X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=apps%2Fenc.c;h=8beb2dff35bee2be83337def4499ffe21c142244;hb=72033fde7be9e6f215078d63a9630872f95cd9c8;hp=ae18452e86338e6bb5a8928e47a91670c08493f9;hpb=27545970134d703ed96027aac9b67eced124eec3;p=oweals%2Fopenssl.git diff --git a/apps/enc.c b/apps/enc.c index ae18452e86..8beb2dff35 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -100,9 +100,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif static const char magic[]="Salted__"; char mbuf[sizeof magic-1]; char *strbuf=NULL; @@ -114,9 +111,11 @@ int MAIN(int argc, char **argv) unsigned char salt[PKCS5_SALT_LEN]; char *str=NULL, *passarg = NULL, *pass = NULL; char *hkey=NULL,*hiv=NULL,*hsalt = NULL; + char *md=NULL; int enc=1,printkey=0,i,base64=0; int debug=0,olb64=0,nosalt=0; const EVP_CIPHER *cipher=NULL,*c; + EVP_CIPHER_CTX *ctx = NULL; char *inf=NULL,*outf=NULL; BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; #define PROG_NAME_SIZE 39 @@ -124,6 +123,8 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_ENGINE char *engine = NULL; #endif + const EVP_MD *dgst=NULL; + int non_fips_allow = 0; apps_startup(); @@ -222,7 +223,12 @@ int MAIN(int argc, char **argv) goto bad; } buf[0]='\0'; - fgets(buf,sizeof buf,infile); + if (!fgets(buf,sizeof buf,infile)) + { + BIO_printf(bio_err,"unable to read key from '%s'\n", + file); + goto bad; + } fclose(infile); i=strlen(buf); if ((i > 0) && @@ -253,6 +259,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; hiv= *(++argv); } + else if (strcmp(*argv,"-md") == 0) + { + if (--argc < 1) goto bad; + md= *(++argv); + } + else if (strcmp(*argv,"-non-fips-allow") == 0) + non_fips_allow = 1; else if ((argv[0][0] == '-') && ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) { @@ -271,8 +284,10 @@ bad: BIO_printf(bio_err,"%-14s encrypt\n","-e"); BIO_printf(bio_err,"%-14s decrypt\n","-d"); BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64"); - BIO_printf(bio_err,"%-14s key is the next argument\n","-k"); - BIO_printf(bio_err,"%-14s key is the first line of the file argument\n","-kfile"); + BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k"); + BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile"); + BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md"); + BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n",""); BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv"); BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]"); BIO_printf(bio_err,"%-14s buffer size\n","-bufsize "); @@ -293,9 +308,23 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif + if (md && (dgst=EVP_get_digestbyname(md)) == NULL) + { + BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); + goto end; + } + + if (dgst == NULL) + { + if (in_FIPS_mode) + dgst = EVP_sha1(); + else + dgst = EVP_md5(); + } + if (bufsize != NULL) { unsigned long n; @@ -319,7 +348,7 @@ bad: } /* It must be large enough for a base64 encoded line */ - if (n < 80) n=80; + if (base64 && n < 80) n=80; bsize=(int)n; if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize); @@ -344,12 +373,16 @@ bad: { BIO_set_callback(in,BIO_debug_callback); BIO_set_callback(out,BIO_debug_callback); - BIO_set_callback_arg(in,bio_err); - BIO_set_callback_arg(out,bio_err); + BIO_set_callback_arg(in,(char *)bio_err); + BIO_set_callback_arg(out,(char *)bio_err); } if (inf == NULL) + { + if (bufsize != NULL) + setvbuf(stdin, (char *)NULL, _IONBF, 0); BIO_set_fp(in,stdin,BIO_NOCLOSE); + } else { if (BIO_read_filename(in,inf) <= 0) @@ -373,9 +406,9 @@ bad: { char buf[200]; - sprintf(buf,"enter %s %s password:", - OBJ_nid2ln(EVP_CIPHER_nid(cipher)), - (enc)?"encryption":"decryption"); + BIO_snprintf(buf,sizeof buf,"enter %s %s password:", + OBJ_nid2ln(EVP_CIPHER_nid(cipher)), + (enc)?"encryption":"decryption"); strbuf[0]='\0'; i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc); if (i == 0) @@ -400,6 +433,8 @@ bad: if (outf == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); + if (bufsize != NULL) + setvbuf(stdout, (char *)NULL, _IONBF, 0); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); @@ -426,7 +461,7 @@ bad: if (debug) { BIO_set_callback(b64,BIO_debug_callback); - BIO_set_callback_arg(b64,bio_err); + BIO_set_callback_arg(b64,(char *)bio_err); } if (olb64) BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); @@ -483,7 +518,7 @@ bad: sptr = salt; } - EVP_BytesToKey(cipher,EVP_md5(),sptr, + EVP_BytesToKey(cipher,dgst,sptr, (unsigned char *)str, strlen(str),1,key,iv); /* zero the complete buffer or the string @@ -500,7 +535,8 @@ bad: BIO_printf(bio_err,"invalid hex iv value\n"); goto end; } - if ((hiv == NULL) && (str == NULL)) + if ((hiv == NULL) && (str == NULL) + && EVP_CIPHER_iv_length(cipher) != 0) { /* No IV was explicitly set and no IV was generated * during EVP_BytesToKey. Hence the IV is undefined, @@ -516,17 +552,40 @@ bad: if ((benc=BIO_new(BIO_f_cipher())) == NULL) goto end; - BIO_set_cipher(benc,cipher,key,iv,enc); - if (nopad) + + /* Since we may be changing parameters work on the encryption + * context rather than calling BIO_set_cipher(). + */ + + BIO_get_cipher_ctx(benc, &ctx); + + if (non_fips_allow) + EVP_CIPHER_CTX_set_flags(ctx, + EVP_CIPH_FLAG_NON_FIPS_ALLOW); + + if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) { - EVP_CIPHER_CTX *ctx; - BIO_get_cipher_ctx(benc, &ctx); + BIO_printf(bio_err, "Error setting cipher %s\n", + EVP_CIPHER_name(cipher)); + ERR_print_errors(bio_err); + goto end; + } + + if (nopad) EVP_CIPHER_CTX_set_padding(ctx, 0); + + if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) + { + BIO_printf(bio_err, "Error setting cipher %s\n", + EVP_CIPHER_name(cipher)); + ERR_print_errors(bio_err); + goto end; } + if (debug) { BIO_set_callback(benc,BIO_debug_callback); - BIO_set_callback_arg(benc,bio_err); + BIO_set_callback_arg(benc,(char *)bio_err); } if (printkey)