/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A,
OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE,
OPT_UPPER_S, OPT_IV, OPT_MD, OPT_ITER, OPT_PBKDF2, OPT_CIPHER,
- OPT_R_ENUM
+ OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS enc_options[] = {
+ OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
{"list", OPT_LIST, '-', "List ciphers"},
#ifndef OPENSSL_NO_DEPRECATED_3_0
{"ciphers", OPT_LIST, '-', "Alias for -list"},
#endif
- {"in", OPT_IN, '<', "Input file"},
- {"out", OPT_OUT, '>', "Output file"},
- {"pass", OPT_PASS, 's', "Passphrase source"},
{"e", OPT_E, '-', "Encrypt"},
{"d", OPT_D, '-', "Decrypt"},
{"p", OPT_P, '-', "Print the iv/key"},
{"P", OPT_UPPER_P, '-', "Print the iv/key and exit"},
+#ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+
+ OPT_SECTION("Input"),
+ {"in", OPT_IN, '<', "Input file"},
+ {"k", OPT_K, 's', "Passphrase"},
+ {"kfile", OPT_KFILE, '<', "Read passphrase from file"},
+
+ OPT_SECTION("Output"),
+ {"out", OPT_OUT, '>', "Output file"},
+ {"pass", OPT_PASS, 's', "Passphrase source"},
{"v", OPT_V, '-', "Verbose output"},
- {"nopad", OPT_NOPAD, '-', "Disable standard block padding"},
- {"salt", OPT_SALT, '-', "Use salt in the KDF (default)"},
- {"nosalt", OPT_NOSALT, '-', "Do not use salt in the KDF"},
- {"debug", OPT_DEBUG, '-', "Print debug info"},
{"a", OPT_A, '-', "Base64 encode/decode, depending on encryption flag"},
{"base64", OPT_A, '-', "Same as option -a"},
{"A", OPT_UPPER_A, '-',
"Used with -[base64|a] to specify base64 buffer as a single line"},
+
+ OPT_SECTION("Encryption"),
+ {"nopad", OPT_NOPAD, '-', "Disable standard block padding"},
+ {"salt", OPT_SALT, '-', "Use salt in the KDF (default)"},
+ {"nosalt", OPT_NOSALT, '-', "Do not use salt in the KDF"},
+ {"debug", OPT_DEBUG, '-', "Print debug info"},
+
{"bufsize", OPT_BUFSIZE, 's', "Buffer size"},
- {"k", OPT_K, 's', "Passphrase"},
- {"kfile", OPT_KFILE, '<', "Read passphrase from file"},
{"K", OPT_UPPER_K, 's', "Raw key, in hex"},
{"S", OPT_UPPER_S, 's', "Salt, in hex"},
{"iv", OPT_IV, 's', "IV in hex"},
{"iter", OPT_ITER, 'p', "Specify the iteration count and force use of PBKDF2"},
{"pbkdf2", OPT_PBKDF2, '-', "Use password-based key derivation function 2"},
{"none", OPT_NONE, '-', "Don't encrypt"},
- {"", OPT_CIPHER, '-', "Any supported cipher"},
- OPT_R_OPTIONS,
#ifdef ZLIB
{"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
#endif
-#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
-#endif
+ {"", OPT_CIPHER, '-', "Any supported cipher"},
+
+ OPT_R_OPTIONS,
+ OPT_PROV_OPTIONS,
{NULL}
};
const EVP_CIPHER *cipher = NULL, *c;
const EVP_MD *dgst = NULL;
char *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p;
- char *infile = NULL, *outfile = NULL, *prog;
+ char *infile = NULL, *outfile = NULL, *prog, *arg0;
char *str = NULL, *passarg = NULL, *pass = NULL, *strbuf = NULL;
char mbuf[sizeof(magic) - 1];
OPTION_CHOICE o;
BIO *bzl = NULL;
#endif
- /* first check the program name */
- prog = opt_progname(argv[0]);
- if (strcmp(prog, "base64") == 0) {
+ /* first check the command name */
+ arg0 = argv[0];
+ if (strcmp(arg0, "base64") == 0) {
base64 = 1;
#ifdef ZLIB
- } else if (strcmp(prog, "zlib") == 0) {
+ } else if (strcmp(arg0, "zlib") == 0) {
do_zlib = 1;
#endif
} else {
- cipher = EVP_get_cipherbyname(prog);
- if (cipher == NULL && strcmp(prog, "enc") != 0) {
- BIO_printf(bio_err, "%s is not a known cipher\n", prog);
+ cipher = EVP_get_cipherbyname(arg0);
+ if (cipher == NULL && strcmp(arg0, "enc") != 0) {
+ BIO_printf(bio_err, "%s is not a known cipher\n", arg0);
goto end;
}
}
if (!opt_rand(o))
goto end;
break;
+ case OPT_PROV_CASES:
+ if (!opt_provider(o))
+ goto end;
+ break;
}
}
- if (opt_num_rest() != 0) {
- BIO_printf(bio_err, "Extra arguments given.\n");
+
+ /* No extra arguments. */
+ argc = opt_num_rest();
+ if (argc != 0)
goto opthelp;
- }
if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog);
goto end;
}
/* wiping secret data as we no longer need it */
- OPENSSL_cleanse(hkey, strlen(hkey));
+ cleanse(hkey);
}
if ((benc = BIO_new(BIO_f_cipher())) == NULL)
BIO_get_cipher_ctx(benc, &ctx);
- if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {
+ if (!EVP_CipherInit_ex(ctx, cipher, e, NULL, NULL, enc)) {
BIO_printf(bio_err, "Error setting cipher %s\n",
EVP_CIPHER_name(cipher));
ERR_print_errors(bio_err);