Only use DSA-functions if available.
[openssl.git] / apps / enc.c
index d5db3bf..1ba2ea2 100644 (file)
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/rand.h>
-#ifndef NO_MD5
-#include <openssl/md5.h>
-#endif
 #include <openssl/pem.h>
+#include <ctype.h>
 
 int set_hex(char *in,unsigned char *out,int size);
 #undef SIZE
@@ -80,25 +78,48 @@ int set_hex(char *in,unsigned char *out,int size);
 #define BSIZE  (8*1024)
 #define        PROG    enc_main
 
+static void show_ciphers(const OBJ_NAME *name,void *bio_)
+       {
+       BIO *bio=bio_;
+       static int n;
+
+       if(!islower((unsigned char)*name->name))
+               return;
+
+       BIO_printf(bio,"-%-25s",name->name);
+       if(++n == 3)
+               {
+               BIO_printf(bio,"\n");
+               n=0;
+               }
+       else
+               BIO_printf(bio," ");
+       }
+
+int MAIN(int, char **);
+
 int MAIN(int argc, char **argv)
        {
+       ENGINE *e = NULL;
        static const char magic[]="Salted__";
        char mbuf[8];   /* should be 1 smaller than magic */
        char *strbuf=NULL;
        unsigned char *buff=NULL,*bufsize=NULL;
        int bsize=BSIZE,verbose=0;
        int ret=1,inl;
-       unsigned char key[24],iv[MD5_DIGEST_LENGTH];
+       int nopad = 0;
+       unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH];
        unsigned char salt[PKCS5_SALT_LEN];
-       char *str=NULL;
+       char *str=NULL, *passarg = NULL, *pass = NULL;
        char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
        int enc=1,printkey=0,i,base64=0;
        int debug=0,olb64=0,nosalt=0;
        const EVP_CIPHER *cipher=NULL,*c;
        char *inf=NULL,*outf=NULL;
        BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
-#define PROG_NAME_SIZE  16
-       char pname[PROG_NAME_SIZE];
+#define PROG_NAME_SIZE  39
+       char pname[PROG_NAME_SIZE+1];
+       char *engine = NULL;
 
        apps_startup();
 
@@ -106,6 +127,9 @@ int MAIN(int argc, char **argv)
                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+       if (!load_config(bio_err, NULL))
+               goto end;
+
        /* first check the program name */
        program_name(argv[0],pname,PROG_NAME_SIZE);
        if (strcmp(pname,"base64") == 0)
@@ -134,12 +158,24 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        outf= *(++argv);
                        }
+               else if (strcmp(*argv,"-pass") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       passarg= *(++argv);
+                       }
+               else if (strcmp(*argv,"-engine") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       engine= *(++argv);
+                       }
                else if (strcmp(*argv,"-d") == 0)
                        enc=0;
                else if (strcmp(*argv,"-p") == 0)
                        printkey=1;
                else if (strcmp(*argv,"-v") == 0)
                        verbose=1;
+               else if (strcmp(*argv,"-nopad") == 0)
+                       nopad=1;
                else if (strcmp(*argv,"-salt") == 0)
                        nosalt=0;
                else if (strcmp(*argv,"-nosalt") == 0)
@@ -224,7 +260,8 @@ int MAIN(int argc, char **argv)
 bad:
                        BIO_printf(bio_err,"options are\n");
                        BIO_printf(bio_err,"%-14s input file\n","-in <file>");
-                       BIO_printf(bio_err,"%-14s output fileencrypt\n","-out <file>");
+                       BIO_printf(bio_err,"%-14s output file\n","-out <file>");
+                       BIO_printf(bio_err,"%-14s pass phrase source\n","-pass <arg>");
                        BIO_printf(bio_err,"%-14s encrypt\n","-e");
                        BIO_printf(bio_err,"%-14s decrypt\n","-d");
                        BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
@@ -233,79 +270,22 @@ bad:
                        BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
                        BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
                        BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
+                       BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
 
                        BIO_printf(bio_err,"Cipher Types\n");
-                       BIO_printf(bio_err,"des     : 56 bit key DES encryption\n");
-                       BIO_printf(bio_err,"des_ede :112 bit key ede DES encryption\n");
-                       BIO_printf(bio_err,"des_ede3:168 bit key ede DES encryption\n");
-#ifndef NO_IDEA
-                       BIO_printf(bio_err,"idea    :128 bit key IDEA encryption\n");
-#endif
-#ifndef NO_RC4
-                       BIO_printf(bio_err,"rc2     :128 bit key RC2 encryption\n");
-#endif
-#ifndef NO_BF
-                       BIO_printf(bio_err,"bf      :128 bit key BlowFish encryption\n");
-#endif
-#ifndef NO_RC4
-                       BIO_printf(bio_err," -%-5s :128 bit key RC4 encryption\n",
-                               LN_rc4);
-#endif
+                       OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
+                                              show_ciphers,
+                                              bio_err);
+                       BIO_printf(bio_err,"\n");
 
-                       BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-                               LN_des_ecb,LN_des_cbc,
-                               LN_des_cfb64,LN_des_ofb64);
-                       BIO_printf(bio_err," -%-4s (%s)\n",
-                               "des", LN_des_cbc);
-
-                       BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-                               LN_des_ede,LN_des_ede_cbc,
-                               LN_des_ede_cfb64,LN_des_ede_ofb64);
-                       BIO_printf(bio_err," -desx -none\n");
-
-
-                       BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-                               LN_des_ede3,LN_des_ede3_cbc,
-                               LN_des_ede3_cfb64,LN_des_ede3_ofb64);
-                       BIO_printf(bio_err," -%-4s (%s)\n",
-                               "des3", LN_des_ede3_cbc);
-
-#ifndef NO_IDEA
-                       BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-                               LN_idea_ecb, LN_idea_cbc,
-                               LN_idea_cfb64, LN_idea_ofb64);
-                       BIO_printf(bio_err," -%-4s (%s)\n","idea",LN_idea_cbc);
-#endif
-#ifndef NO_RC2
-                       BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-                               LN_rc2_ecb, LN_rc2_cbc,
-                               LN_rc2_cfb64, LN_rc2_ofb64);
-                       BIO_printf(bio_err," -%-4s (%s)\n","rc2", LN_rc2_cbc);
-#endif
-#ifndef NO_BF
-                       BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-                               LN_bf_ecb, LN_bf_cbc,
-                               LN_bf_cfb64, LN_bf_ofb64);
-                       BIO_printf(bio_err," -%-4s (%s)\n","bf", LN_bf_cbc);
-#endif
-#ifndef NO_CAST
-                       BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-                               LN_cast5_ecb, LN_cast5_cbc,
-                               LN_cast5_cfb64, LN_cast5_ofb64);
-                       BIO_printf(bio_err," -%-4s (%s)\n","cast", LN_cast5_cbc);
-#endif
-#ifndef NO_RC5
-                       BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-                               LN_rc5_ecb, LN_rc5_cbc,
-                               LN_rc5_cfb64, LN_rc5_ofb64);
-                       BIO_printf(bio_err," -%-4s (%s)\n","rc5", LN_rc5_cbc);
-#endif
                        goto end;
                        }
                argc--;
                argv++;
                }
 
+        e = setup_engine(bio_err, engine, 0);
+
        if (bufsize != NULL)
                {
                unsigned long n;
@@ -335,11 +315,11 @@ bad:
                if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
                }
 
-       strbuf=Malloc(SIZE);
-       buff=(unsigned char *)Malloc(EVP_ENCODE_LENGTH(bsize));
+       strbuf=OPENSSL_malloc(SIZE);
+       buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
        if ((buff == NULL) || (strbuf == NULL))
                {
-               BIO_printf(bio_err,"Malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
+               BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
                goto end;
                }
 
@@ -369,6 +349,14 @@ bad:
                        }
                }
 
+       if(!str && passarg) {
+               if(!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
+                       BIO_printf(bio_err, "Error getting password\n");
+                       goto end;
+               }
+               str = pass;
+       }
+
        if ((str == NULL) && (cipher != NULL) && (hkey == NULL))
                {
                for (;;)
@@ -400,7 +388,15 @@ bad:
 
 
        if (outf == NULL)
+               {
                BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+               {
+               BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+               out = BIO_push(tmpbio, out);
+               }
+#endif
+               }
        else
                {
                if (BIO_write_filename(out,outf) <= 0)
@@ -432,6 +428,9 @@ bad:
 
        if (cipher != NULL)
                {
+               /* Note that str is NULL if a key was passed on the command
+                * line, so we get no salt in that case. Is this a bug?
+                */
                if (str != NULL)
                        {
                        /* Salt handling: if encrypting generate a salt and
@@ -486,12 +485,20 @@ bad:
                        else
                                memset(str,0,strlen(str));
                        }
-               if ((hiv != NULL) && !set_hex(hiv,iv,8))
+               if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
                        {
                        BIO_printf(bio_err,"invalid hex iv value\n");
                        goto end;
                        }
-               if ((hkey != NULL) && !set_hex(hkey,key,24))
+               if ((hiv == NULL) && (str == NULL))
+                       {
+                       /* No IV was explicitly set and no IV was generated
+                        * during EVP_BytesToKey. Hence the IV is undefined,
+                        * making correct decryption impossible. */
+                       BIO_printf(bio_err, "iv undefined\n");
+                       goto end;
+                       }
+               if ((hkey != NULL) && !set_hex(hkey,key,sizeof key))
                        {
                        BIO_printf(bio_err,"invalid hex key value\n");
                        goto end;
@@ -500,6 +507,12 @@ bad:
                if ((benc=BIO_new(BIO_f_cipher())) == NULL)
                        goto end;
                BIO_set_cipher(benc,cipher,key,iv,enc);
+               if (nopad)
+                       {
+                       EVP_CIPHER_CTX *ctx;
+                       BIO_get_cipher_ctx(benc, &ctx);
+                       EVP_CIPHER_CTX_set_padding(ctx, 0);
+                       }
                if (debug)
                        {
                        BIO_set_callback(benc,BIO_debug_callback);
@@ -565,12 +578,14 @@ bad:
                }
 end:
        ERR_print_errors(bio_err);
-       if (strbuf != NULL) Free(strbuf);
-       if (buff != NULL) Free(buff);
+       if (strbuf != NULL) OPENSSL_free(strbuf);
+       if (buff != NULL) OPENSSL_free(buff);
        if (in != NULL) BIO_free(in);
-       if (out != NULL) BIO_free(out);
+       if (out != NULL) BIO_free_all(out);
        if (benc != NULL) BIO_free(benc);
        if (b64 != NULL) BIO_free(b64);
+       if(pass) OPENSSL_free(pass);
+       apps_shutdown();
        EXIT(ret);
        }