X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Fenc.c;h=a64c654d4d2b37d8893bdbc05636b478932e60c5;hp=49cae7579c391a938e08e55646e100fd8506d398;hb=020d67fb89fcd8799350a46b36982a104e0b2d4c;hpb=c04f8cf44a3b204b82f5f1f5d1ad9dbc738459f1 diff --git a/apps/enc.c b/apps/enc.c index 49cae7579c..a64c654d4d 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -67,7 +67,7 @@ #include #include #include -#include +#include #include int set_hex(char *in,unsigned char *out,int size); @@ -79,7 +79,7 @@ int set_hex(char *in,unsigned char *out,int size); #define BSIZE (8*1024) #define PROG enc_main -void show_ciphers(const OBJ_NAME *name,void *bio_) +static void show_ciphers(const OBJ_NAME *name,void *bio_) { BIO *bio=bio_; static int n; @@ -101,9 +101,11 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif static const char magic[]="Salted__"; - char mbuf[8]; /* should be 1 smaller than magic */ + char mbuf[sizeof magic-1]; char *strbuf=NULL; unsigned char *buff=NULL,*bufsize=NULL; int bsize=BSIZE,verbose=0; @@ -113,14 +115,23 @@ int MAIN(int argc, char **argv) unsigned char salt[PKCS5_SALT_LEN]; char *str=NULL, *passarg = NULL, *pass = NULL; char *hkey=NULL,*hiv=NULL,*hsalt = NULL; + char *md=NULL; int enc=1,printkey=0,i,base64=0; +#ifdef ZLIB + int do_zlib=0; + BIO *bzl = NULL; +#endif int debug=0,olb64=0,nosalt=0; const EVP_CIPHER *cipher=NULL,*c; + EVP_CIPHER_CTX *ctx = NULL; char *inf=NULL,*outf=NULL; BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; -#define PROG_NAME_SIZE 16 - char pname[PROG_NAME_SIZE]; +#define PROG_NAME_SIZE 39 + char pname[PROG_NAME_SIZE+1]; +#ifndef OPENSSL_NO_ENGINE char *engine = NULL; +#endif + const EVP_MD *dgst=NULL; apps_startup(); @@ -128,13 +139,25 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + /* first check the program name */ - program_name(argv[0],pname,PROG_NAME_SIZE); + program_name(argv[0],pname,sizeof pname); if (strcmp(pname,"base64") == 0) base64=1; +#ifdef ZLIB + if (strcmp(pname,"zlib") == 0) + do_zlib=1; +#endif cipher=EVP_get_cipherbyname(pname); +#ifdef ZLIB + if (!do_zlib && !base64 && (cipher == NULL) + && (strcmp(pname,"enc") != 0)) +#else if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0)) +#endif { BIO_printf(bio_err,"%s is an unknown cipher\n",pname); goto bad; @@ -161,11 +184,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passarg= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-d") == 0) enc=0; else if (strcmp(*argv,"-p") == 0) @@ -188,6 +213,10 @@ int MAIN(int argc, char **argv) base64=1; else if (strcmp(*argv,"-base64") == 0) base64=1; +#ifdef ZLIB + else if (strcmp(*argv,"-z") == 0) + do_zlib=1; +#endif else if (strcmp(*argv,"-bufsize") == 0) { if (--argc < 1) goto bad; @@ -214,7 +243,7 @@ int MAIN(int argc, char **argv) goto bad; } buf[0]='\0'; - fgets(buf,128,infile); + fgets(buf,sizeof buf,infile); fclose(infile); i=strlen(buf); if ((i > 0) && @@ -245,6 +274,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; hiv= *(++argv); } + else if (strcmp(*argv,"-md") == 0) + { + if (--argc < 1) goto bad; + md= *(++argv); + } else if ((argv[0][0] == '-') && ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) { @@ -263,12 +297,18 @@ bad: BIO_printf(bio_err,"%-14s encrypt\n","-e"); BIO_printf(bio_err,"%-14s decrypt\n","-d"); BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64"); - BIO_printf(bio_err,"%-14s key is the next argument\n","-k"); - BIO_printf(bio_err,"%-14s key is the first line of the file argument\n","-kfile"); + BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k"); + BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile"); + BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md"); + BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n",""); + BIO_printf(bio_err,"%-14s salt in hex is the next argument\n","-S"); BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv"); BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]"); BIO_printf(bio_err,"%-14s buffer size\n","-bufsize "); + BIO_printf(bio_err,"%-14s disable standard block padding\n","-nopad"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e"); +#endif BIO_printf(bio_err,"Cipher Types\n"); OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, @@ -282,7 +322,20 @@ bad: argv++; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif + + if (md && (dgst=EVP_get_digestbyname(md)) == NULL) + { + BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); + goto end; + } + + if (dgst == NULL) + { + dgst = EVP_md5(); + } if (bufsize != NULL) { @@ -307,7 +360,7 @@ bad: } /* It must be large enough for a base64 encoded line */ - if (n < 80) n=80; + if (base64 && n < 80) n=80; bsize=(int)n; if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize); @@ -332,12 +385,16 @@ bad: { BIO_set_callback(in,BIO_debug_callback); BIO_set_callback(out,BIO_debug_callback); - BIO_set_callback_arg(in,bio_err); - BIO_set_callback_arg(out,bio_err); + BIO_set_callback_arg(in,(char *)bio_err); + BIO_set_callback_arg(out,(char *)bio_err); } if (inf == NULL) + { + if (bufsize != NULL) + setvbuf(stdin, (char *)NULL, _IONBF, 0); BIO_set_fp(in,stdin,BIO_NOCLOSE); + } else { if (BIO_read_filename(in,inf) <= 0) @@ -361,9 +418,9 @@ bad: { char buf[200]; - sprintf(buf,"enter %s %s password:", - OBJ_nid2ln(EVP_CIPHER_nid(cipher)), - (enc)?"encryption":"decryption"); + BIO_snprintf(buf,sizeof buf,"enter %s %s password:", + OBJ_nid2ln(EVP_CIPHER_nid(cipher)), + (enc)?"encryption":"decryption"); strbuf[0]='\0'; i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc); if (i == 0) @@ -388,6 +445,8 @@ bad: if (outf == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); + if (bufsize != NULL) + setvbuf(stdout, (char *)NULL, _IONBF, 0); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); @@ -407,6 +466,19 @@ bad: rbio=in; wbio=out; +#ifdef ZLIB + + if (do_zlib) + { + if ((bzl=BIO_new(BIO_f_zlib())) == NULL) + goto end; + if (enc) + wbio=BIO_push(bzl,wbio); + else + rbio=BIO_push(bzl,rbio); + } +#endif + if (base64) { if ((b64=BIO_new(BIO_f_base64())) == NULL) @@ -414,7 +486,7 @@ bad: if (debug) { BIO_set_callback(b64,BIO_debug_callback); - BIO_set_callback_arg(b64,bio_err); + BIO_set_callback_arg(b64,(char *)bio_err); } if (olb64) BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); @@ -440,12 +512,12 @@ bad: else { if(enc) { if(hsalt) { - if(!set_hex(hsalt,salt,PKCS5_SALT_LEN)) { + if(!set_hex(hsalt,salt,sizeof salt)) { BIO_printf(bio_err, "invalid hex salt value\n"); goto end; } - } else if (RAND_pseudo_bytes(salt, PKCS5_SALT_LEN) < 0) + } else if (RAND_pseudo_bytes(salt, sizeof salt) < 0) goto end; /* If -P option then don't bother writing */ if((printkey != 2) @@ -453,14 +525,14 @@ bad: sizeof magic-1) != sizeof magic-1 || BIO_write(wbio, (char *)salt, - PKCS5_SALT_LEN) != PKCS5_SALT_LEN)) { + sizeof salt) != sizeof salt)) { BIO_printf(bio_err,"error writing output file\n"); goto end; } } else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf || BIO_read(rbio, (unsigned char *)salt, - PKCS5_SALT_LEN) != PKCS5_SALT_LEN) { + sizeof salt) != sizeof salt) { BIO_printf(bio_err,"error reading input file\n"); goto end; } else if(memcmp(mbuf,magic,sizeof magic-1)) { @@ -471,7 +543,7 @@ bad: sptr = salt; } - EVP_BytesToKey(cipher,EVP_md5(),sptr, + EVP_BytesToKey(cipher,dgst,sptr, (unsigned char *)str, strlen(str),1,key,iv); /* zero the complete buffer or the string @@ -479,15 +551,23 @@ bad: * bug picked up by * Larry J. Hughes Jr. */ if (str == strbuf) - memset(str,0,SIZE); + OPENSSL_cleanse(str,SIZE); else - memset(str,0,strlen(str)); + OPENSSL_cleanse(str,strlen(str)); } if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv)) { BIO_printf(bio_err,"invalid hex iv value\n"); goto end; } + if ((hiv == NULL) && (str == NULL)) + { + /* No IV was explicitly set and no IV was generated + * during EVP_BytesToKey. Hence the IV is undefined, + * making correct decryption impossible. */ + BIO_printf(bio_err, "iv undefined\n"); + goto end; + } if ((hkey != NULL) && !set_hex(hkey,key,sizeof key)) { BIO_printf(bio_err,"invalid hex key value\n"); @@ -496,17 +576,35 @@ bad: if ((benc=BIO_new(BIO_f_cipher())) == NULL) goto end; - BIO_set_cipher(benc,cipher,key,iv,enc); - if (nopad) + + /* Since we may be changing parameters work on the encryption + * context rather than calling BIO_set_cipher(). + */ + + BIO_get_cipher_ctx(benc, &ctx); + if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) { - EVP_CIPHER_CTX *ctx; - BIO_get_cipher_ctx(benc, &ctx); + BIO_printf(bio_err, "Error setting cipher %s\n", + EVP_CIPHER_name(cipher)); + ERR_print_errors(bio_err); + goto end; + } + + if (nopad) EVP_CIPHER_CTX_set_padding(ctx, 0); + + if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) + { + BIO_printf(bio_err, "Error setting cipher %s\n", + EVP_CIPHER_name(cipher)); + ERR_print_errors(bio_err); + goto end; } + if (debug) { BIO_set_callback(benc,BIO_debug_callback); - BIO_set_callback_arg(benc,bio_err); + BIO_set_callback_arg(benc,(char *)bio_err); } if (printkey) @@ -514,7 +612,7 @@ bad: if (!nosalt) { printf("salt="); - for (i=0; i