crypto/cast/asm/cast-586.pl: +5% on PIII and remove obsolete readme.

[openssl.git] / apps / enc.c

diff --git a/apps/enc.c b/apps/enc.c
index c28d8b19480f2f9605a44a42f5eaa312715b270f..75d97bbc27fbc713477c5f741286cd2e0800b90a 100644 (file)
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -67,7 +67,9 @@
 #include <openssl/x509.h>
 #include <openssl/rand.h>
 #include <openssl/pem.h>
+#ifndef OPENSSL_NO_COMP
 #include <openssl/comp.h>
+#endif
 #include <ctype.h>
 
 int set_hex(char *in,unsigned char *out,int size);
@@ -129,6 +131,7 @@ int MAIN(int argc, char **argv)
        char *engine = NULL;
 #endif
        const EVP_MD *dgst=NULL;
+       int non_fips_allow = 0;
 
        apps_startup();
 
@@ -281,6 +284,8 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        md= *(++argv);
                        }
+               else if (strcmp(*argv,"-non-fips-allow") == 0)
+                       non_fips_allow = 1;
                else if ((argv[0][0] == '-') &&
                        ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
                        {
@@ -328,6 +333,18 @@ bad:
         setup_engine(bio_err, engine, 0);
 #endif
 
+       if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
+               {
+               BIO_printf(bio_err, "AEAD ciphers not supported by the enc utility\n");
+               goto end;
+               }
+
+       if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE))
+               {
+               BIO_printf(bio_err, "Ciphers in XTS mode are not supported by the enc utility\n");
+               goto end;
+               }
+
        if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
                {
                BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
@@ -393,8 +410,10 @@ bad:
 
        if (inf == NULL)
                {
+#ifndef OPENSSL_NO_SETVBUF_IONBF
                if (bufsize != NULL)
                        setvbuf(stdin, (char *)NULL, _IONBF, 0);
+#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
                BIO_set_fp(in,stdin,BIO_NOCLOSE);
                }
        else
@@ -447,8 +466,10 @@ bad:
        if (outf == NULL)
                {
                BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifndef OPENSSL_NO_SETVBUF_IONBF
                if (bufsize != NULL)
                        setvbuf(stdout, (char *)NULL, _IONBF, 0);
+#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
 #ifdef OPENSSL_SYS_VMS
                {
                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
@@ -545,9 +566,13 @@ bad:
                                sptr = salt;
                        }
 
-                       EVP_BytesToKey(cipher,dgst,sptr,
-                               (unsigned char *)str,
-                               strlen(str),1,key,iv);
+                       if (!EVP_BytesToKey(cipher,dgst,sptr,
+                                           (unsigned char *)str,
+                                           strlen(str),1,key,iv))
+                               {
+                               BIO_printf(bio_err, "EVP_BytesToKey failed\n");
+                               goto end;
+                               }
                        /* zero the complete buffer or the string
                         * passed from the command line
                         * bug picked up by
@@ -585,6 +610,11 @@ bad:
                 */
 
                BIO_get_cipher_ctx(benc, &ctx);
+
+               if (non_fips_allow)
+                       EVP_CIPHER_CTX_set_flags(ctx,
+                               EVP_CIPH_FLAG_NON_FIPS_ALLOW);
+
                if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
                        {
                        BIO_printf(bio_err, "Error setting cipher %s\n",