X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=apps%2Fenc.c;h=b14129d9b0fe461c6c5a10cc5026eae49d8a4be1;hb=2c2724476ef50b8926b033f009bdfc85ac3f1816;hp=4339ba4114aea5480cf51e53f9068bcbf135d245;hpb=b0f960189b8696f878b163d7123afdb99dfdb738;p=thirdparty%2Fopenssl.git diff --git a/apps/enc.c b/apps/enc.c index 4339ba4114..b14129d9b0 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -143,6 +143,7 @@ int enc_main(int argc, char **argv) else if (strcmp(argv[0], "enc") != 0) ciphername = argv[0]; + opt_set_unknown_name("cipher"); prog = opt_init(argc, argv, enc_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { @@ -289,25 +290,14 @@ int enc_main(int argc, char **argv) } /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) + if (!opt_check_rest_arg(NULL)) goto opthelp; if (!app_RAND_load()) goto end; /* Get the cipher name, either from progname (if set) or flag. */ - if (ciphername != NULL) { - if (!opt_cipher(ciphername, &cipher)) - goto opthelp; - } - if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { - BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog); - goto end; - } - if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) { - BIO_printf(bio_err, "%s XTS ciphers not supported\n", prog); - goto end; - } + if (!opt_cipher(ciphername, &cipher)) + goto opthelp; if (digestname != NULL) { if (!opt_md(digestname, &dgst)) goto opthelp; @@ -360,7 +350,7 @@ int enc_main(int argc, char **argv) char prompt[200]; BIO_snprintf(prompt, sizeof(prompt), "enter %s %s password:", - EVP_CIPHER_name(cipher), + EVP_CIPHER_get0_name(cipher), (enc) ? "encryption" : "decryption"); strbuf[0] = '\0'; i = EVP_read_pw_string((char *)strbuf, SIZE, prompt, enc); @@ -389,8 +379,8 @@ int enc_main(int argc, char **argv) goto end; if (debug) { - BIO_set_callback(in, BIO_debug_callback); - BIO_set_callback(out, BIO_debug_callback); + BIO_set_callback_ex(in, BIO_debug_callback_ex); + BIO_set_callback_ex(out, BIO_debug_callback_ex); BIO_set_callback_arg(in, (char *)bio_err); BIO_set_callback_arg(out, (char *)bio_err); } @@ -403,7 +393,7 @@ int enc_main(int argc, char **argv) if ((bzl = BIO_new(BIO_f_zlib())) == NULL) goto end; if (debug) { - BIO_set_callback(bzl, BIO_debug_callback); + BIO_set_callback_ex(bzl, BIO_debug_callback_ex); BIO_set_callback_arg(bzl, (char *)bio_err); } if (enc) @@ -417,7 +407,7 @@ int enc_main(int argc, char **argv) if ((b64 = BIO_new(BIO_f_base64())) == NULL) goto end; if (debug) { - BIO_set_callback(b64, BIO_debug_callback); + BIO_set_callback_ex(b64, BIO_debug_callback_ex); BIO_set_callback_arg(b64, (char *)bio_err); } if (olb64) @@ -429,14 +419,11 @@ int enc_main(int argc, char **argv) } if (cipher != NULL) { - /* - * Note that str is NULL if a key was passed on the command line, so - * we get no salt in that case. Is this a bug? - */ - if (str != NULL) { + if (str != NULL) { /* a passphrase is available */ /* - * Salt handling: if encrypting generate a salt and write to - * output BIO. If decrypting read salt from input BIO. + * Salt handling: if encrypting generate a salt if not supplied, + * and write to output BIO. If decrypting use salt from input BIO + * if not given with args */ unsigned char *sptr; size_t str_len = strlen(str); @@ -444,36 +431,47 @@ int enc_main(int argc, char **argv) if (nosalt) { sptr = NULL; } else { - if (enc) { - if (hsalt) { - if (!set_hex(hsalt, salt, sizeof(salt))) { - BIO_printf(bio_err, "invalid hex salt value\n"); + if (hsalt != NULL && !set_hex(hsalt, salt, sizeof(salt))) { + BIO_printf(bio_err, "invalid hex salt value\n"); + goto end; + } + if (enc) { /* encryption */ + if (hsalt == NULL) { + if (RAND_bytes(salt, sizeof(salt)) <= 0) { + BIO_printf(bio_err, "RAND_bytes failed\n"); + goto end; + } + /* + * If -P option then don't bother writing. + * If salt is given, shouldn't either ? + */ + if ((printkey != 2) + && (BIO_write(wbio, magic, + sizeof(magic) - 1) != sizeof(magic) - 1 + || BIO_write(wbio, + (char *)salt, + sizeof(salt)) != sizeof(salt))) { + BIO_printf(bio_err, "error writing output file\n"); goto end; } - } else if (RAND_bytes(salt, sizeof(salt)) <= 0) { - goto end; } - /* - * If -P option then don't bother writing - */ - if ((printkey != 2) - && (BIO_write(wbio, magic, - sizeof(magic) - 1) != sizeof(magic) - 1 - || BIO_write(wbio, - (char *)salt, - sizeof(salt)) != sizeof(salt))) { - BIO_printf(bio_err, "error writing output file\n"); - goto end; + } else { /* decryption */ + if (hsalt == NULL) { + if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)) { + BIO_printf(bio_err, "error reading input file\n"); + goto end; + } + if (memcmp(mbuf, magic, sizeof(mbuf)) == 0) { /* file IS salted */ + if (BIO_read(rbio, salt, + sizeof(salt)) != sizeof(salt)) { + BIO_printf(bio_err, "error reading input file\n"); + goto end; + } + } else { /* file is NOT salted, NO salt available */ + BIO_printf(bio_err, "bad magic number\n"); + goto end; + } } - } else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf) - || BIO_read(rbio, - (unsigned char *)salt, - sizeof(salt)) != sizeof(salt)) { - BIO_printf(bio_err, "error reading input file\n"); - goto end; - } else if (memcmp(mbuf, magic, sizeof(magic) - 1)) { - BIO_printf(bio_err, "bad magic number\n"); - goto end; } sptr = salt; } @@ -484,8 +482,8 @@ int enc_main(int argc, char **argv) * concatenated into a temporary buffer */ unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH]; - int iklen = EVP_CIPHER_key_length(cipher); - int ivlen = EVP_CIPHER_iv_length(cipher); + int iklen = EVP_CIPHER_get_key_length(cipher); + int ivlen = EVP_CIPHER_get_iv_length(cipher); /* not needed if HASH_UPDATE() is fixed : */ int islen = (sptr != NULL ? sizeof(salt) : 0); if (!PKCS5_PBKDF2_HMAC(str, str_len, sptr, islen, @@ -517,7 +515,7 @@ int enc_main(int argc, char **argv) OPENSSL_cleanse(str, str_len); } if (hiv != NULL) { - int siz = EVP_CIPHER_iv_length(cipher); + int siz = EVP_CIPHER_get_iv_length(cipher); if (siz == 0) { BIO_printf(bio_err, "warning: iv not used by this cipher\n"); } else if (!set_hex(hiv, iv, siz)) { @@ -526,7 +524,7 @@ int enc_main(int argc, char **argv) } } if ((hiv == NULL) && (str == NULL) - && EVP_CIPHER_iv_length(cipher) != 0) { + && EVP_CIPHER_get_iv_length(cipher) != 0) { /* * No IV was explicitly set and no IV was generated. * Hence the IV is undefined, making correct decryption impossible. @@ -535,7 +533,7 @@ int enc_main(int argc, char **argv) goto end; } if (hkey != NULL) { - if (!set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) { + if (!set_hex(hkey, key, EVP_CIPHER_get_key_length(cipher))) { BIO_printf(bio_err, "invalid hex key value\n"); goto end; } @@ -555,7 +553,7 @@ int enc_main(int argc, char **argv) if (!EVP_CipherInit_ex(ctx, cipher, e, NULL, NULL, enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", - EVP_CIPHER_name(cipher)); + EVP_CIPHER_get0_name(cipher)); ERR_print_errors(bio_err); goto end; } @@ -565,13 +563,13 @@ int enc_main(int argc, char **argv) if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", - EVP_CIPHER_name(cipher)); + EVP_CIPHER_get0_name(cipher)); ERR_print_errors(bio_err); goto end; } if (debug) { - BIO_set_callback(benc, BIO_debug_callback); + BIO_set_callback_ex(benc, BIO_debug_callback_ex); BIO_set_callback_arg(benc, (char *)bio_err); } @@ -582,15 +580,15 @@ int enc_main(int argc, char **argv) printf("%02X", salt[i]); printf("\n"); } - if (EVP_CIPHER_key_length(cipher) > 0) { + if (EVP_CIPHER_get_key_length(cipher) > 0) { printf("key="); - for (i = 0; i < EVP_CIPHER_key_length(cipher); i++) + for (i = 0; i < EVP_CIPHER_get_key_length(cipher); i++) printf("%02X", key[i]); printf("\n"); } - if (EVP_CIPHER_iv_length(cipher) > 0) { + if (EVP_CIPHER_get_iv_length(cipher) > 0) { printf("iv ="); - for (i = 0; i < EVP_CIPHER_iv_length(cipher); i++) + for (i = 0; i < EVP_CIPHER_get_iv_length(cipher); i++) printf("%02X", iv[i]); printf("\n"); } @@ -652,9 +650,9 @@ static void show_ciphers(const OBJ_NAME *name, void *arg) /* Filter out ciphers that we cannot use */ cipher = EVP_get_cipherbyname(name->name); - if (cipher == NULL || - (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 || - EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE) + if (cipher == NULL + || (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 + || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE) return; BIO_printf(dec->bio, "-%-25s", name->name);