version 1.3, 2014/10/22 13:54:03 |
version 1.4, 2015/01/01 13:55:03 |
|
|
|
|
#define SIZE (512) |
#define SIZE (512) |
#define BSIZE (8*1024) |
#define BSIZE (8*1024) |
#define PROG enc_main |
|
|
|
|
static struct { |
|
int base64; |
|
char *bufsize; |
|
const EVP_CIPHER *cipher; |
|
int debug; |
|
#ifdef ZLIB |
|
int do_zlib; |
|
#endif |
|
int enc; |
|
#ifndef OPENSSL_NO_ENGINE |
|
char *engine; |
|
#endif |
|
char *hiv; |
|
char *hkey; |
|
char *hsalt; |
|
char *inf; |
|
char *keyfile; |
|
char *keystr; |
|
char *md; |
|
int nopad; |
|
int nosalt; |
|
int olb64; |
|
char *outf; |
|
char *passarg; |
|
int printkey; |
|
int verbose; |
|
} enc_config; |
|
|
|
static int |
|
enc_opt_cipher(int argc, char **argv, int *argsused) |
|
{ |
|
char *name = argv[0]; |
|
|
|
if (*name++ != '-') |
|
return (1); |
|
|
|
if (strcmp(name, "none") == 0) { |
|
enc_config.cipher = NULL; |
|
*argsused = 1; |
|
return (0); |
|
} |
|
|
|
if ((enc_config.cipher = EVP_get_cipherbyname(name)) != NULL) { |
|
*argsused = 1; |
|
return (0); |
|
} |
|
|
|
return (1); |
|
} |
|
|
|
static struct option enc_options[] = { |
|
{ |
|
.name = "A", |
|
.desc = "Process base64 data on one line (requires -a)", |
|
.type = OPTION_FLAG, |
|
.opt.flag = &enc_config.olb64, |
|
}, |
|
{ |
|
.name = "a", |
|
.desc = "Perform base64 encoding/decoding (alias -base64)", |
|
.type = OPTION_FLAG, |
|
.opt.flag = &enc_config.base64, |
|
}, |
|
{ |
|
.name = "base64", |
|
.type = OPTION_FLAG, |
|
.opt.flag = &enc_config.base64, |
|
}, |
|
{ |
|
.name = "bufsize", |
|
.argname = "size", |
|
.desc = "Specify the buffer size to use for I/O", |
|
.type = OPTION_ARG, |
|
.opt.arg = &enc_config.bufsize, |
|
}, |
|
{ |
|
.name = "d", |
|
.desc = "Decrypt the input data", |
|
.type = OPTION_VALUE, |
|
.opt.value = &enc_config.enc, |
|
.value = 0, |
|
}, |
|
{ |
|
.name = "debug", |
|
.desc = "Print debugging information", |
|
.type = OPTION_FLAG, |
|
.opt.flag = &enc_config.debug, |
|
}, |
|
{ |
|
.name = "e", |
|
.desc = "Encrypt the input data (default)", |
|
.type = OPTION_VALUE, |
|
.opt.value = &enc_config.enc, |
|
.value = 1, |
|
}, |
|
#ifndef OPENSSL_NO_ENGINE |
|
{ |
|
.name = "engine", |
|
.argname = "id", |
|
.desc = "Use the engine specified by the given identifier", |
|
.type = OPTION_ARG, |
|
.opt.arg = &enc_config.engine, |
|
}, |
|
#endif |
|
{ |
|
.name = "in", |
|
.argname = "file", |
|
.desc = "Input file to read from (default stdin)", |
|
.type = OPTION_ARG, |
|
.opt.arg = &enc_config.inf, |
|
}, |
|
{ |
|
.name = "iv", |
|
.argname = "IV", |
|
.desc = "IV to use, specified as a hexidecimal string", |
|
.type = OPTION_ARG, |
|
.opt.arg = &enc_config.hiv, |
|
}, |
|
{ |
|
.name = "K", |
|
.argname = "key", |
|
.desc = "Key to use, specified as a hexidecimal string", |
|
.type = OPTION_ARG, |
|
.opt.arg = &enc_config.hkey, |
|
}, |
|
{ |
|
.name = "k", /* Superseded by -pass. */ |
|
.type = OPTION_ARG, |
|
.opt.arg = &enc_config.keystr, |
|
}, |
|
{ |
|
.name = "kfile", /* Superseded by -pass. */ |
|
.type = OPTION_ARG, |
|
.opt.arg = &enc_config.keyfile, |
|
}, |
|
{ |
|
.name = "md", |
|
.argname = "digest", |
|
.desc = "Digest to use to create a key from the passphrase", |
|
.type = OPTION_ARG, |
|
.opt.arg = &enc_config.md, |
|
}, |
|
{ |
|
.name = "none", |
|
.desc = "Use NULL cipher (no encryption or decryption)", |
|
.type = OPTION_ARGV_FUNC, |
|
.opt.argvfunc = enc_opt_cipher, |
|
}, |
|
{ |
|
.name = "nopad", |
|
.desc = "Disable standard block padding", |
|
.type = OPTION_FLAG, |
|
.opt.flag = &enc_config.nopad, |
|
}, |
|
{ |
|
.name = "nosalt", |
|
.type = OPTION_VALUE, |
|
.opt.value = &enc_config.nosalt, |
|
.value = 1, |
|
}, |
|
{ |
|
.name = "out", |
|
.argname = "file", |
|
.desc = "Output file to write to (default stdout)", |
|
.type = OPTION_ARG, |
|
.opt.arg = &enc_config.outf, |
|
}, |
|
{ |
|
.name = "P", |
|
.desc = "Print out the salt, key and IV used, then exit\n" |
|
" (no encryption or decryption is performed)", |
|
.type = OPTION_VALUE, |
|
.opt.value = &enc_config.printkey, |
|
.value = 2, |
|
}, |
|
{ |
|
.name = "p", |
|
.desc = "Print out the salt, key and IV used", |
|
.type = OPTION_VALUE, |
|
.opt.value = &enc_config.printkey, |
|
.value = 1, |
|
}, |
|
{ |
|
.name = "pass", |
|
.argname = "source", |
|
.desc = "Password source", |
|
.type = OPTION_ARG, |
|
.opt.arg = &enc_config.passarg, |
|
}, |
|
{ |
|
.name = "S", |
|
.argname = "salt", |
|
.desc = "Salt to use, specified as a hexidecimal string", |
|
.type = OPTION_ARG, |
|
.opt.arg = &enc_config.hsalt, |
|
}, |
|
{ |
|
.name = "salt", |
|
.desc = "Use a salt in the key derivation routines (default)", |
|
.type = OPTION_VALUE, |
|
.opt.value = &enc_config.nosalt, |
|
.value = 0, |
|
}, |
|
{ |
|
.name = "v", |
|
.desc = "Verbose", |
|
.type = OPTION_FLAG, |
|
.opt.flag = &enc_config.verbose, |
|
}, |
|
#ifdef ZLIB |
|
{ |
|
.name = "z", |
|
.desc = "Perform zlib compression/decompression", |
|
.type = OPTION_FLAG, |
|
.opt.flag = &enc_config.do_zlib, |
|
}, |
|
#endif |
|
{ |
|
.name = NULL, |
|
.type = OPTION_ARGV_FUNC, |
|
.opt.argvfunc = enc_opt_cipher, |
|
}, |
|
{ NULL }, |
|
}; |
|
|
static void |
static void |
show_ciphers(const OBJ_NAME * name, void *bio_) |
show_ciphers(const OBJ_NAME *name, void *arg) |
{ |
{ |
BIO *bio = bio_; |
|
static int n; |
static int n; |
|
|
if (!islower((unsigned char) *name->name)) |
if (!islower((unsigned char)*name->name)) |
return; |
return; |
|
|
BIO_printf(bio, "-%-25s", name->name); |
fprintf(stderr, " -%-24s%s", name->name, (++n % 3 ? "" : "\n")); |
if (++n == 3) { |
|
BIO_printf(bio, "\n"); |
|
n = 0; |
|
} else |
|
BIO_printf(bio, " "); |
|
} |
} |
|
|
|
static void |
|
enc_usage(void) |
|
{ |
|
fprintf(stderr, "usage: enc -ciphername [-AadePp] [-base64] " |
|
"[-bufsize number] [-debug]\n" |
|
" [-engine id] [-in file] [-iv IV] [-K key] [-k password]\n" |
|
" [-kfile file] [-md digest] [-none] [-nopad] [-nosalt]\n" |
|
" [-out file] [-pass arg] [-S salt] [-salt]\n\n"); |
|
options_usage(enc_options); |
|
fprintf(stderr, "\n"); |
|
|
|
fprintf(stderr, "Valid ciphername values:\n\n"); |
|
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, show_ciphers, NULL); |
|
fprintf(stderr, "\n"); |
|
} |
|
|
int enc_main(int, char **); |
int enc_main(int, char **); |
|
|
int |
int |
|
|
{ |
{ |
static const char magic[] = "Salted__"; |
static const char magic[] = "Salted__"; |
char mbuf[sizeof magic - 1]; |
char mbuf[sizeof magic - 1]; |
char *strbuf = NULL; |
char *strbuf = NULL, *pass = NULL; |
unsigned char *buff = NULL, *bufsize = NULL; |
unsigned char *buff = NULL; |
int bsize = BSIZE, verbose = 0; |
int bsize = BSIZE; |
int ret = 1, inl; |
int ret = 1, inl; |
int nopad = 0; |
|
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; |
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; |
unsigned char salt[PKCS5_SALT_LEN]; |
unsigned char salt[PKCS5_SALT_LEN]; |
char *str = NULL, *passarg = NULL, *pass = NULL; |
|
char *hkey = NULL, *hiv = NULL, *hsalt = NULL; |
|
char *md = NULL; |
|
int enc = 1, printkey = 0, i, base64 = 0; |
|
#ifdef ZLIB |
#ifdef ZLIB |
int do_zlib = 0; |
|
BIO *bzl = NULL; |
BIO *bzl = NULL; |
#endif |
#endif |
int debug = 0, olb64 = 0, nosalt = 0; |
|
const EVP_CIPHER *cipher = NULL, *c; |
|
EVP_CIPHER_CTX *ctx = NULL; |
EVP_CIPHER_CTX *ctx = NULL; |
char *inf = NULL, *outf = NULL; |
const EVP_MD *dgst = NULL; |
BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio = NULL, |
BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL; |
*wbio = NULL; |
BIO *rbio = NULL, *wbio = NULL; |
#define PROG_NAME_SIZE 39 |
#define PROG_NAME_SIZE 39 |
char pname[PROG_NAME_SIZE + 1]; |
char pname[PROG_NAME_SIZE + 1]; |
#ifndef OPENSSL_NO_ENGINE |
int i; |
char *engine = NULL; |
|
#endif |
|
const EVP_MD *dgst = NULL; |
|
|
|
|
memset(&enc_config, 0, sizeof(enc_config)); |
|
enc_config.enc = 1; |
|
|
/* first check the program name */ |
/* first check the program name */ |
program_name(argv[0], pname, sizeof pname); |
program_name(argv[0], pname, sizeof(pname)); |
|
|
if (strcmp(pname, "base64") == 0) |
if (strcmp(pname, "base64") == 0) |
base64 = 1; |
enc_config.base64 = 1; |
|
|
#ifdef ZLIB |
#ifdef ZLIB |
if (strcmp(pname, "zlib") == 0) |
if (strcmp(pname, "zlib") == 0) |
do_zlib = 1; |
enc_config.do_zlib = 1; |
#endif |
#endif |
|
|
cipher = EVP_get_cipherbyname(pname); |
enc_config.cipher = EVP_get_cipherbyname(pname); |
|
|
#ifdef ZLIB |
#ifdef ZLIB |
if (!do_zlib && !base64 && (cipher == NULL) |
if (!enc_config.do_zlib && !enc_config.base64 && |
&& (strcmp(pname, "enc") != 0)) |
enc_config.cipher == NULL && strcmp(pname, "enc") != 0) |
#else |
#else |
if (!base64 && (cipher == NULL) && (strcmp(pname, "enc") != 0)) |
if (!enc_config.base64 && enc_config.cipher == NULL && |
|
strcmp(pname, "enc") != 0) |
#endif |
#endif |
{ |
{ |
BIO_printf(bio_err, "%s is an unknown cipher\n", pname); |
BIO_printf(bio_err, "%s is an unknown cipher\n", pname); |
goto bad; |
goto end; |
} |
} |
argc--; |
|
argv++; |
|
while (argc >= 1) { |
|
if (strcmp(*argv, "-e") == 0) |
|
enc = 1; |
|
else if (strcmp(*argv, "-in") == 0) { |
|
if (--argc < 1) |
|
goto bad; |
|
inf = *(++argv); |
|
} else if (strcmp(*argv, "-out") == 0) { |
|
if (--argc < 1) |
|
goto bad; |
|
outf = *(++argv); |
|
} else if (strcmp(*argv, "-pass") == 0) { |
|
if (--argc < 1) |
|
goto bad; |
|
passarg = *(++argv); |
|
} |
|
#ifndef OPENSSL_NO_ENGINE |
|
else if (strcmp(*argv, "-engine") == 0) { |
|
if (--argc < 1) |
|
goto bad; |
|
engine = *(++argv); |
|
} |
|
#endif |
|
else if (strcmp(*argv, "-d") == 0) |
|
enc = 0; |
|
else if (strcmp(*argv, "-p") == 0) |
|
printkey = 1; |
|
else if (strcmp(*argv, "-v") == 0) |
|
verbose = 1; |
|
else if (strcmp(*argv, "-nopad") == 0) |
|
nopad = 1; |
|
else if (strcmp(*argv, "-salt") == 0) |
|
nosalt = 0; |
|
else if (strcmp(*argv, "-nosalt") == 0) |
|
nosalt = 1; |
|
else if (strcmp(*argv, "-debug") == 0) |
|
debug = 1; |
|
else if (strcmp(*argv, "-P") == 0) |
|
printkey = 2; |
|
else if (strcmp(*argv, "-A") == 0) |
|
olb64 = 1; |
|
else if (strcmp(*argv, "-a") == 0) |
|
base64 = 1; |
|
else if (strcmp(*argv, "-base64") == 0) |
|
base64 = 1; |
|
#ifdef ZLIB |
|
else if (strcmp(*argv, "-z") == 0) |
|
do_zlib = 1; |
|
#endif |
|
else if (strcmp(*argv, "-bufsize") == 0) { |
|
if (--argc < 1) |
|
goto bad; |
|
bufsize = (unsigned char *) *(++argv); |
|
} else if (strcmp(*argv, "-k") == 0) { |
|
if (--argc < 1) |
|
goto bad; |
|
str = *(++argv); |
|
} else if (strcmp(*argv, "-kfile") == 0) { |
|
static char buf[128]; |
|
FILE *infile; |
|
char *file; |
|
|
|
if (--argc < 1) |
if (options_parse(argc, argv, enc_options, NULL, NULL) != 0) { |
goto bad; |
enc_usage(); |
file = *(++argv); |
goto end; |
infile = fopen(file, "r"); |
} |
if (infile == NULL) { |
|
BIO_printf(bio_err, "unable to read key from '%s'\n", |
|
file); |
|
goto bad; |
|
} |
|
buf[0] = '\0'; |
|
if (!fgets(buf, sizeof buf, infile)) { |
|
BIO_printf(bio_err, "unable to read key from '%s'\n", |
|
file); |
|
fclose(infile); |
|
goto bad; |
|
} |
|
fclose(infile); |
|
i = strlen(buf); |
|
if ((i > 0) && |
|
((buf[i - 1] == '\n') || (buf[i - 1] == '\r'))) |
|
buf[--i] = '\0'; |
|
if ((i > 0) && |
|
((buf[i - 1] == '\n') || (buf[i - 1] == '\r'))) |
|
buf[--i] = '\0'; |
|
if (i < 1) { |
|
BIO_printf(bio_err, "zero length password\n"); |
|
goto bad; |
|
} |
|
str = buf; |
|
} else if (strcmp(*argv, "-K") == 0) { |
|
if (--argc < 1) |
|
goto bad; |
|
hkey = *(++argv); |
|
} else if (strcmp(*argv, "-S") == 0) { |
|
if (--argc < 1) |
|
goto bad; |
|
hsalt = *(++argv); |
|
} else if (strcmp(*argv, "-iv") == 0) { |
|
if (--argc < 1) |
|
goto bad; |
|
hiv = *(++argv); |
|
} else if (strcmp(*argv, "-md") == 0) { |
|
if (--argc < 1) |
|
goto bad; |
|
md = *(++argv); |
|
} else if ((argv[0][0] == '-') && |
|
((c = EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) { |
|
cipher = c; |
|
} else if (strcmp(*argv, "-none") == 0) |
|
cipher = NULL; |
|
else { |
|
BIO_printf(bio_err, "unknown option '%s'\n", *argv); |
|
bad: |
|
BIO_printf(bio_err, "options are\n"); |
|
BIO_printf(bio_err, "%-14s input file\n", "-in <file>"); |
|
BIO_printf(bio_err, "%-14s output file\n", "-out <file>"); |
|
BIO_printf(bio_err, "%-14s pass phrase source\n", "-pass <arg>"); |
|
BIO_printf(bio_err, "%-14s encrypt\n", "-e"); |
|
BIO_printf(bio_err, "%-14s decrypt\n", "-d"); |
|
BIO_printf(bio_err, "%-14s base64 encode/decode, depending on encryption flag\n", "-a/-base64"); |
|
BIO_printf(bio_err, "%-14s passphrase is the next argument\n", "-k"); |
|
BIO_printf(bio_err, "%-14s passphrase is the first line of the file argument\n", "-kfile"); |
|
BIO_printf(bio_err, "%-14s the next argument is the md to use to create a key\n", "-md"); |
|
BIO_printf(bio_err, "%-14s from a passphrase. One of md2, md5, sha or sha1\n", ""); |
|
BIO_printf(bio_err, "%-14s salt in hex is the next argument\n", "-S"); |
|
BIO_printf(bio_err, "%-14s key/iv in hex is the next argument\n", "-K/-iv"); |
|
BIO_printf(bio_err, "%-14s print the iv/key (then exit if -P)\n", "-[pP]"); |
|
BIO_printf(bio_err, "%-14s buffer size\n", "-bufsize <n>"); |
|
BIO_printf(bio_err, "%-14s disable standard block padding\n", "-nopad"); |
|
#ifndef OPENSSL_NO_ENGINE |
|
BIO_printf(bio_err, "%-14s use engine e, possibly a hardware device.\n", "-engine e"); |
|
#endif |
|
|
|
BIO_printf(bio_err, "Cipher Types\n"); |
if (enc_config.keyfile != NULL) { |
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, |
static char buf[128]; |
show_ciphers, |
FILE *infile; |
bio_err); |
|
BIO_printf(bio_err, "\n"); |
|
|
|
|
infile = fopen(enc_config.keyfile, "r"); |
|
if (infile == NULL) { |
|
BIO_printf(bio_err, "unable to read key from '%s'\n", |
|
enc_config.keyfile); |
goto end; |
goto end; |
} |
} |
argc--; |
buf[0] = '\0'; |
argv++; |
if (!fgets(buf, sizeof buf, infile)) { |
|
BIO_printf(bio_err, "unable to read key from '%s'\n", |
|
enc_config.keyfile); |
|
fclose(infile); |
|
goto end; |
|
} |
|
fclose(infile); |
|
i = strlen(buf); |
|
if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r'))) |
|
buf[--i] = '\0'; |
|
if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r'))) |
|
buf[--i] = '\0'; |
|
if (i < 1) { |
|
BIO_printf(bio_err, "zero length password\n"); |
|
goto end; |
|
} |
|
enc_config.keystr = buf; |
} |
} |
|
|
#ifndef OPENSSL_NO_ENGINE |
#ifndef OPENSSL_NO_ENGINE |
setup_engine(bio_err, engine, 0); |
setup_engine(bio_err, enc_config.engine, 0); |
#endif |
#endif |
|
|
if (md && (dgst = EVP_get_digestbyname(md)) == NULL) { |
if (enc_config.md != NULL && |
BIO_printf(bio_err, "%s is an unsupported message digest type\n", md); |
(dgst = EVP_get_digestbyname(enc_config.md)) == NULL) { |
|
BIO_printf(bio_err, |
|
"%s is an unsupported message digest type\n", |
|
enc_config.md); |
goto end; |
goto end; |
} |
} |
if (dgst == NULL) { |
if (dgst == NULL) { |
dgst = EVP_md5(); |
dgst = EVP_md5(); /* XXX */ |
} |
} |
if (bufsize != NULL) { |
|
|
if (enc_config.bufsize != NULL) { |
|
char *p = enc_config.bufsize; |
unsigned long n; |
unsigned long n; |
|
|
for (n = 0; *bufsize; bufsize++) { |
/* XXX - provide an OPTION_ARG_DISKUNIT. */ |
i = *bufsize; |
for (n = 0; *p != '\0'; p++) { |
|
i = *p; |
if ((i <= '9') && (i >= '0')) |
if ((i <= '9') && (i >= '0')) |
n = n * 10 + i - '0'; |
n = n * 10 + i - '0'; |
else if (i == 'k') { |
else if (i == 'k') { |
n *= 1024; |
n *= 1024; |
bufsize++; |
p++; |
break; |
break; |
} |
} |
} |
} |
if (*bufsize != '\0') { |
if (*p != '\0') { |
BIO_printf(bio_err, "invalid 'bufsize' specified.\n"); |
BIO_printf(bio_err, "invalid 'bufsize' specified.\n"); |
goto end; |
goto end; |
} |
} |
/* It must be large enough for a base64 encoded line */ |
/* It must be large enough for a base64 encoded line. */ |
if (base64 && n < 80) |
if (enc_config.base64 && n < 80) |
n = 80; |
n = 80; |
|
|
bsize = (int) n; |
bsize = (int)n; |
if (verbose) |
if (enc_config.verbose) |
BIO_printf(bio_err, "bufsize=%d\n", bsize); |
BIO_printf(bio_err, "bufsize=%d\n", bsize); |
} |
} |
strbuf = malloc(SIZE); |
strbuf = malloc(SIZE); |
|
|
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
if (debug) { |
if (enc_config.debug) { |
BIO_set_callback(in, BIO_debug_callback); |
BIO_set_callback(in, BIO_debug_callback); |
BIO_set_callback(out, BIO_debug_callback); |
BIO_set_callback(out, BIO_debug_callback); |
BIO_set_callback_arg(in, (char *) bio_err); |
BIO_set_callback_arg(in, (char *) bio_err); |
BIO_set_callback_arg(out, (char *) bio_err); |
BIO_set_callback_arg(out, (char *) bio_err); |
} |
} |
if (inf == NULL) { |
if (enc_config.inf == NULL) { |
if (bufsize != NULL) |
if (enc_config.bufsize != NULL) |
setvbuf(stdin, (char *) NULL, _IONBF, 0); |
setvbuf(stdin, (char *) NULL, _IONBF, 0); |
BIO_set_fp(in, stdin, BIO_NOCLOSE); |
BIO_set_fp(in, stdin, BIO_NOCLOSE); |
} else { |
} else { |
if (BIO_read_filename(in, inf) <= 0) { |
if (BIO_read_filename(in, enc_config.inf) <= 0) { |
perror(inf); |
perror(enc_config.inf); |
goto end; |
goto end; |
} |
} |
} |
} |
|
|
if (!str && passarg) { |
if (!enc_config.keystr && enc_config.passarg) { |
if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { |
if (!app_passwd(bio_err, enc_config.passarg, NULL, |
|
&pass, NULL)) { |
BIO_printf(bio_err, "Error getting password\n"); |
BIO_printf(bio_err, "Error getting password\n"); |
goto end; |
goto end; |
} |
} |
str = pass; |
enc_config.keystr = pass; |
} |
} |
if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) { |
if (enc_config.keystr == NULL && enc_config.cipher != NULL && |
|
enc_config.hkey == NULL) { |
for (;;) { |
for (;;) { |
char buf[200]; |
char buf[200]; |
int retval; |
int retval; |
|
|
retval = snprintf(buf, sizeof buf, "enter %s %s password:", |
retval = snprintf(buf, sizeof buf, |
OBJ_nid2ln(EVP_CIPHER_nid(cipher)), |
"enter %s %s password:", |
(enc) ? "encryption" : "decryption"); |
OBJ_nid2ln(EVP_CIPHER_nid(enc_config.cipher)), |
|
enc_config.enc ? "encryption" : "decryption"); |
if ((size_t)retval >= sizeof buf) { |
if ((size_t)retval >= sizeof buf) { |
BIO_printf(bio_err, "Password prompt too long\n"); |
BIO_printf(bio_err, |
|
"Password prompt too long\n"); |
goto end; |
goto end; |
} |
} |
strbuf[0] = '\0'; |
strbuf[0] = '\0'; |
i = EVP_read_pw_string((char *) strbuf, SIZE, buf, enc); |
i = EVP_read_pw_string((char *)strbuf, SIZE, buf, |
|
enc_config.enc); |
if (i == 0) { |
if (i == 0) { |
if (strbuf[0] == '\0') { |
if (strbuf[0] == '\0') { |
ret = 1; |
ret = 1; |
goto end; |
goto end; |
} |
} |
str = strbuf; |
enc_config.keystr = strbuf; |
break; |
break; |
} |
} |
if (i < 0) { |
if (i < 0) { |
|
|
} |
} |
} |
} |
} |
} |
if (outf == NULL) { |
if (enc_config.outf == NULL) { |
BIO_set_fp(out, stdout, BIO_NOCLOSE); |
BIO_set_fp(out, stdout, BIO_NOCLOSE); |
if (bufsize != NULL) |
if (enc_config.bufsize != NULL) |
setvbuf(stdout, (char *) NULL, _IONBF, 0); |
setvbuf(stdout, (char *)NULL, _IONBF, 0); |
} else { |
} else { |
if (BIO_write_filename(out, outf) <= 0) { |
if (BIO_write_filename(out, enc_config.outf) <= 0) { |
perror(outf); |
perror(enc_config.outf); |
goto end; |
goto end; |
} |
} |
} |
} |
|
|
wbio = out; |
wbio = out; |
|
|
#ifdef ZLIB |
#ifdef ZLIB |
|
|
if (do_zlib) { |
if (do_zlib) { |
if ((bzl = BIO_new(BIO_f_zlib())) == NULL) |
if ((bzl = BIO_new(BIO_f_zlib())) == NULL) |
goto end; |
goto end; |
|
|
} |
} |
#endif |
#endif |
|
|
if (base64) { |
if (enc_config.base64) { |
if ((b64 = BIO_new(BIO_f_base64())) == NULL) |
if ((b64 = BIO_new(BIO_f_base64())) == NULL) |
goto end; |
goto end; |
if (debug) { |
if (enc_config.debug) { |
BIO_set_callback(b64, BIO_debug_callback); |
BIO_set_callback(b64, BIO_debug_callback); |
BIO_set_callback_arg(b64, (char *) bio_err); |
BIO_set_callback_arg(b64, (char *) bio_err); |
} |
} |
if (olb64) |
if (enc_config.olb64) |
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); |
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); |
if (enc) |
if (enc_config.enc) |
wbio = BIO_push(b64, wbio); |
wbio = BIO_push(b64, wbio); |
else |
else |
rbio = BIO_push(b64, rbio); |
rbio = BIO_push(b64, rbio); |
} |
} |
if (cipher != NULL) { |
if (enc_config.cipher != NULL) { |
/* |
/* |
* Note that str is NULL if a key was passed on the command |
* Note that keystr is NULL if a key was passed on the command |
* line, so we get no salt in that case. Is this a bug? |
* line, so we get no salt in that case. Is this a bug? |
*/ |
*/ |
if (str != NULL) { |
if (enc_config.keystr != NULL) { |
/* |
/* |
* Salt handling: if encrypting generate a salt and |
* Salt handling: if encrypting generate a salt and |
* write to output BIO. If decrypting read salt from |
* write to output BIO. If decrypting read salt from |
* input BIO. |
* input BIO. |
*/ |
*/ |
unsigned char *sptr; |
unsigned char *sptr; |
if (nosalt) |
if (enc_config.nosalt) |
sptr = NULL; |
sptr = NULL; |
else { |
else { |
if (enc) { |
if (enc_config.enc) { |
if (hsalt) { |
if (enc_config.hsalt) { |
if (!set_hex(hsalt, salt, sizeof salt)) { |
if (!set_hex(enc_config.hsalt, salt, sizeof salt)) { |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
"invalid hex salt value\n"); |
"invalid hex salt value\n"); |
goto end; |
goto end; |
|
|
* If -P option then don't bother |
* If -P option then don't bother |
* writing |
* writing |
*/ |
*/ |
if ((printkey != 2) |
if ((enc_config.printkey != 2) |
&& (BIO_write(wbio, magic, |
&& (BIO_write(wbio, magic, |
sizeof magic - 1) != sizeof magic - 1 |
sizeof magic - 1) != sizeof magic - 1 |
|| BIO_write(wbio, |
|| BIO_write(wbio, |
|
|
sptr = salt; |
sptr = salt; |
} |
} |
|
|
EVP_BytesToKey(cipher, dgst, sptr, |
EVP_BytesToKey(enc_config.cipher, dgst, sptr, |
(unsigned char *) str, |
(unsigned char *)enc_config.keystr, |
strlen(str), 1, key, iv); |
strlen(enc_config.keystr), 1, key, iv); |
/* |
/* |
* zero the complete buffer or the string passed from |
* zero the complete buffer or the string passed from |
* the command line bug picked up by Larry J. Hughes |
* the command line bug picked up by Larry J. Hughes |
* Jr. <hughes@indiana.edu> |
* Jr. <hughes@indiana.edu> |
*/ |
*/ |
if (str == strbuf) |
if (enc_config.keystr == strbuf) |
OPENSSL_cleanse(str, SIZE); |
OPENSSL_cleanse(enc_config.keystr, SIZE); |
else |
else |
OPENSSL_cleanse(str, strlen(str)); |
OPENSSL_cleanse(enc_config.keystr, |
|
strlen(enc_config.keystr)); |
} |
} |
if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) { |
if (enc_config.hiv != NULL && |
|
!set_hex(enc_config.hiv, iv, sizeof iv)) { |
BIO_printf(bio_err, "invalid hex iv value\n"); |
BIO_printf(bio_err, "invalid hex iv value\n"); |
goto end; |
goto end; |
} |
} |
if ((hiv == NULL) && (str == NULL) |
if (enc_config.hiv == NULL && enc_config.keystr == NULL && |
&& EVP_CIPHER_iv_length(cipher) != 0) { |
EVP_CIPHER_iv_length(enc_config.cipher) != 0) { |
/* |
/* |
* No IV was explicitly set and no IV was generated |
* No IV was explicitly set and no IV was generated |
* during EVP_BytesToKey. Hence the IV is undefined, |
* during EVP_BytesToKey. Hence the IV is undefined, |
|
|
BIO_printf(bio_err, "iv undefined\n"); |
BIO_printf(bio_err, "iv undefined\n"); |
goto end; |
goto end; |
} |
} |
if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) { |
if (enc_config.hkey != NULL && |
|
!set_hex(enc_config.hkey, key, sizeof key)) { |
BIO_printf(bio_err, "invalid hex key value\n"); |
BIO_printf(bio_err, "invalid hex key value\n"); |
goto end; |
goto end; |
} |
} |
|
|
|
|
BIO_get_cipher_ctx(benc, &ctx); |
BIO_get_cipher_ctx(benc, &ctx); |
|
|
if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) { |
if (!EVP_CipherInit_ex(ctx, enc_config.cipher, NULL, NULL, |
|
NULL, enc_config.enc)) { |
BIO_printf(bio_err, "Error setting cipher %s\n", |
BIO_printf(bio_err, "Error setting cipher %s\n", |
EVP_CIPHER_name(cipher)); |
EVP_CIPHER_name(enc_config.cipher)); |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
if (nopad) |
if (enc_config.nopad) |
EVP_CIPHER_CTX_set_padding(ctx, 0); |
EVP_CIPHER_CTX_set_padding(ctx, 0); |
|
|
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) { |
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, |
|
enc_config.enc)) { |
BIO_printf(bio_err, "Error setting cipher %s\n", |
BIO_printf(bio_err, "Error setting cipher %s\n", |
EVP_CIPHER_name(cipher)); |
EVP_CIPHER_name(enc_config.cipher)); |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
if (debug) { |
if (enc_config.debug) { |
BIO_set_callback(benc, BIO_debug_callback); |
BIO_set_callback(benc, BIO_debug_callback); |
BIO_set_callback_arg(benc, (char *) bio_err); |
BIO_set_callback_arg(benc, (char *) bio_err); |
} |
} |
if (printkey) { |
if (enc_config.printkey) { |
if (!nosalt) { |
if (!enc_config.nosalt) { |
printf("salt="); |
printf("salt="); |
for (i = 0; i < (int) sizeof(salt); i++) |
for (i = 0; i < (int) sizeof(salt); i++) |
printf("%02X", salt[i]); |
printf("%02X", salt[i]); |
printf("\n"); |
printf("\n"); |
} |
} |
if (cipher->key_len > 0) { |
if (enc_config.cipher->key_len > 0) { |
printf("key="); |
printf("key="); |
for (i = 0; i < cipher->key_len; i++) |
for (i = 0; i < enc_config.cipher->key_len; i++) |
printf("%02X", key[i]); |
printf("%02X", key[i]); |
printf("\n"); |
printf("\n"); |
} |
} |
if (cipher->iv_len > 0) { |
if (enc_config.cipher->iv_len > 0) { |
printf("iv ="); |
printf("iv ="); |
for (i = 0; i < cipher->iv_len; i++) |
for (i = 0; i < enc_config.cipher->iv_len; i++) |
printf("%02X", iv[i]); |
printf("%02X", iv[i]); |
printf("\n"); |
printf("\n"); |
} |
} |
if (printkey == 2) { |
if (enc_config.printkey == 2) { |
ret = 0; |
ret = 0; |
goto end; |
goto end; |
} |
} |
|
|
goto end; |
goto end; |
} |
} |
ret = 0; |
ret = 0; |
if (verbose) { |
if (enc_config.verbose) { |
BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in)); |
BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in)); |
BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out)); |
BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out)); |
} |
} |