#include <openssl/x509.h>
#include <openssl/rand.h>
#include <openssl/pem.h>
+#ifndef OPENSSL_NO_COMP
#include <openssl/comp.h>
+#endif
#include <ctype.h>
int set_hex(char *in,unsigned char *out,int size);
int MAIN(int argc, char **argv)
{
-#ifndef OPENSSL_NO_ENGINE
- ENGINE *e = NULL;
-#endif
static const char magic[]="Salted__";
char mbuf[sizeof magic-1];
char *strbuf=NULL;
char *engine = NULL;
#endif
const EVP_MD *dgst=NULL;
+ int non_fips_allow = 0;
apps_startup();
goto bad;
}
buf[0]='\0';
- fgets(buf,sizeof buf,infile);
+ if (!fgets(buf,sizeof buf,infile))
+ {
+ BIO_printf(bio_err,"unable to read key from '%s'\n",
+ file);
+ goto bad;
+ }
fclose(infile);
i=strlen(buf);
if ((i > 0) &&
if (--argc < 1) goto bad;
md= *(++argv);
}
+ else if (strcmp(*argv,"-non-fips-allow") == 0)
+ non_fips_allow = 1;
else if ((argv[0][0] == '-') &&
((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
{
}
#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
+ setup_engine(bio_err, engine, 0);
#endif
+ if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
+ {
+ BIO_printf(bio_err, "AEAD ciphers not supported by the enc utility\n");
+ goto end;
+ }
+
+ if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE))
+ {
+ BIO_printf(bio_err, "Ciphers in XTS mode are not supported by the enc utility\n");
+ goto end;
+ }
+
if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
{
BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
if (inf == NULL)
{
+#ifndef OPENSSL_NO_SETVBUF_IONBF
if (bufsize != NULL)
setvbuf(stdin, (char *)NULL, _IONBF, 0);
+#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
BIO_set_fp(in,stdin,BIO_NOCLOSE);
}
else
if (outf == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifndef OPENSSL_NO_SETVBUF_IONBF
if (bufsize != NULL)
setvbuf(stdout, (char *)NULL, _IONBF, 0);
+#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
sptr = salt;
}
- EVP_BytesToKey(cipher,dgst,sptr,
- (unsigned char *)str,
- strlen(str),1,key,iv);
+ if (!EVP_BytesToKey(cipher,dgst,sptr,
+ (unsigned char *)str,
+ strlen(str),1,key,iv))
+ {
+ BIO_printf(bio_err, "EVP_BytesToKey failed\n");
+ goto end;
+ }
/* zero the complete buffer or the string
* passed from the command line
* bug picked up by
*/
BIO_get_cipher_ctx(benc, &ctx);
+
+ if (non_fips_allow)
+ EVP_CIPHER_CTX_set_flags(ctx,
+ EVP_CIPH_FLAG_NON_FIPS_ALLOW);
+
if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
{
BIO_printf(bio_err, "Error setting cipher %s\n",