Symaptic: os/ossrv/ssl/tsrc/topenssl/src/enc.c@bde4ae8d615e (annotated)

sl@0	1	/* apps/enc.c */
sl@0	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
sl@0	3	* All rights reserved.
sl@0	4	*
sl@0	5	* This package is an SSL implementation written
sl@0	6	* by Eric Young (eay@cryptsoft.com).
sl@0	7	* The implementation was written so as to conform with Netscapes SSL.
sl@0	8	*
sl@0	9	* This library is free for commercial and non-commercial use as long as
sl@0	10	* the following conditions are aheared to. The following conditions
sl@0	11	* apply to all code found in this distribution, be it the RC4, RSA,
sl@0	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
sl@0	13	* included with this distribution is covered by the same copyright terms
sl@0	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
sl@0	15	*
sl@0	16	* Copyright remains Eric Young's, and as such any Copyright notices in
sl@0	17	* the code are not to be removed.
sl@0	18	* If this package is used in a product, Eric Young should be given attribution
sl@0	19	* as the author of the parts of the library used.
sl@0	20	* This can be in the form of a textual message at program startup or
sl@0	21	* in documentation (online or textual) provided with the package.
sl@0	22	*
sl@0	23	* Redistribution and use in source and binary forms, with or without
sl@0	24	* modification, are permitted provided that the following conditions
sl@0	25	* are met:
sl@0	26	* 1. Redistributions of source code must retain the copyright
sl@0	27	* notice, this list of conditions and the following disclaimer.
sl@0	28	* 2. Redistributions in binary form must reproduce the above copyright
sl@0	29	* notice, this list of conditions and the following disclaimer in the
sl@0	30	* documentation and/or other materials provided with the distribution.
sl@0	31	* 3. All advertising materials mentioning features or use of this software
sl@0	32	* must display the following acknowledgement:
sl@0	33	* "This product includes cryptographic software written by
sl@0	34	* Eric Young (eay@cryptsoft.com)"
sl@0	35	* The word 'cryptographic' can be left out if the rouines from the library
sl@0	36	* being used are not cryptographic related :-).
sl@0	37	* 4. If you include any Windows specific code (or a derivative thereof) from
sl@0	38	* the apps directory (application code) you must include an acknowledgement:
sl@0	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
sl@0	40	*
sl@0	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
sl@0	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
sl@0	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
sl@0	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
sl@0	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
sl@0	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
sl@0	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
sl@0	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
sl@0	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
sl@0	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
sl@0	51	* SUCH DAMAGE.
sl@0	52	*
sl@0	53	* The licence and distribution terms for any publically available version or
sl@0	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
sl@0	55	* copied and put under another distribution licence
sl@0	56	* [including the GNU Public Licence.]
sl@0	57	*/
sl@0	58
sl@0	59	#include <stdio.h>
sl@0	60	#include <stdlib.h>
sl@0	61	#include <string.h>
sl@0	62	#include "apps.h"
sl@0	63	#include <openssl/bio.h>
sl@0	64	#include <openssl/err.h>
sl@0	65	#include <openssl/evp.h>
sl@0	66	#include <openssl/objects.h>
sl@0	67	#include <openssl/x509.h>
sl@0	68	#include <openssl/rand.h>
sl@0	69	#include <openssl/pem.h>
sl@0	70	#include <ctype.h>
sl@0	71
sl@0	72	int set_hex(char in,unsigned char out,int size);
sl@0	73	#undef SIZE
sl@0	74	#undef BSIZE
sl@0	75	#undef PROG
sl@0	76
sl@0	77	#define SIZE (512)
sl@0	78	#define BSIZE (8*1024)
sl@0	79	#define PROG enc_main
sl@0	80
sl@0	81
sl@0	82
sl@0	83	static void show_ciphers(const OBJ_NAME name,void bio_)
sl@0	84	{
sl@0	85	BIO *bio=bio_;
sl@0	86	static int n;
sl@0	87
sl@0	88	if(!islower((unsigned char)*name->name))
sl@0	89	return;
sl@0	90
sl@0	91	BIO_printf(bio,"-%-25s",name->name);
sl@0	92	if(++n == 3)
sl@0	93	{
sl@0	94	BIO_printf(bio,"\n");
sl@0	95	n=0;
sl@0	96	}
sl@0	97	else
sl@0	98	BIO_printf(bio," ");
sl@0	99	}
sl@0	100
sl@0	101	int MAIN(int, char **);
sl@0	102
sl@0	103	int MAIN(int argc, char **argv)
sl@0	104	{
sl@0	105	#ifndef OPENSSL_NO_ENGINE
sl@0	106	ENGINE *e = NULL;
sl@0	107	#endif
sl@0	108	static const char magic[]="Salted__";
sl@0	109	char mbuf[sizeof magic-1];
sl@0	110	char *strbuf=NULL;
sl@0	111	unsigned char buff=NULL,bufsize=NULL;
sl@0	112	int bsize=BSIZE,verbose=0;
sl@0	113	int ret=1,inl;
sl@0	114	int nopad = 0;
sl@0	115	unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH];
sl@0	116	unsigned char salt[PKCS5_SALT_LEN];
sl@0	117	char str=NULL, passarg = NULL, *pass = NULL;
sl@0	118	char hkey=NULL,hiv=NULL,*hsalt = NULL;
sl@0	119	char *md=NULL;
sl@0	120	int enc=1,printkey=0,i,base64=0;
sl@0	121	int debug=0,olb64=0,nosalt=0;
sl@0	122	const EVP_CIPHER cipher=NULL,c;
sl@0	123	EVP_CIPHER_CTX *ctx = NULL;
sl@0	124	char inf=NULL,outf=NULL;
sl@0	125	BIO in=NULL,out=NULL,b64=NULL,benc=NULL,rbio=NULL,wbio=NULL;
sl@0	126	#define PROG_NAME_SIZE 39
sl@0	127	char pname[PROG_NAME_SIZE+1];
sl@0	128	#ifndef OPENSSL_NO_ENGINE
sl@0	129	char *engine = NULL;
sl@0	130	#endif
sl@0	131	const EVP_MD *dgst=NULL;
sl@0	132
sl@0	133	apps_startup();
sl@0	134
sl@0	135	if (bio_err == NULL)
sl@0	136	if ((bio_err=BIO_new(BIO_s_file())) != NULL)
sl@0	137	BIO_set_fp(bio_err,stderr,BIO_NOCLOSE\|BIO_FP_TEXT);
sl@0	138
sl@0	139
sl@0	140	if (!load_config(bio_err, NULL))
sl@0	141	goto end;
sl@0	142
sl@0	143	/* first check the program name */
sl@0	144	program_name(argv[0],pname,sizeof pname);
sl@0	145	if (strcmp(pname,"base64") == 0)
sl@0	146	base64=1;
sl@0	147
sl@0	148	cipher=EVP_get_cipherbyname(pname);
sl@0	149	if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0))
sl@0	150	{
sl@0	151	BIO_printf(bio_err,"%s is an unknown cipher\n",pname);
sl@0	152	goto bad;
sl@0	153	}
sl@0	154
sl@0	155	argc--;
sl@0	156	argv++;
sl@0	157	while (argc >= 1)
sl@0	158	{
sl@0	159	if (strcmp(*argv,"-e") == 0)
sl@0	160	enc=1;
sl@0	161	else if (strcmp(*argv,"-in") == 0)
sl@0	162	{
sl@0	163	if (--argc < 1) goto bad;
sl@0	164	inf= *(++argv);
sl@0	165	}
sl@0	166	else if (strcmp(*argv,"-out") == 0)
sl@0	167	{
sl@0	168	if (--argc < 1) goto bad;
sl@0	169	outf= *(++argv);
sl@0	170	}
sl@0	171	else if (strcmp(*argv,"-pass") == 0)
sl@0	172	{
sl@0	173	if (--argc < 1) goto bad;
sl@0	174	passarg= *(++argv);
sl@0	175	}
sl@0	176	#ifndef OPENSSL_NO_ENGINE
sl@0	177	else if (strcmp(*argv,"-engine") == 0)
sl@0	178	{
sl@0	179	if (--argc < 1) goto bad;
sl@0	180	engine= *(++argv);
sl@0	181	}
sl@0	182	#endif
sl@0	183	else if (strcmp(*argv,"-d") == 0)
sl@0	184	enc=0;
sl@0	185	else if (strcmp(*argv,"-p") == 0)
sl@0	186	printkey=1;
sl@0	187	else if (strcmp(*argv,"-v") == 0)
sl@0	188	verbose=1;
sl@0	189	else if (strcmp(*argv,"-nopad") == 0)
sl@0	190	nopad=1;
sl@0	191	else if (strcmp(*argv,"-salt") == 0)
sl@0	192	nosalt=0;
sl@0	193	else if (strcmp(*argv,"-nosalt") == 0)
sl@0	194	nosalt=1;
sl@0	195	else if (strcmp(*argv,"-debug") == 0)
sl@0	196	debug=1;
sl@0	197	else if (strcmp(*argv,"-P") == 0)
sl@0	198	printkey=2;
sl@0	199	else if (strcmp(*argv,"-A") == 0)
sl@0	200	olb64=1;
sl@0	201	else if (strcmp(*argv,"-a") == 0)
sl@0	202	base64=1;
sl@0	203	else if (strcmp(*argv,"-base64") == 0)
sl@0	204	base64=1;
sl@0	205	else if (strcmp(*argv,"-bufsize") == 0)
sl@0	206	{
sl@0	207	if (--argc < 1) goto bad;
sl@0	208	bufsize=(unsigned char )(++argv);
sl@0	209	}
sl@0	210	else if (strcmp(*argv,"-k") == 0)
sl@0	211	{
sl@0	212	if (--argc < 1) goto bad;
sl@0	213	str= *(++argv);
sl@0	214	}
sl@0	215	else if (strcmp(*argv,"-kfile") == 0)
sl@0	216	{
sl@0	217	static char buf[128];
sl@0	218	FILE *infile;
sl@0	219	char *file;
sl@0	220
sl@0	221	if (--argc < 1) goto bad;
sl@0	222	file= *(++argv);
sl@0	223	infile=fopen(file,"r");
sl@0	224	if (infile == NULL)
sl@0	225	{
sl@0	226	BIO_printf(bio_err,"unable to read key from '%s'\n",
sl@0	227	file);
sl@0	228	goto bad;
sl@0	229	}
sl@0	230	buf[0]='\0';
sl@0	231	fgets(buf,sizeof buf,infile);
sl@0	232	fclose(infile);
sl@0	233	i=strlen(buf);
sl@0	234	if ((i > 0) &&
sl@0	235	((buf[i-1] == '\n') \|\| (buf[i-1] == '\r')))
sl@0	236	buf[--i]='\0';
sl@0	237	if ((i > 0) &&
sl@0	238	((buf[i-1] == '\n') \|\| (buf[i-1] == '\r')))
sl@0	239	buf[--i]='\0';
sl@0	240	if (i < 1)
sl@0	241	{
sl@0	242	BIO_printf(bio_err,"zero length password\n");
sl@0	243	goto bad;
sl@0	244	}
sl@0	245	str=buf;
sl@0	246	}
sl@0	247	else if (strcmp(*argv,"-K") == 0)
sl@0	248	{
sl@0	249	if (--argc < 1) goto bad;
sl@0	250	hkey= *(++argv);
sl@0	251	}
sl@0	252	else if (strcmp(*argv,"-S") == 0)
sl@0	253	{
sl@0	254	if (--argc < 1) goto bad;
sl@0	255	hsalt= *(++argv);
sl@0	256	}
sl@0	257	else if (strcmp(*argv,"-iv") == 0)
sl@0	258	{
sl@0	259	if (--argc < 1) goto bad;
sl@0	260	hiv= *(++argv);
sl@0	261	}
sl@0	262	else if (strcmp(*argv,"-md") == 0)
sl@0	263	{
sl@0	264	if (--argc < 1) goto bad;
sl@0	265	md= *(++argv);
sl@0	266	}
sl@0	267	else if ((argv[0][0] == '-') &&
sl@0	268	((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
sl@0	269	{
sl@0	270	cipher=c;
sl@0	271	}
sl@0	272	else if (strcmp(*argv,"-none") == 0)
sl@0	273	cipher=NULL;
sl@0	274	else
sl@0	275	{
sl@0	276	BIO_printf(bio_err,"unknown option '%s'\n",*argv);
sl@0	277	bad:
sl@0	278	BIO_printf(bio_err,"options are\n");
sl@0	279	BIO_printf(bio_err,"%-14s input file\n","-in <file>");
sl@0	280	BIO_printf(bio_err,"%-14s output file\n","-out <file>");
sl@0	281	BIO_printf(bio_err,"%-14s pass phrase source\n","-pass <arg>");
sl@0	282	BIO_printf(bio_err,"%-14s encrypt\n","-e");
sl@0	283	BIO_printf(bio_err,"%-14s decrypt\n","-d");
sl@0	284	BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
sl@0	285	BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
sl@0	286	BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
sl@0	287	BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
sl@0	288	BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n","");
sl@0	289	BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
sl@0	290	BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
sl@0	291	BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
sl@0	292	#ifndef OPENSSL_NO_ENGINE
sl@0	293	BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
sl@0	294	#endif
sl@0	295
sl@0	296	BIO_printf(bio_err,"Cipher Types\n");
sl@0	297	OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
sl@0	298	show_ciphers,
sl@0	299	bio_err);
sl@0	300	BIO_printf(bio_err,"\n");
sl@0	301
sl@0	302	goto end;
sl@0	303	}
sl@0	304	argc--;
sl@0	305	argv++;
sl@0	306	}
sl@0	307
sl@0	308	#ifndef OPENSSL_NO_ENGINE
sl@0	309	e = setup_engine(bio_err, engine, 0);
sl@0	310	#endif
sl@0	311
sl@0	312	if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
sl@0	313	{
sl@0	314	BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
sl@0	315	goto end;
sl@0	316	}
sl@0	317
sl@0	318	if (dgst == NULL)
sl@0	319	{
sl@0	320	dgst = EVP_md5();
sl@0	321	}
sl@0	322
sl@0	323	if (bufsize != NULL)
sl@0	324	{
sl@0	325	unsigned long n;
sl@0	326
sl@0	327	for (n=0; *bufsize; bufsize++)
sl@0	328	{
sl@0	329	i= *bufsize;
sl@0	330	if ((i <= '9') && (i >= '0'))
sl@0	331	n=n*10+i-'0';
sl@0	332	else if (i == 'k')
sl@0	333	{
sl@0	334	n*=1024;
sl@0	335	bufsize++;
sl@0	336	break;
sl@0	337	}
sl@0	338	}
sl@0	339	if (*bufsize != '\0')
sl@0	340	{
sl@0	341	BIO_printf(bio_err,"invalid 'bufsize' specified.\n");
sl@0	342	goto end;
sl@0	343	}
sl@0	344
sl@0	345	/* It must be large enough for a base64 encoded line */
sl@0	346	if (base64 && n < 80) n=80;
sl@0	347
sl@0	348	bsize=(int)n;
sl@0	349	if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
sl@0	350	}
sl@0	351
sl@0	352	strbuf=OPENSSL_malloc(SIZE);
sl@0	353	buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
sl@0	354	if ((buff == NULL) \|\| (strbuf == NULL))
sl@0	355	{
sl@0	356	BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
sl@0	357	goto end;
sl@0	358	}
sl@0	359
sl@0	360	in=BIO_new(BIO_s_file());
sl@0	361	out=BIO_new(BIO_s_file());
sl@0	362	if ((in == NULL) \|\| (out == NULL))
sl@0	363	{
sl@0	364	ERR_print_errors(bio_err);
sl@0	365	goto end;
sl@0	366	}
sl@0	367	if (debug)
sl@0	368	{
sl@0	369	BIO_set_callback(in,BIO_debug_callback);
sl@0	370	BIO_set_callback(out,BIO_debug_callback);
sl@0	371	BIO_set_callback_arg(in,(char *)bio_err);
sl@0	372	BIO_set_callback_arg(out,(char *)bio_err);
sl@0	373	}
sl@0	374
sl@0	375	if (inf == NULL)
sl@0	376	{
sl@0	377	if (bufsize != NULL)
sl@0	378	setvbuf(stdin, (char *)NULL, _IONBF, 0);
sl@0	379	BIO_set_fp(in,stdin,BIO_NOCLOSE);
sl@0	380	}
sl@0	381	else
sl@0	382	{
sl@0	383	if (BIO_read_filename(in,inf) <= 0)
sl@0	384	{
sl@0	385	perror(inf);
sl@0	386	goto end;
sl@0	387	}
sl@0	388	}
sl@0	389
sl@0	390	if(!str && passarg) {
sl@0	391	if(!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
sl@0	392	BIO_printf(bio_err, "Error getting password\n");
sl@0	393	goto end;
sl@0	394	}
sl@0	395	str = pass;
sl@0	396	}
sl@0	397
sl@0	398	if ((str == NULL) && (cipher != NULL) && (hkey == NULL))
sl@0	399	{
sl@0	400	for (;;)
sl@0	401	{
sl@0	402	char buf[200];
sl@0	403
sl@0	404	BIO_snprintf(buf,sizeof buf,"enter %s %s password:",
sl@0	405	OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
sl@0	406	(enc)?"encryption":"decryption");
sl@0	407	strbuf[0]='\0';
sl@0	408	i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
sl@0	409	if (i == 0)
sl@0	410	{
sl@0	411	if (strbuf[0] == '\0')
sl@0	412	{
sl@0	413	ret=1;
sl@0	414	goto end;
sl@0	415	}
sl@0	416	str=strbuf;
sl@0	417	break;
sl@0	418	}
sl@0	419	if (i < 0)
sl@0	420	{
sl@0	421	BIO_printf(bio_err,"bad password read\n");
sl@0	422	goto end;
sl@0	423	}
sl@0	424	}
sl@0	425	}
sl@0	426
sl@0	427
sl@0	428	if (outf == NULL)
sl@0	429	{
sl@0	430	BIO_set_fp(out,stdout,BIO_NOCLOSE);
sl@0	431	if (bufsize != NULL)
sl@0	432	setvbuf(stdout, (char *)NULL, _IONBF, 0);
sl@0	433	#ifdef OPENSSL_SYS_VMS
sl@0	434	{
sl@0	435	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
sl@0	436	out = BIO_push(tmpbio, out);
sl@0	437	}
sl@0	438	#endif
sl@0	439	}
sl@0	440	else
sl@0	441	{
sl@0	442	if (BIO_write_filename(out,outf) <= 0)
sl@0	443	{
sl@0	444	perror(outf);
sl@0	445	goto end;
sl@0	446	}
sl@0	447	}
sl@0	448
sl@0	449	rbio=in;
sl@0	450	wbio=out;
sl@0	451
sl@0	452	if (base64)
sl@0	453	{
sl@0	454	if ((b64=BIO_new(BIO_f_base64())) == NULL)
sl@0	455	goto end;
sl@0	456	if (debug)
sl@0	457	{
sl@0	458	BIO_set_callback(b64,BIO_debug_callback);
sl@0	459	BIO_set_callback_arg(b64,(char *)bio_err);
sl@0	460	}
sl@0	461	if (olb64)
sl@0	462	BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
sl@0	463	if (enc)
sl@0	464	wbio=BIO_push(b64,wbio);
sl@0	465	else
sl@0	466	rbio=BIO_push(b64,rbio);
sl@0	467	}
sl@0	468
sl@0	469	if (cipher != NULL)
sl@0	470	{
sl@0	471	/* Note that str is NULL if a key was passed on the command
sl@0	472	* line, so we get no salt in that case. Is this a bug?
sl@0	473	*/
sl@0	474	if (str != NULL)
sl@0	475	{
sl@0	476	/* Salt handling: if encrypting generate a salt and
sl@0	477	* write to output BIO. If decrypting read salt from
sl@0	478	* input BIO.
sl@0	479	*/
sl@0	480	unsigned char *sptr;
sl@0	481	if(nosalt) sptr = NULL;
sl@0	482	else {
sl@0	483	if(enc) {
sl@0	484	if(hsalt) {
sl@0	485	if(!set_hex(hsalt,salt,sizeof salt)) {
sl@0	486	BIO_printf(bio_err,
sl@0	487	"invalid hex salt value\n");
sl@0	488	goto end;
sl@0	489	}
sl@0	490	} else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
sl@0	491	goto end;
sl@0	492	/* If -P option then don't bother writing */
sl@0	493	if((printkey != 2)
sl@0	494	&& (BIO_write(wbio,magic,
sl@0	495	sizeof magic-1) != sizeof magic-1
sl@0	496	\|\| BIO_write(wbio,
sl@0	497	(char *)salt,
sl@0	498	sizeof salt) != sizeof salt)) {
sl@0	499	BIO_printf(bio_err,"error writing output file\n");
sl@0	500	goto end;
sl@0	501	}
sl@0	502	} else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf
sl@0	503	\|\| BIO_read(rbio,
sl@0	504	(unsigned char *)salt,
sl@0	505	sizeof salt) != sizeof salt) {
sl@0	506	BIO_printf(bio_err,"error reading input file\n");
sl@0	507	goto end;
sl@0	508	} else if(memcmp(mbuf,magic,sizeof magic-1)) {
sl@0	509	BIO_printf(bio_err,"bad magic number\n");
sl@0	510	goto end;
sl@0	511	}
sl@0	512
sl@0	513	sptr = salt;
sl@0	514	}
sl@0	515
sl@0	516	EVP_BytesToKey(cipher,dgst,sptr,
sl@0	517	(unsigned char *)str,
sl@0	518	strlen(str),1,key,iv);
sl@0	519	/* zero the complete buffer or the string
sl@0	520	* passed from the command line
sl@0	521	* bug picked up by
sl@0	522	* Larry J. Hughes Jr. <hughes@indiana.edu> */
sl@0	523	if (str == strbuf)
sl@0	524	OPENSSL_cleanse(str,SIZE);
sl@0	525	else
sl@0	526	OPENSSL_cleanse(str,strlen(str));
sl@0	527	}
sl@0	528	if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
sl@0	529	{
sl@0	530	BIO_printf(bio_err,"invalid hex iv value\n");
sl@0	531	goto end;
sl@0	532	}
sl@0	533	if ((hiv == NULL) && (str == NULL))
sl@0	534	{
sl@0	535	/* No IV was explicitly set and no IV was generated
sl@0	536	* during EVP_BytesToKey. Hence the IV is undefined,
sl@0	537	* making correct decryption impossible. */
sl@0	538	BIO_printf(bio_err, "iv undefined\n");
sl@0	539	goto end;
sl@0	540	}
sl@0	541	if ((hkey != NULL) && !set_hex(hkey,key,sizeof key))
sl@0	542	{
sl@0	543	BIO_printf(bio_err,"invalid hex key value\n");
sl@0	544	goto end;
sl@0	545	}
sl@0	546
sl@0	547	if ((benc=BIO_new(BIO_f_cipher())) == NULL)
sl@0	548	goto end;
sl@0	549
sl@0	550	/* Since we may be changing parameters work on the encryption
sl@0	551	* context rather than calling BIO_set_cipher().
sl@0	552	*/
sl@0	553
sl@0	554	BIO_get_cipher_ctx(benc, &ctx);
sl@0	555	if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
sl@0	556	{
sl@0	557	BIO_printf(bio_err, "Error setting cipher %s\n",
sl@0	558	EVP_CIPHER_name(cipher));
sl@0	559	ERR_print_errors(bio_err);
sl@0	560	goto end;
sl@0	561	}
sl@0	562
sl@0	563	if (nopad)
sl@0	564	EVP_CIPHER_CTX_set_padding(ctx, 0);
sl@0	565
sl@0	566	if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
sl@0	567	{
sl@0	568	BIO_printf(bio_err, "Error setting cipher %s\n",
sl@0	569	EVP_CIPHER_name(cipher));
sl@0	570	ERR_print_errors(bio_err);
sl@0	571	goto end;
sl@0	572	}
sl@0	573
sl@0	574	if (debug)
sl@0	575	{
sl@0	576	BIO_set_callback(benc,BIO_debug_callback);
sl@0	577	BIO_set_callback_arg(benc,(char *)bio_err);
sl@0	578	}
sl@0	579
sl@0	580	if (printkey)
sl@0	581	{
sl@0	582	if (!nosalt)
sl@0	583	{
sl@0	584	printf("salt=");
sl@0	585	for (i=0; i<(int)sizeof(salt); i++)
sl@0	586	printf("%02X",salt[i]);
sl@0	587	printf("\n");
sl@0	588	}
sl@0	589	if (cipher->key_len > 0)
sl@0	590	{
sl@0	591	printf("key=");
sl@0	592	for (i=0; i<cipher->key_len; i++)
sl@0	593	printf("%02X",key[i]);
sl@0	594	printf("\n");
sl@0	595	}
sl@0	596	if (cipher->iv_len > 0)
sl@0	597	{
sl@0	598	printf("iv =");
sl@0	599	for (i=0; i<cipher->iv_len; i++)
sl@0	600	printf("%02X",iv[i]);
sl@0	601	printf("\n");
sl@0	602	}
sl@0	603	if (printkey == 2)
sl@0	604	{
sl@0	605	ret=0;
sl@0	606	goto end;
sl@0	607	}
sl@0	608
sl@0	609
sl@0	610	}
sl@0	611	}
sl@0	612
sl@0	613	/* Only encrypt/decrypt as we write the file */
sl@0	614	if (benc != NULL)
sl@0	615	wbio=BIO_push(benc,wbio);
sl@0	616
sl@0	617	for (;;)
sl@0	618	{
sl@0	619	inl=BIO_read(rbio,(char *)buff,bsize);
sl@0	620	if (inl <= 0) break;
sl@0	621	if (BIO_write(wbio,(char *)buff,inl) != inl)
sl@0	622	{
sl@0	623	BIO_printf(bio_err,"error writing output file\n");
sl@0	624	goto end;
sl@0	625	}
sl@0	626	}
sl@0	627	if (!BIO_flush(wbio))
sl@0	628	{
sl@0	629	BIO_printf(bio_err,"bad decrypt\n");
sl@0	630	goto end;
sl@0	631	}
sl@0	632
sl@0	633	ret=0;
sl@0	634	if (verbose)
sl@0	635	{
sl@0	636	BIO_printf(bio_err,"bytes read :%8ld\n",BIO_number_read(in));
sl@0	637	BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
sl@0	638	}
sl@0	639	end:
sl@0	640	ERR_print_errors(bio_err);
sl@0	641	if (strbuf != NULL) OPENSSL_free(strbuf);
sl@0	642	if (buff != NULL) OPENSSL_free(buff);
sl@0	643	if (in != NULL) BIO_free(in);
sl@0	644	if (out != NULL) BIO_free_all(out);
sl@0	645	if (benc != NULL) BIO_free(benc);
sl@0	646	if (b64 != NULL) BIO_free(b64);
sl@0	647	if(pass) OPENSSL_free(pass);
sl@0	648	apps_shutdown();
sl@0	649	OPENSSL_EXIT(ret);
sl@0	650	}
sl@0	651
sl@0	652	int set_hex(char in, unsigned char out, int size)
sl@0	653	{
sl@0	654	int i,n;
sl@0	655	unsigned char j;
sl@0	656
sl@0	657	n=strlen(in);
sl@0	658	if (n > (size*2))
sl@0	659	{
sl@0	660	BIO_printf(bio_err,"hex string is too long\n");
sl@0	661	return(0);
sl@0	662	}
sl@0	663	memset(out,0,size);
sl@0	664	for (i=0; i<n; i++)
sl@0	665	{
sl@0	666	j=(unsigned char)*in;
sl@0	667	*(in++)='\0';
sl@0	668	if (j == 0) break;
sl@0	669	if ((j >= '0') && (j <= '9'))
sl@0	670	j-='0';
sl@0	671	else if ((j >= 'A') && (j <= 'F'))
sl@0	672	j=j-'A'+10;
sl@0	673	else if ((j >= 'a') && (j <= 'f'))
sl@0	674	j=j-'a'+10;
sl@0	675	else
sl@0	676	{
sl@0	677	BIO_printf(bio_err,"non-hex digit\n");
sl@0	678	return(0);
sl@0	679	}
sl@0	680	if (i&1)
sl@0	681	out[i/2]\|=j;
sl@0	682	else
sl@0	683	out[i/2]=(j<<4);
sl@0	684	}
sl@0	685	return(1);
sl@0	686	}

author	sl@SLION-WIN7.fritz.box
	Fri, 15 Jun 2012 03:10:57 +0200
changeset 0	bde4ae8d615e
permissions	-rw-r--r--