Security framework.

[openssl.git] / apps / enc.c
diff --git a/apps/enc.c b/apps/enc.c

index 3e3e8eb4b8a74c4ab62aed3c8d94a946b61ab029..aef8978a9a52c0883530cf4c07711bd13ff420e5 100644 (file)
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -67,6 +67,7 @@
  #include <openssl/x509.h>
  #include <openssl/rand.h>
  #include <openssl/pem.h>
  #include <openssl/x509.h>
  #include <openssl/rand.h>
  #include <openssl/pem.h>
+#include <openssl/comp.h>
  #include <ctype.h>
  
  int set_hex(char *in,unsigned char *out,int size);
  #include <ctype.h>
  
  int set_hex(char *in,unsigned char *out,int size);
@@ -100,9 +101,6 @@ int MAIN(int, char **);
  
  int MAIN(int argc, char **argv)
         {
  
  int MAIN(int argc, char **argv)
         {
-#ifndef OPENSSL_NO_ENGINE
-       ENGINE *e = NULL;
-#endif
         static const char magic[]="Salted__";
         char mbuf[sizeof magic-1];
         char *strbuf=NULL;
         static const char magic[]="Salted__";
         char mbuf[sizeof magic-1];
         char *strbuf=NULL;
@@ -116,6 +114,10 @@ int MAIN(int argc, char **argv)
         char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
         char *md=NULL;
         int enc=1,printkey=0,i,base64=0;
         char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
         char *md=NULL;
         int enc=1,printkey=0,i,base64=0;
+#ifdef ZLIB
+       int do_zlib=0;
+       BIO *bzl = NULL;
+#endif
         int debug=0,olb64=0,nosalt=0;
         const EVP_CIPHER *cipher=NULL,*c;
         EVP_CIPHER_CTX *ctx = NULL;
         int debug=0,olb64=0,nosalt=0;
         const EVP_CIPHER *cipher=NULL,*c;
         EVP_CIPHER_CTX *ctx = NULL;
@@ -127,6 +129,7 @@ int MAIN(int argc, char **argv)
         char *engine = NULL;
  #endif
         const EVP_MD *dgst=NULL;
         char *engine = NULL;
  #endif
         const EVP_MD *dgst=NULL;
+       int non_fips_allow = 0;
  
         apps_startup();
  
  
         apps_startup();
  
@@ -141,9 +144,18 @@ int MAIN(int argc, char **argv)
         program_name(argv[0],pname,sizeof pname);
         if (strcmp(pname,"base64") == 0)
                 base64=1;
         program_name(argv[0],pname,sizeof pname);
         if (strcmp(pname,"base64") == 0)
                 base64=1;
+#ifdef ZLIB
+       if (strcmp(pname,"zlib") == 0)
+               do_zlib=1;
+#endif
  
         cipher=EVP_get_cipherbyname(pname);
  
         cipher=EVP_get_cipherbyname(pname);
+#ifdef ZLIB
+       if (!do_zlib && !base64 && (cipher == NULL)
+                               && (strcmp(pname,"enc") != 0))
+#else
         if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0))
         if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0))
+#endif
                 {
                 BIO_printf(bio_err,"%s is an unknown cipher\n",pname);
                 goto bad;
                 {
                 BIO_printf(bio_err,"%s is an unknown cipher\n",pname);
                 goto bad;
@@ -199,6 +211,10 @@ int MAIN(int argc, char **argv)
                         base64=1;
                 else if (strcmp(*argv,"-base64") == 0)
                         base64=1;
                         base64=1;
                 else if (strcmp(*argv,"-base64") == 0)
                         base64=1;
+#ifdef ZLIB
+               else if (strcmp(*argv,"-z") == 0)
+                       do_zlib=1;
+#endif
                 else if (strcmp(*argv,"-bufsize") == 0)
                         {
                         if (--argc < 1) goto bad;
                 else if (strcmp(*argv,"-bufsize") == 0)
                         {
                         if (--argc < 1) goto bad;
@@ -225,7 +241,12 @@ int MAIN(int argc, char **argv)
                                 goto bad;
                                 }
                         buf[0]='\0';
                                 goto bad;
                                 }
                         buf[0]='\0';
-                       fgets(buf,sizeof buf,infile);
+                       if (!fgets(buf,sizeof buf,infile))
+                               {
+                               BIO_printf(bio_err,"unable to read key from '%s'\n",
+                                       file);
+                               goto bad;
+                               }
                         fclose(infile);
                         i=strlen(buf);
                         if ((i > 0) &&
                         fclose(infile);
                         i=strlen(buf);
                         if ((i > 0) &&
@@ -261,6 +282,8 @@ int MAIN(int argc, char **argv)
                         if (--argc < 1) goto bad;
                         md= *(++argv);
                         }
                         if (--argc < 1) goto bad;
                         md= *(++argv);
                         }
+               else if (strcmp(*argv,"-non-fips-allow") == 0)
+                       non_fips_allow = 1;
                 else if ((argv[0][0] == '-') &&
                         ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
                         {
                 else if ((argv[0][0] == '-') &&
                         ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
                         {
@@ -283,9 +306,11 @@ bad:
                         BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
                         BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
                         BIO_printf(bio_err,"%-14s   from a passphrase.  One of md2, md5, sha or sha1\n","");
                         BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
                         BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
                         BIO_printf(bio_err,"%-14s   from a passphrase.  One of md2, md5, sha or sha1\n","");
+                       BIO_printf(bio_err,"%-14s salt in hex is the next argument\n","-S");
                         BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
                         BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
                         BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
                         BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
                         BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
                         BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
+                       BIO_printf(bio_err,"%-14s disable standard block padding\n","-nopad");
  #ifndef OPENSSL_NO_ENGINE
                         BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
  #endif
  #ifndef OPENSSL_NO_ENGINE
                         BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
  #endif
@@ -303,7 +328,7 @@ bad:
                 }
  
  #ifndef OPENSSL_NO_ENGINE
                 }
  
  #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
  #endif
  
         if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
  #endif
  
         if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
@@ -365,14 +390,16 @@ bad:
                 {
                 BIO_set_callback(in,BIO_debug_callback);
                 BIO_set_callback(out,BIO_debug_callback);
                 {
                 BIO_set_callback(in,BIO_debug_callback);
                 BIO_set_callback(out,BIO_debug_callback);
-               BIO_set_callback_arg(in,bio_err);
-               BIO_set_callback_arg(out,bio_err);
+               BIO_set_callback_arg(in,(char *)bio_err);
+               BIO_set_callback_arg(out,(char *)bio_err);
                 }
  
         if (inf == NULL)
                 {
                 }
  
         if (inf == NULL)
                 {
+#ifndef OPENSSL_NO_SETVBUF_IONBF
                 if (bufsize != NULL)
                         setvbuf(stdin, (char *)NULL, _IONBF, 0);
                 if (bufsize != NULL)
                         setvbuf(stdin, (char *)NULL, _IONBF, 0);
+#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
                 BIO_set_fp(in,stdin,BIO_NOCLOSE);
                 }
         else
                 BIO_set_fp(in,stdin,BIO_NOCLOSE);
                 }
         else
@@ -425,8 +452,10 @@ bad:
         if (outf == NULL)
                 {
                 BIO_set_fp(out,stdout,BIO_NOCLOSE);
         if (outf == NULL)
                 {
                 BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifndef OPENSSL_NO_SETVBUF_IONBF
                 if (bufsize != NULL)
                         setvbuf(stdout, (char *)NULL, _IONBF, 0);
                 if (bufsize != NULL)
                         setvbuf(stdout, (char *)NULL, _IONBF, 0);
+#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
  #ifdef OPENSSL_SYS_VMS
                 {
                 BIO *tmpbio = BIO_new(BIO_f_linebuffer());
  #ifdef OPENSSL_SYS_VMS
                 {
                 BIO *tmpbio = BIO_new(BIO_f_linebuffer());
@@ -446,6 +475,19 @@ bad:
         rbio=in;
         wbio=out;
  
         rbio=in;
         wbio=out;
  
+#ifdef ZLIB
+
+       if (do_zlib)
+               {
+               if ((bzl=BIO_new(BIO_f_zlib())) == NULL)
+                       goto end;
+               if (enc)
+                       wbio=BIO_push(bzl,wbio);
+               else
+                       rbio=BIO_push(bzl,rbio);
+               }
+#endif
+
         if (base64)
                 {
                 if ((b64=BIO_new(BIO_f_base64())) == NULL)
         if (base64)
                 {
                 if ((b64=BIO_new(BIO_f_base64())) == NULL)
@@ -453,7 +495,7 @@ bad:
                 if (debug)
                         {
                         BIO_set_callback(b64,BIO_debug_callback);
                 if (debug)
                         {
                         BIO_set_callback(b64,BIO_debug_callback);
-                       BIO_set_callback_arg(b64,bio_err);
+                       BIO_set_callback_arg(b64,(char *)bio_err);
                         }
                 if (olb64)
                         BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
                         }
                 if (olb64)
                         BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
@@ -510,9 +552,13 @@ bad:
                                 sptr = salt;
                         }
  
                                 sptr = salt;
                         }
  
-                       EVP_BytesToKey(cipher,dgst,sptr,
-                               (unsigned char *)str,
-                               strlen(str),1,key,iv);
+                       if (!EVP_BytesToKey(cipher,dgst,sptr,
+                                           (unsigned char *)str,
+                                           strlen(str),1,key,iv))
+                               {
+                               BIO_printf(bio_err, "EVP_BytesToKey failed\n");
+                               goto end;
+                               }
                         /* zero the complete buffer or the string
                          * passed from the command line
                          * bug picked up by
                         /* zero the complete buffer or the string
                          * passed from the command line
                          * bug picked up by
@@ -527,7 +573,8 @@ bad:
                         BIO_printf(bio_err,"invalid hex iv value\n");
                         goto end;
                         }
                         BIO_printf(bio_err,"invalid hex iv value\n");
                         goto end;
                         }
-               if ((hiv == NULL) && (str == NULL))
+               if ((hiv == NULL) && (str == NULL)
+                   && EVP_CIPHER_iv_length(cipher) != 0)
                         {
                         /* No IV was explicitly set and no IV was generated
                          * during EVP_BytesToKey. Hence the IV is undefined,
                         {
                         /* No IV was explicitly set and no IV was generated
                          * during EVP_BytesToKey. Hence the IV is undefined,
@@ -549,6 +596,11 @@ bad:
                  */
  
                 BIO_get_cipher_ctx(benc, &ctx);
                  */
  
                 BIO_get_cipher_ctx(benc, &ctx);
+
+               if (non_fips_allow)
+                       EVP_CIPHER_CTX_set_flags(ctx,
+                               EVP_CIPH_FLAG_NON_FIPS_ALLOW);
+
                 if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
                         {
                         BIO_printf(bio_err, "Error setting cipher %s\n",
                 if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
                         {
                         BIO_printf(bio_err, "Error setting cipher %s\n",
@@ -571,7 +623,7 @@ bad:
                 if (debug)
                         {
                         BIO_set_callback(benc,BIO_debug_callback);
                 if (debug)
                         {
                         BIO_set_callback(benc,BIO_debug_callback);
-                       BIO_set_callback_arg(benc,bio_err);
+                       BIO_set_callback_arg(benc,(char *)bio_err);
                         }
  
                 if (printkey)
                         }
  
                 if (printkey)
@@ -639,6 +691,9 @@ end:
         if (out != NULL) BIO_free_all(out);
         if (benc != NULL) BIO_free(benc);
         if (b64 != NULL) BIO_free(b64);
         if (out != NULL) BIO_free_all(out);
         if (benc != NULL) BIO_free(benc);
         if (b64 != NULL) BIO_free(b64);
+#ifdef ZLIB
+       if (bzl != NULL) BIO_free(bzl);
+#endif
         if(pass) OPENSSL_free(pass);
         apps_shutdown();
         OPENSSL_EXIT(ret);
         if(pass) OPENSSL_free(pass);
         apps_shutdown();
         OPENSSL_EXIT(ret);