=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/enc.c,v retrieving revision 1.26 retrieving revision 1.27 diff -u -r1.26 -r1.27 --- src/usr.bin/openssl/enc.c 2023/03/04 21:58:54 1.26 +++ src/usr.bin/openssl/enc.c 2023/03/06 14:32:06 1.27 @@ -1,4 +1,4 @@ -/* $OpenBSD: enc.c,v 1.26 2023/03/04 21:58:54 tb Exp $ */ +/* $OpenBSD: enc.c,v 1.27 2023/03/06 14:32:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -100,7 +100,7 @@ int pbkdf2; int printkey; int verbose; -} enc_config; +} cfg; static int enc_opt_cipher(int argc, char **argv, int *argsused) @@ -111,12 +111,12 @@ return (1); if (strcmp(name, "none") == 0) { - enc_config.cipher = NULL; + cfg.cipher = NULL; *argsused = 1; return (0); } - if ((enc_config.cipher = EVP_get_cipherbyname(name)) != NULL) { + if ((cfg.cipher = EVP_get_cipherbyname(name)) != NULL) { *argsused = 1; return (0); } @@ -129,44 +129,44 @@ .name = "A", .desc = "Process base64 data on one line (requires -a)", .type = OPTION_FLAG, - .opt.flag = &enc_config.olb64, + .opt.flag = &cfg.olb64, }, { .name = "a", .desc = "Perform base64 encoding/decoding (alias -base64)", .type = OPTION_FLAG, - .opt.flag = &enc_config.base64, + .opt.flag = &cfg.base64, }, { .name = "base64", .type = OPTION_FLAG, - .opt.flag = &enc_config.base64, + .opt.flag = &cfg.base64, }, { .name = "bufsize", .argname = "size", .desc = "Specify the buffer size to use for I/O", .type = OPTION_ARG, - .opt.arg = &enc_config.bufsize, + .opt.arg = &cfg.bufsize, }, { .name = "d", .desc = "Decrypt the input data", .type = OPTION_VALUE, - .opt.value = &enc_config.enc, + .opt.value = &cfg.enc, .value = 0, }, { .name = "debug", .desc = "Print debugging information", .type = OPTION_FLAG, - .opt.flag = &enc_config.debug, + .opt.flag = &cfg.debug, }, { .name = "e", .desc = "Encrypt the input data (default)", .type = OPTION_VALUE, - .opt.value = &enc_config.enc, + .opt.value = &cfg.enc, .value = 1, }, { @@ -174,45 +174,45 @@ .argname = "file", .desc = "Input file to read from (default stdin)", .type = OPTION_ARG, - .opt.arg = &enc_config.inf, + .opt.arg = &cfg.inf, }, { .name = "iter", .argname = "iterations", .desc = "Specify iteration count and force use of PBKDF2", .type = OPTION_ARG_INT, - .opt.value = &enc_config.iter, + .opt.value = &cfg.iter, }, { .name = "iv", .argname = "IV", .desc = "IV to use, specified as a hexadecimal string", .type = OPTION_ARG, - .opt.arg = &enc_config.hiv, + .opt.arg = &cfg.hiv, }, { .name = "K", .argname = "key", .desc = "Key to use, specified as a hexadecimal string", .type = OPTION_ARG, - .opt.arg = &enc_config.hkey, + .opt.arg = &cfg.hkey, }, { .name = "k", /* Superseded by -pass. */ .type = OPTION_ARG, - .opt.arg = &enc_config.keystr, + .opt.arg = &cfg.keystr, }, { .name = "kfile", /* Superseded by -pass. */ .type = OPTION_ARG, - .opt.arg = &enc_config.keyfile, + .opt.arg = &cfg.keyfile, }, { .name = "md", .argname = "digest", .desc = "Digest to use to create a key from the passphrase", .type = OPTION_ARG, - .opt.arg = &enc_config.md, + .opt.arg = &cfg.md, }, { .name = "none", @@ -224,12 +224,12 @@ .name = "nopad", .desc = "Disable standard block padding", .type = OPTION_FLAG, - .opt.flag = &enc_config.nopad, + .opt.flag = &cfg.nopad, }, { .name = "nosalt", .type = OPTION_VALUE, - .opt.value = &enc_config.nosalt, + .opt.value = &cfg.nosalt, .value = 1, }, { @@ -237,21 +237,21 @@ .argname = "file", .desc = "Output file to write to (default stdout)", .type = OPTION_ARG, - .opt.arg = &enc_config.outf, + .opt.arg = &cfg.outf, }, { .name = "P", .desc = "Print out the salt, key and IV used, then exit\n" " (no encryption or decryption is performed)", .type = OPTION_VALUE, - .opt.value = &enc_config.printkey, + .opt.value = &cfg.printkey, .value = 2, }, { .name = "p", .desc = "Print out the salt, key and IV used", .type = OPTION_VALUE, - .opt.value = &enc_config.printkey, + .opt.value = &cfg.printkey, .value = 1, }, { @@ -259,40 +259,40 @@ .argname = "source", .desc = "Password source", .type = OPTION_ARG, - .opt.arg = &enc_config.passarg, + .opt.arg = &cfg.passarg, }, { .name = "pbkdf2", .desc = "Use the pbkdf2 key derivation function", .type = OPTION_FLAG, - .opt.flag = &enc_config.pbkdf2, + .opt.flag = &cfg.pbkdf2, }, { .name = "S", .argname = "salt", .desc = "Salt to use, specified as a hexadecimal string", .type = OPTION_ARG, - .opt.arg = &enc_config.hsalt, + .opt.arg = &cfg.hsalt, }, { .name = "salt", .desc = "Use a salt in the key derivation routines (default)", .type = OPTION_VALUE, - .opt.value = &enc_config.nosalt, + .opt.value = &cfg.nosalt, .value = 0, }, { .name = "v", .desc = "Verbose", .type = OPTION_FLAG, - .opt.flag = &enc_config.verbose, + .opt.flag = &cfg.verbose, }, #ifdef ZLIB { .name = "z", .desc = "Perform zlib compression/decompression", .type = OPTION_FLAG, - .opt.flag = &enc_config.do_zlib, + .opt.flag = &cfg.do_zlib, }, #endif { @@ -365,27 +365,27 @@ exit(1); } - memset(&enc_config, 0, sizeof(enc_config)); - enc_config.enc = 1; + memset(&cfg, 0, sizeof(cfg)); + cfg.enc = 1; /* first check the program name */ program_name(argv[0], pname, sizeof(pname)); if (strcmp(pname, "base64") == 0) - enc_config.base64 = 1; + cfg.base64 = 1; #ifdef ZLIB if (strcmp(pname, "zlib") == 0) - enc_config.do_zlib = 1; + cfg.do_zlib = 1; #endif - enc_config.cipher = EVP_get_cipherbyname(pname); + cfg.cipher = EVP_get_cipherbyname(pname); #ifdef ZLIB - if (!enc_config.do_zlib && !enc_config.base64 && - enc_config.cipher == NULL && strcmp(pname, "enc") != 0) + if (!cfg.do_zlib && !cfg.base64 && + cfg.cipher == NULL && strcmp(pname, "enc") != 0) #else - if (!enc_config.base64 && enc_config.cipher == NULL && + if (!cfg.base64 && cfg.cipher == NULL && strcmp(pname, "enc") != 0) #endif { @@ -398,20 +398,20 @@ goto end; } - if (enc_config.keyfile != NULL) { + if (cfg.keyfile != NULL) { static char buf[128]; FILE *infile; - infile = fopen(enc_config.keyfile, "r"); + infile = fopen(cfg.keyfile, "r"); if (infile == NULL) { BIO_printf(bio_err, "unable to read key from '%s'\n", - enc_config.keyfile); + cfg.keyfile); goto end; } buf[0] = '\0'; if (!fgets(buf, sizeof buf, infile)) { BIO_printf(bio_err, "unable to read key from '%s'\n", - enc_config.keyfile); + cfg.keyfile); fclose(infile); goto end; } @@ -425,34 +425,34 @@ BIO_printf(bio_err, "zero length password\n"); goto end; } - enc_config.keystr = buf; + cfg.keystr = buf; } - if (enc_config.cipher != NULL && - (EVP_CIPHER_flags(enc_config.cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) { + if (cfg.cipher != NULL && + (EVP_CIPHER_flags(cfg.cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) { BIO_printf(bio_err, "enc does not support AEAD ciphers\n"); goto end; } - if (enc_config.cipher != NULL && - EVP_CIPHER_mode(enc_config.cipher) == EVP_CIPH_XTS_MODE) { + if (cfg.cipher != NULL && + EVP_CIPHER_mode(cfg.cipher) == EVP_CIPH_XTS_MODE) { BIO_printf(bio_err, "enc does not support XTS mode\n"); goto end; } - if (enc_config.md != NULL && - (dgst = EVP_get_digestbyname(enc_config.md)) == NULL) { + if (cfg.md != NULL && + (dgst = EVP_get_digestbyname(cfg.md)) == NULL) { BIO_printf(bio_err, "%s is an unsupported message digest type\n", - enc_config.md); + cfg.md); goto end; } if (dgst == NULL) { dgst = EVP_sha256(); } - if (enc_config.bufsize != NULL) { - char *p = enc_config.bufsize; + if (cfg.bufsize != NULL) { + char *p = cfg.bufsize; unsigned long n; /* XXX - provide an OPTION_ARG_DISKUNIT. */ @@ -471,11 +471,11 @@ goto end; } /* It must be large enough for a base64 encoded line. */ - if (enc_config.base64 && n < 80) + if (cfg.base64 && n < 80) n = 80; bsize = (int)n; - if (enc_config.verbose) + if (cfg.verbose) BIO_printf(bio_err, "bufsize=%d\n", bsize); } strbuf = malloc(SIZE); @@ -490,41 +490,41 @@ ERR_print_errors(bio_err); goto end; } - if (enc_config.debug) { + if (cfg.debug) { BIO_set_callback(in, BIO_debug_callback); BIO_set_callback(out, BIO_debug_callback); BIO_set_callback_arg(in, (char *) bio_err); BIO_set_callback_arg(out, (char *) bio_err); } - if (enc_config.inf == NULL) { - if (enc_config.bufsize != NULL) + if (cfg.inf == NULL) { + if (cfg.bufsize != NULL) setvbuf(stdin, (char *) NULL, _IONBF, 0); BIO_set_fp(in, stdin, BIO_NOCLOSE); } else { - if (BIO_read_filename(in, enc_config.inf) <= 0) { - perror(enc_config.inf); + if (BIO_read_filename(in, cfg.inf) <= 0) { + perror(cfg.inf); goto end; } } - if (!enc_config.keystr && enc_config.passarg) { - if (!app_passwd(bio_err, enc_config.passarg, NULL, + if (!cfg.keystr && cfg.passarg) { + if (!app_passwd(bio_err, cfg.passarg, NULL, &pass, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } - enc_config.keystr = pass; + cfg.keystr = pass; } - if (enc_config.keystr == NULL && enc_config.cipher != NULL && - enc_config.hkey == NULL) { + if (cfg.keystr == NULL && cfg.cipher != NULL && + cfg.hkey == NULL) { for (;;) { char buf[200]; int retval; retval = snprintf(buf, sizeof buf, "enter %s %s password:", - OBJ_nid2ln(EVP_CIPHER_nid(enc_config.cipher)), - enc_config.enc ? "encryption" : "decryption"); + OBJ_nid2ln(EVP_CIPHER_nid(cfg.cipher)), + cfg.enc ? "encryption" : "decryption"); if ((size_t)retval >= sizeof buf) { BIO_printf(bio_err, "Password prompt too long\n"); @@ -532,13 +532,13 @@ } strbuf[0] = '\0'; i = EVP_read_pw_string((char *)strbuf, SIZE, buf, - enc_config.enc); + cfg.enc); if (i == 0) { if (strbuf[0] == '\0') { ret = 1; goto end; } - enc_config.keystr = strbuf; + cfg.keystr = strbuf; break; } if (i < 0) { @@ -547,13 +547,13 @@ } } } - if (enc_config.outf == NULL) { + if (cfg.outf == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); - if (enc_config.bufsize != NULL) + if (cfg.bufsize != NULL) setvbuf(stdout, (char *)NULL, _IONBF, 0); } else { - if (BIO_write_filename(out, enc_config.outf) <= 0) { - perror(enc_config.outf); + if (BIO_write_filename(out, cfg.outf) <= 0) { + perror(cfg.outf); goto end; } } @@ -572,38 +572,38 @@ } #endif - if (enc_config.base64) { + if (cfg.base64) { if ((b64 = BIO_new(BIO_f_base64())) == NULL) goto end; - if (enc_config.debug) { + if (cfg.debug) { BIO_set_callback(b64, BIO_debug_callback); BIO_set_callback_arg(b64, (char *) bio_err); } - if (enc_config.olb64) + if (cfg.olb64) BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); - if (enc_config.enc) + if (cfg.enc) wbio = BIO_push(b64, wbio); else rbio = BIO_push(b64, rbio); } - if (enc_config.cipher != NULL) { + if (cfg.cipher != NULL) { /* * Note that keystr is NULL if a key was passed on the command * line, so we get no salt in that case. Is this a bug? */ - if (enc_config.keystr != NULL) { + if (cfg.keystr != NULL) { /* * Salt handling: if encrypting generate a salt and * write to output BIO. If decrypting read salt from * input BIO. */ unsigned char *sptr; - if (enc_config.nosalt) + if (cfg.nosalt) sptr = NULL; else { - if (enc_config.enc) { - if (enc_config.hsalt) { - if (!set_hex(enc_config.hsalt, salt, sizeof salt)) { + if (cfg.enc) { + if (cfg.hsalt) { + if (!set_hex(cfg.hsalt, salt, sizeof salt)) { BIO_printf(bio_err, "invalid hex salt value\n"); goto end; @@ -615,7 +615,7 @@ * If -P option then don't bother * writing */ - if ((enc_config.printkey != 2) + if ((cfg.printkey != 2) && (BIO_write(wbio, magic, sizeof magic - 1) != sizeof magic - 1 || BIO_write(wbio, @@ -636,23 +636,23 @@ } sptr = salt; } - if (enc_config.pbkdf2 == 1 || enc_config.iter > 0) { + if (cfg.pbkdf2 == 1 || cfg.iter > 0) { /* * derive key and default iv * concatenated into a temporary buffer */ unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH]; - int iklen = EVP_CIPHER_key_length(enc_config.cipher); - int ivlen = EVP_CIPHER_iv_length(enc_config.cipher); + int iklen = EVP_CIPHER_key_length(cfg.cipher); + int ivlen = EVP_CIPHER_iv_length(cfg.cipher); /* not needed if HASH_UPDATE() is fixed : */ int islen = (sptr != NULL ? sizeof(salt) : 0); - if (enc_config.iter == 0) - enc_config.iter = 10000; + if (cfg.iter == 0) + cfg.iter = 10000; - if (!PKCS5_PBKDF2_HMAC(enc_config.keystr, - strlen(enc_config.keystr), sptr, islen, - enc_config.iter, dgst, iklen+ivlen, tmpkeyiv)) { + if (!PKCS5_PBKDF2_HMAC(cfg.keystr, + strlen(cfg.keystr), sptr, islen, + cfg.iter, dgst, iklen+ivlen, tmpkeyiv)) { BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n"); goto end; } @@ -661,9 +661,9 @@ memcpy(iv, tmpkeyiv + iklen, ivlen); explicit_bzero(tmpkeyiv, sizeof tmpkeyiv); } else { - EVP_BytesToKey(enc_config.cipher, dgst, sptr, - (unsigned char *)enc_config.keystr, - strlen(enc_config.keystr), 1, key, iv); + EVP_BytesToKey(cfg.cipher, dgst, sptr, + (unsigned char *)cfg.keystr, + strlen(cfg.keystr), 1, key, iv); } /* @@ -671,19 +671,19 @@ * the command line bug picked up by Larry J. Hughes * Jr. */ - if (enc_config.keystr == strbuf) - explicit_bzero(enc_config.keystr, SIZE); + if (cfg.keystr == strbuf) + explicit_bzero(cfg.keystr, SIZE); else - explicit_bzero(enc_config.keystr, - strlen(enc_config.keystr)); + explicit_bzero(cfg.keystr, + strlen(cfg.keystr)); } - if (enc_config.hiv != NULL && - !set_hex(enc_config.hiv, iv, sizeof iv)) { + if (cfg.hiv != NULL && + !set_hex(cfg.hiv, iv, sizeof iv)) { BIO_printf(bio_err, "invalid hex iv value\n"); goto end; } - if (enc_config.hiv == NULL && enc_config.keystr == NULL && - EVP_CIPHER_iv_length(enc_config.cipher) != 0) { + if (cfg.hiv == NULL && cfg.keystr == NULL && + EVP_CIPHER_iv_length(cfg.cipher) != 0) { /* * No IV was explicitly set and no IV was generated * during EVP_BytesToKey. Hence the IV is undefined, @@ -692,8 +692,8 @@ BIO_printf(bio_err, "iv undefined\n"); goto end; } - if (enc_config.hkey != NULL && - !set_hex(enc_config.hkey, key, sizeof key)) { + if (cfg.hkey != NULL && + !set_hex(cfg.hkey, key, sizeof key)) { BIO_printf(bio_err, "invalid hex key value\n"); goto end; } @@ -707,51 +707,51 @@ BIO_get_cipher_ctx(benc, &ctx); - if (!EVP_CipherInit_ex(ctx, enc_config.cipher, NULL, NULL, - NULL, enc_config.enc)) { + if (!EVP_CipherInit_ex(ctx, cfg.cipher, NULL, NULL, + NULL, cfg.enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", - EVP_CIPHER_name(enc_config.cipher)); + EVP_CIPHER_name(cfg.cipher)); ERR_print_errors(bio_err); goto end; } - if (enc_config.nopad) + if (cfg.nopad) EVP_CIPHER_CTX_set_padding(ctx, 0); if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, - enc_config.enc)) { + cfg.enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", - EVP_CIPHER_name(enc_config.cipher)); + EVP_CIPHER_name(cfg.cipher)); ERR_print_errors(bio_err); goto end; } - if (enc_config.debug) { + if (cfg.debug) { BIO_set_callback(benc, BIO_debug_callback); BIO_set_callback_arg(benc, (char *) bio_err); } - if (enc_config.printkey) { + if (cfg.printkey) { int key_len, iv_len; - if (!enc_config.nosalt) { + if (!cfg.nosalt) { printf("salt="); for (i = 0; i < (int) sizeof(salt); i++) printf("%02X", salt[i]); printf("\n"); } - key_len = EVP_CIPHER_key_length(enc_config.cipher); + key_len = EVP_CIPHER_key_length(cfg.cipher); if (key_len > 0) { printf("key="); for (i = 0; i < key_len; i++) printf("%02X", key[i]); printf("\n"); } - iv_len = EVP_CIPHER_iv_length(enc_config.cipher); + iv_len = EVP_CIPHER_iv_length(cfg.cipher); if (iv_len > 0) { printf("iv ="); for (i = 0; i < iv_len; i++) printf("%02X", iv[i]); printf("\n"); } - if (enc_config.printkey == 2) { + if (cfg.printkey == 2) { ret = 0; goto end; } @@ -775,7 +775,7 @@ goto end; } ret = 0; - if (enc_config.verbose) { + if (cfg.verbose) { BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in)); BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out)); }