X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=apps%2Fenc.c;h=ab91369ee75b1f2d6cd63d8dae4c736c9ac84f64;hb=6c2ff56ec606ed82cf02b9a6679b90bde6ce18aa;hp=06b056b45d4cbe22b3b3344866173993d97b419e;hpb=7e1b7485706c2b11091b5fa897fe496a2faa56cc;p=openssl.git diff --git a/apps/enc.c b/apps/enc.c index 06b056b45d..ab91369ee7 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -58,6 +58,7 @@ #include #include #include +#include #include "apps.h" #include #include @@ -84,7 +85,7 @@ typedef enum OPTION_choice { OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_ENGINE, OPT_D, OPT_P, OPT_V, OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A, OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE, - OPT_UPPER_S, OPT_IV, OPT_MD, OPT_NON_FIPS_ALLOW, OPT_CIPHER + OPT_UPPER_S, OPT_IV, OPT_MD, OPT_CIPHER } OPTION_CHOICE; OPTIONS enc_options[] = { @@ -92,9 +93,6 @@ OPTIONS enc_options[] = { {"in", OPT_IN, '<', "Input file"}, {"out", OPT_OUT, '>', "Output file"}, {"pass", OPT_PASS, 's', "Passphrase source"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif {"e", OPT_E, '-', "Encrypt"}, {"d", OPT_D, '-', "Decrypt"}, {"p", OPT_P, '-', "Print the iv/key"}, @@ -107,19 +105,21 @@ OPTIONS enc_options[] = { {"A", OPT_UPPER_A, '-'}, {"a", OPT_A, '-', "base64 encode/decode, depending on encryption flag"}, {"base64", OPT_A, '-', "Base64 output as a single line"}, -#ifdef ZLIB - {"z", OPT_Z, '-', "Use zlib as the 'encryption'"}, -#endif {"bufsize", OPT_BUFSIZE, 's', "Buffer size"}, {"k", OPT_K, 's', "Passphrase"}, {"kfile", OPT_KFILE, '<', "Fead passphrase from file"}, - {"K", OPT_UPPER_K, '-', "Same as -iv"}, + {"K", OPT_UPPER_K, 's', "Raw key, in hex"}, {"S", OPT_UPPER_S, 's', "Salt, in hex"}, {"iv", OPT_IV, 's', "IV in hex"}, {"md", OPT_MD, 's', "Use specified digest to create key from passphrase"}, - {"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'}, {"none", OPT_NONE, '-', "Don't encrypt"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, +#ifdef ZLIB + {"z", OPT_Z, '-', "Use zlib as the 'encryption'"}, +#endif +#ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, +#endif {NULL} }; @@ -132,17 +132,18 @@ int enc_main(int argc, char **argv) EVP_CIPHER_CTX *ctx = NULL; const EVP_CIPHER *cipher = NULL, *c; const EVP_MD *dgst = NULL; - char *engine = NULL, *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p; + char *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p; char *infile = NULL, *outfile = NULL, *prog; char *str = NULL, *passarg = NULL, *pass = NULL, *strbuf = NULL; char mbuf[sizeof magic - 1]; OPTION_CHOICE o; int bsize = BSIZE, verbose = 0, debug = 0, olb64 = 0, nosalt = 0; - int enc = 1, printkey = 0, i, k, base64 = 0; - int ret = 1, inl, nopad = 0, non_fips_allow = 0; + int enc = 1, printkey = 0, i, k; + int base64 = 0, informat = FORMAT_BINARY, outformat = FORMAT_BINARY; + int ret = 1, inl, nopad = 0; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; unsigned char *buff = NULL, salt[PKCS5_SALT_LEN]; - unsigned long n; + long n; #ifdef ZLIB int do_zlib = 0; BIO *bzl = NULL; @@ -193,7 +194,7 @@ int enc_main(int argc, char **argv) passarg = opt_arg(); break; case OPT_ENGINE: - engine = opt_arg(); + (void)setup_engine(opt_arg(), 0); break; case OPT_D: enc = 0; @@ -236,7 +237,8 @@ int enc_main(int argc, char **argv) k = i >= 1 && p[i] == 'k'; if (k) p[i] = '\0'; - if (!opt_ulong(opt_arg(), &n)) + if (!opt_long(opt_arg(), &n) + || n < 0 || (k && n >= LONG_MAX / 1024)) goto opthelp; if (k) n *= 1024; @@ -246,7 +248,7 @@ int enc_main(int argc, char **argv) str = opt_arg(); break; case OPT_KFILE: - in = bio_open_default(opt_arg(), "r"); + in = bio_open_default(opt_arg(), 'r', FORMAT_TEXT); if (in == NULL) goto opthelp; i = BIO_gets(in, buf, sizeof buf); @@ -278,9 +280,6 @@ int enc_main(int argc, char **argv) if (!opt_md(opt_arg(), &dgst)) goto opthelp; break; - case OPT_NON_FIPS_ALLOW: - non_fips_allow = 1; - break; case OPT_CIPHER: if (!opt_cipher(opt_unknown(), &c)) goto opthelp; @@ -294,10 +293,6 @@ int enc_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); -#ifndef OPENSSL_NO_ENGINE - setup_engine(engine, 0); -#endif - if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog); goto end; @@ -309,7 +304,7 @@ int enc_main(int argc, char **argv) } if (dgst == NULL) - dgst = EVP_md5(); + dgst = EVP_sha256(); /* It must be large enough for a base64 encoded line */ if (base64 && bsize < 80) @@ -317,14 +312,16 @@ int enc_main(int argc, char **argv) if (verbose) BIO_printf(bio_err, "bufsize=%d\n", bsize); - strbuf = OPENSSL_malloc(SIZE); - buff = (unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize)); - if ((buff == NULL) || (strbuf == NULL)) { - BIO_printf(bio_err, "OPENSSL_malloc failure %ld\n", - (long)EVP_ENCODE_LENGTH(bsize)); - goto end; + if (base64) { + if (enc) + outformat = FORMAT_BASE64; + else + informat = FORMAT_BASE64; } + strbuf = app_malloc(SIZE, "strbuf"); + buff = app_malloc(EVP_ENCODE_LENGTH(bsize), "evp buffer"); + if (debug) { BIO_set_callback(in, BIO_debug_callback); BIO_set_callback(out, BIO_debug_callback); @@ -334,9 +331,9 @@ int enc_main(int argc, char **argv) if (infile == NULL) { unbuffer(stdin); - in = dup_bio_in(); + in = dup_bio_in(informat); } else - in = bio_open_default(infile, "r"); + in = bio_open_default(infile, 'r', informat); if (in == NULL) goto end; @@ -372,7 +369,7 @@ int enc_main(int argc, char **argv) } } - out = bio_open_default(outfile, "w"); + out = bio_open_default(outfile, 'w', outformat); if (out == NULL) goto end; @@ -468,9 +465,14 @@ int enc_main(int argc, char **argv) else OPENSSL_cleanse(str, strlen(str)); } - if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) { - BIO_printf(bio_err, "invalid hex iv value\n"); - goto end; + if (hiv != NULL) { + int siz = EVP_CIPHER_iv_length(cipher); + if (siz == 0) { + BIO_printf(bio_err, "warning: iv not use by this cipher\n"); + } else if (!set_hex(hiv, iv, sizeof iv)) { + BIO_printf(bio_err, "invalid hex iv value\n"); + goto end; + } } if ((hiv == NULL) && (str == NULL) && EVP_CIPHER_iv_length(cipher) != 0) { @@ -482,7 +484,7 @@ int enc_main(int argc, char **argv) BIO_printf(bio_err, "iv undefined\n"); goto end; } - if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) { + if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) { BIO_printf(bio_err, "invalid hex key value\n"); goto end; } @@ -497,9 +499,6 @@ int enc_main(int argc, char **argv) BIO_get_cipher_ctx(benc, &ctx); - if (non_fips_allow) - EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW); - if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", EVP_CIPHER_name(cipher)); @@ -529,15 +528,15 @@ int enc_main(int argc, char **argv) printf("%02X", salt[i]); printf("\n"); } - if (cipher->key_len > 0) { + if (EVP_CIPHER_key_length(cipher) > 0) { printf("key="); - for (i = 0; i < cipher->key_len; i++) + for (i = 0; i < EVP_CIPHER_key_length(cipher); i++) printf("%02X", key[i]); printf("\n"); } - if (cipher->iv_len > 0) { + if (EVP_CIPHER_iv_length(cipher) > 0) { printf("iv ="); - for (i = 0; i < cipher->iv_len; i++) + for (i = 0; i < EVP_CIPHER_iv_length(cipher); i++) printf("%02X", iv[i]); printf("\n"); } @@ -568,15 +567,13 @@ int enc_main(int argc, char **argv) ret = 0; if (verbose) { - BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in)); - BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out)); + BIO_printf(bio_err, "bytes read :%8"PRIu64"\n", BIO_number_read(in)); + BIO_printf(bio_err, "bytes written:%8"PRIu64"\n", BIO_number_written(out)); } end: ERR_print_errors(bio_err); - if (strbuf != NULL) - OPENSSL_free(strbuf); - if (buff != NULL) - OPENSSL_free(buff); + OPENSSL_free(strbuf); + OPENSSL_free(buff); BIO_free(in); BIO_free_all(out); BIO_free(benc); @@ -584,8 +581,7 @@ int enc_main(int argc, char **argv) #ifdef ZLIB BIO_free(bzl); #endif - if (pass) - OPENSSL_free(pass); + OPENSSL_free(pass); return (ret); } @@ -621,16 +617,11 @@ static int set_hex(char *in, unsigned char *out, int size) *(in++) = '\0'; if (j == 0) break; - if ((j >= '0') && (j <= '9')) - j -= '0'; - else if ((j >= 'A') && (j <= 'F')) - j = j - 'A' + 10; - else if ((j >= 'a') && (j <= 'f')) - j = j - 'a' + 10; - else { + if (!isxdigit(j)) { BIO_printf(bio_err, "non-hex digit\n"); return (0); } + j = (unsigned char)app_hex(j); if (i & 1) out[i / 2] |= j; else