlen(cfg.keystr), sptr, islen, |
| enc_config.iter, dgst, iklen+ivlen, tmpkeyiv)) { |
cfg.iter, dgst, iklen+ivlen, tmpkeyiv)) { |
| BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n"); |
BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n"); |
| goto end; |
goto end; |
| } |
} |
|
|
| memcpy(iv, tmpkeyiv + iklen, ivlen); |
memcpy(iv, tmpkeyiv + iklen, ivlen); |
| explicit_bzero(tmpkeyiv, sizeof tmpkeyiv); |
explicit_bzero(tmpkeyiv, sizeof tmpkeyiv); |
| } else { |
} else { |
| EVP_BytesToKey(enc_config.cipher, dgst, sptr, |
EVP_BytesToKey(cfg.cipher, dgst, sptr, |
| (unsigned char *)enc_config.keystr, |
(unsigned char *)cfg.keystr, |
| strlen(enc_config.keystr), 1, key, iv); |
strlen(cfg.keystr), 1, key, iv); |
| } |
} |
| |
|
| /* |
/* |
|
|
| * the command line bug picked up by Larry J. Hughes |
* the command line bug picked up by Larry J. Hughes |
| * Jr. <hughes@indiana.edu> |
* Jr. <hughes@indiana.edu> |
| */ |
*/ |
| if (enc_config.keystr == strbuf) |
if (cfg.keystr == strbuf) |
| explicit_bzero(enc_config.keystr, SIZE); |
explicit_bzero(cfg.keystr, SIZE); |
| else |
else |
| explicit_bzero(enc_config.keystr, |
explicit_bzero(cfg.keystr, |
| strlen(enc_config.keystr)); |
strlen(cfg.keystr)); |
| } |
} |
| if (enc_config.hiv != NULL && |
if (cfg.hiv != NULL && |
| !set_hex(enc_config.hiv, iv, sizeof iv)) { |
!set_hex(cfg.hiv, iv, sizeof iv)) { |
| BIO_printf(bio_err, "invalid hex iv value\n"); |
BIO_printf(bio_err, "invalid hex iv value\n"); |
| goto end; |
goto end; |
| } |
} |
| if (enc_config.hiv == NULL && enc_config.keystr == NULL && |
if (cfg.hiv == NULL && cfg.keystr == NULL && |
| EVP_CIPHER_iv_length(enc_config.cipher) != 0) { |
EVP_CIPHER_iv_length(cfg.cipher) != 0) { |
| /* |
/* |
| * No IV was explicitly set and no IV was generated |
* No IV was explicitly set and no IV was generated |
| * during EVP_BytesToKey. Hence the IV is undefined, |
* during EVP_BytesToKey. Hence the IV is undefined, |
|
|
| BIO_printf(bio_err, "iv undefined\n"); |
BIO_printf(bio_err, "iv undefined\n"); |
| goto end; |
goto end; |
| } |
} |
| if (enc_config.hkey != NULL && |
if (cfg.hkey != NULL && |
| !set_hex(enc_config.hkey, key, sizeof key)) { |
!set_hex(cfg.hkey, key, sizeof key)) { |
| BIO_printf(bio_err, "invalid hex key value\n"); |
BIO_printf(bio_err, "invalid hex key value\n"); |
| goto end; |
goto end; |
| } |
} |
|
|
| |
|
| BIO_get_cipher_ctx(benc, &ctx); |
BIO_get_cipher_ctx(benc, &ctx); |
| |
|
| if (!EVP_CipherInit_ex(ctx, enc_config.cipher, NULL, NULL, |
if (!EVP_CipherInit_ex(ctx, cfg.cipher, NULL, NULL, |
| NULL, enc_config.enc)) { |
NULL, cfg.enc)) { |
| BIO_printf(bio_err, "Error setting cipher %s\n", |
BIO_printf(bio_err, "Error setting cipher %s\n", |
| EVP_CIPHER_name(enc_config.cipher)); |
EVP_CIPHER_name(cfg.cipher)); |
| ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
| goto end; |
goto end; |
| } |
} |
| if (enc_config.nopad) |
if (cfg.nopad) |
| EVP_CIPHER_CTX_set_padding(ctx, 0); |
EVP_CIPHER_CTX_set_padding(ctx, 0); |
| |
|
| if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, |
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, |
| enc_config.enc)) { |
cfg.enc)) { |
| BIO_printf(bio_err, "Error setting cipher %s\n", |
BIO_printf(bio_err, "Error setting cipher %s\n", |
| EVP_CIPHER_name(enc_config.cipher)); |
EVP_CIPHER_name(cfg.cipher)); |
| ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
| goto end; |
goto end; |
| } |
} |
| if (enc_config.debug) { |
if (cfg.debug) { |
| BIO_set_callback(benc, BIO_debug_callback); |
BIO_set_callback(benc, BIO_debug_callback); |
| BIO_set_callback_arg(benc, (char *) bio_err); |
BIO_set_callback_arg(benc, (char *) bio_err); |
| } |
} |
| if (enc_config.printkey) { |
if (cfg.printkey) { |
| int key_len, iv_len; |
int key_len, iv_len; |
| |
|
| if (!enc_config.nosalt) { |
if (!cfg.nosalt) { |
| printf("salt="); |
printf("salt="); |
| for (i = 0; i < (int) sizeof(salt); i++) |
for (i = 0; i < (int) sizeof(salt); i++) |
| printf("%02X", salt[i]); |
printf("%02X", salt[i]); |
| printf("\n"); |
printf("\n"); |
| } |
} |
| key_len = EVP_CIPHER_key_length(enc_config.cipher); |
key_len = EVP_CIPHER_key_length(cfg.cipher); |
| if (key_len > 0) { |
if (key_len > 0) { |
| printf("key="); |
printf("key="); |
| for (i = 0; i < key_len; i++) |
for (i = 0; i < key_len; i++) |
| printf("%02X", key[i]); |
printf("%02X", key[i]); |
| printf("\n"); |
printf("\n"); |
| } |
} |
| iv_len = EVP_CIPHER_iv_length(enc_config.cipher); |
iv_len = EVP_CIPHER_iv_length(cfg.cipher); |
| if (iv_len > 0) { |
if (iv_len > 0) { |
| printf("iv ="); |
printf("iv ="); |
| for (i = 0; i < iv_len; i++) |
for (i = 0; i < iv_len; i++) |
| printf("%02X", iv[i]); |
printf("%02X", iv[i]); |
| printf("\n"); |
printf("\n"); |
| } |
} |
| if (enc_config.printkey == 2) { |
if (cfg.printkey == 2) { |
| ret = 0; |
ret = 0; |
| goto end; |
goto end; |
| } |
} |
|
|
| goto end; |
goto end; |
| } |
} |
| ret = 0; |
ret = 0; |
| if (enc_config.verbose) { |
if (cfg.verbose) { |
| BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in)); |
BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in)); |
| BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out)); |
BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out)); |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to enc.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / openssl