/*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include <string.h>
#include <limits.h>
#include "apps.h"
+#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#define SIZE (512)
#define BSIZE (8*1024)
-static int set_hex(char *in, unsigned char *out, int size);
+static int set_hex(const char *in, unsigned char *out, int size);
static void show_ciphers(const OBJ_NAME *name, void *bio_);
struct doall_enc_ciphers {
char *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p;
char *infile = NULL, *outfile = NULL, *prog;
char *str = NULL, *passarg = NULL, *pass = NULL, *strbuf = NULL;
- char mbuf[sizeof magic - 1];
+ char mbuf[sizeof(magic) - 1];
OPTION_CHOICE o;
int bsize = BSIZE, verbose = 0, debug = 0, olb64 = 0, nosalt = 0;
int enc = 1, printkey = 0, i, k;
in = bio_open_default(opt_arg(), 'r', FORMAT_TEXT);
if (in == NULL)
goto opthelp;
- i = BIO_gets(in, buf, sizeof buf);
+ i = BIO_gets(in, buf, sizeof(buf));
BIO_free(in);
in = NULL;
if (i <= 0) {
break;
}
}
+ if (opt_num_rest() != 0) {
+ BIO_printf(bio_err, "Extra arguments given.\n");
+ goto opthelp;
+ }
if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog);
} else {
if (enc) {
if (hsalt) {
- if (!set_hex(hsalt, salt, sizeof salt)) {
+ if (!set_hex(hsalt, salt, sizeof(salt))) {
BIO_printf(bio_err, "invalid hex salt value\n");
goto end;
}
- } else if (RAND_bytes(salt, sizeof salt) <= 0) {
+ } else if (RAND_bytes(salt, sizeof(salt)) <= 0) {
goto end;
}
/*
*/
if ((printkey != 2)
&& (BIO_write(wbio, magic,
- sizeof magic - 1) != sizeof magic - 1
+ sizeof(magic) - 1) != sizeof(magic) - 1
|| BIO_write(wbio,
(char *)salt,
- sizeof salt) != sizeof salt)) {
+ sizeof(salt)) != sizeof(salt))) {
BIO_printf(bio_err, "error writing output file\n");
goto end;
}
- } else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf
+ } else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)
|| BIO_read(rbio,
(unsigned char *)salt,
- sizeof salt) != sizeof salt) {
+ sizeof(salt)) != sizeof(salt)) {
BIO_printf(bio_err, "error reading input file\n");
goto end;
- } else if (memcmp(mbuf, magic, sizeof magic - 1)) {
+ } else if (memcmp(mbuf, magic, sizeof(magic) - 1)) {
BIO_printf(bio_err, "bad magic number\n");
goto end;
}
}
/*
* zero the complete buffer or the string passed from the command
- * line bug picked up by Larry J. Hughes Jr. <hughes@indiana.edu>
+ * line.
*/
if (str == strbuf)
OPENSSL_cleanse(str, SIZE);
int siz = EVP_CIPHER_iv_length(cipher);
if (siz == 0) {
BIO_printf(bio_err, "warning: iv not use by this cipher\n");
- } else if (!set_hex(hiv, iv, sizeof iv)) {
+ } else if (!set_hex(hiv, iv, siz)) {
BIO_printf(bio_err, "invalid hex iv value\n");
goto end;
}
BIO_printf(bio_err, "iv undefined\n");
goto end;
}
- if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
- BIO_printf(bio_err, "invalid hex key value\n");
- goto end;
+ if (hkey != NULL) {
+ if (!set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
+ BIO_printf(bio_err, "invalid hex key value\n");
+ goto end;
+ }
+ /* wiping secret data as we no longer need it */
+ OPENSSL_cleanse(hkey, strlen(hkey));
}
if ((benc = BIO_new(BIO_f_cipher())) == NULL)
BIO_printf(dec->bio, " ");
}
-static int set_hex(char *in, unsigned char *out, int size)
+static int set_hex(const char *in, unsigned char *out, int size)
{
int i, n;
unsigned char j;
+ i = size * 2;
n = strlen(in);
- if (n > (size * 2)) {
- BIO_printf(bio_err, "hex string is too long\n");
- return 0;
+ if (n > i) {
+ BIO_printf(bio_err, "hex string is too long, ignoring excess\n");
+ n = i; /* ignore exceeding part */
+ } else if (n < i) {
+ BIO_printf(bio_err, "hex string is too short, padding with zero bytes to length\n");
}
+
memset(out, 0, size);
for (i = 0; i < n; i++) {
- j = (unsigned char)*in;
- *(in++) = '\0';
- if (j == 0)
- break;
+ j = (unsigned char)*in++;
if (!isxdigit(j)) {
BIO_printf(bio_err, "non-hex digit\n");
return 0;