1304046Sae/* apps/enc.c */ 2304046Sae/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3304046Sae * All rights reserved. 4304046Sae * 5304046Sae * This package is an SSL implementation written 6304046Sae * by Eric Young (eay@cryptsoft.com). 7304046Sae * The implementation was written so as to conform with Netscapes SSL. 8304046Sae * 9304046Sae * This library is free for commercial and non-commercial use as long as 10304046Sae * the following conditions are aheared to. The following conditions 11304046Sae * apply to all code found in this distribution, be it the RC4, RSA, 12304046Sae * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13304046Sae * included with this distribution is covered by the same copyright terms 14304046Sae * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15304046Sae * 16304046Sae * Copyright remains Eric Young's, and as such any Copyright notices in 17304046Sae * the code are not to be removed. 18304046Sae * If this package is used in a product, Eric Young should be given attribution 19304046Sae * as the author of the parts of the library used. 20304046Sae * This can be in the form of a textual message at program startup or 21304046Sae * in documentation (online or textual) provided with the package. 22304046Sae * 23304046Sae * Redistribution and use in source and binary forms, with or without 24304046Sae * modification, are permitted provided that the following conditions 25304046Sae * are met: 26304046Sae * 1. Redistributions of source code must retain the copyright 27304046Sae * notice, this list of conditions and the following disclaimer. 28304046Sae * 2. Redistributions in binary form must reproduce the above copyright 29304046Sae * notice, this list of conditions and the following disclaimer in the 30304046Sae * documentation and/or other materials provided with the distribution. 31304046Sae * 3. All advertising materials mentioning features or use of this software 32304046Sae * must display the following acknowledgement: 33304046Sae * "This product includes cryptographic software written by 34304046Sae * Eric Young (eay@cryptsoft.com)" 35304046Sae * The word 'cryptographic' can be left out if the rouines from the library 36304046Sae * being used are not cryptographic related :-). 37304046Sae * 4. If you include any Windows specific code (or a derivative thereof) from 38304046Sae * the apps directory (application code) you must include an acknowledgement: 39304046Sae * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40304046Sae * 41304046Sae * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42304046Sae * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43304046Sae * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44304046Sae * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45304046Sae * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46304046Sae * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47304046Sae * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48304046Sae * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49304046Sae * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50304046Sae * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51304046Sae * SUCH DAMAGE. 52304046Sae * 53304046Sae * The licence and distribution terms for any publically available version or 54304046Sae * derivative of this code cannot be changed. i.e. this code cannot simply be 55304046Sae * copied and put under another distribution licence 56304046Sae * [including the GNU Public Licence.] 57304046Sae */ 58304046Sae 59304046Sae#include <stdio.h> 60334836Sae#include <stdlib.h> 61334836Sae#include <string.h> 62304046Sae#include "apps.h" 63304046Sae#include <openssl/bio.h> 64304046Sae#include <openssl/err.h> 65304046Sae#include <openssl/evp.h> 66304046Sae#include <openssl/objects.h> 67304046Sae#include <openssl/x509.h> 68304046Sae#include <openssl/rand.h> 69304046Sae#include <openssl/pem.h> 70304046Sae#ifndef OPENSSL_NO_COMP 71316446Sae#include <openssl/comp.h> 72304046Sae#endif 73304046Sae#include <ctype.h> 74304046Sae 75304046Saeint set_hex(char *in,unsigned char *out,int size); 76304046Sae#undef SIZE 77332765Sae#undef BSIZE 78332765Sae#undef PROG 79304046Sae 80304046Sae#define SIZE (512) 81304046Sae#define BSIZE (8*1024) 82304046Sae#define PROG enc_main 83304046Sae 84304046Saestatic void show_ciphers(const OBJ_NAME *name,void *bio_) 85304046Sae { 86304046Sae BIO *bio=bio_; 87304046Sae static int n; 88304046Sae 89304046Sae if(!islower((unsigned char)*name->name)) 90304046Sae return; 91304046Sae 92304046Sae BIO_printf(bio,"-%-25s",name->name); 93304046Sae if(++n == 3) 94304046Sae { 95334836Sae BIO_printf(bio,"\n"); 96334836Sae n=0; 97304046Sae } 98304046Sae else 99304046Sae BIO_printf(bio," "); 100304046Sae } 101304046Sae 102346210Saeint MAIN(int, char **); 103346210Sae 104346210Saeint MAIN(int argc, char **argv) 105334836Sae { 106304046Sae static const char magic[]="Salted__"; 107304046Sae char mbuf[sizeof magic-1]; 108304046Sae char *strbuf=NULL; 109304046Sae unsigned char *buff=NULL,*bufsize=NULL; 110334836Sae int bsize=BSIZE,verbose=0; 111304046Sae int ret=1,inl; 112304046Sae int nopad = 0; 113304046Sae unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH]; 114304046Sae unsigned char salt[PKCS5_SALT_LEN]; 115304046Sae char *str=NULL, *passarg = NULL, *pass = NULL; 116304046Sae char *hkey=NULL,*hiv=NULL,*hsalt = NULL; 117304046Sae char *md=NULL; 118304046Sae int enc=1,printkey=0,i,base64=0; 119304046Sae#ifdef ZLIB 120304046Sae int do_zlib=0; 121304046Sae BIO *bzl = NULL; 122304046Sae#endif 123346210Sae int debug=0,olb64=0,nosalt=0; 124346210Sae const EVP_CIPHER *cipher=NULL,*c; 125346210Sae EVP_CIPHER_CTX *ctx = NULL; 126346210Sae char *inf=NULL,*outf=NULL; 127304046Sae BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; 128304046Sae#define PROG_NAME_SIZE 39 129304046Sae char pname[PROG_NAME_SIZE+1]; 130304046Sae#ifndef OPENSSL_NO_ENGINE 131304046Sae char *engine = NULL; 132304046Sae#endif 133304046Sae const EVP_MD *dgst=NULL; 134346210Sae int non_fips_allow = 0; 135346210Sae 136304046Sae apps_startup(); 137304046Sae 138334836Sae if (bio_err == NULL) 139304046Sae if ((bio_err=BIO_new(BIO_s_file())) != NULL) 140304046Sae BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); 141304046Sae 142304046Sae if (!load_config(bio_err, NULL)) 143334836Sae goto end; 144304046Sae 145304046Sae /* first check the program name */ 146304046Sae program_name(argv[0],pname,sizeof pname); 147304046Sae if (strcmp(pname,"base64") == 0) 148304046Sae base64=1; 149304046Sae#ifdef ZLIB 150304046Sae if (strcmp(pname,"zlib") == 0) 151334836Sae do_zlib=1; 152304046Sae#endif 153304046Sae 154304046Sae cipher=EVP_get_cipherbyname(pname); 155304046Sae#ifdef ZLIB 156304046Sae if (!do_zlib && !base64 && (cipher == NULL) 157304046Sae && (strcmp(pname,"enc") != 0)) 158334836Sae#else 159304046Sae if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0)) 160304046Sae#endif 161304046Sae { 162304046Sae BIO_printf(bio_err,"%s is an unknown cipher\n",pname); 163304046Sae goto bad; 164304046Sae } 165304046Sae 166304046Sae argc--; 167304046Sae argv++; 168304046Sae while (argc >= 1) 169304046Sae { 170304046Sae if (strcmp(*argv,"-e") == 0) 171304046Sae enc=1; 172304046Sae else if (strcmp(*argv,"-in") == 0) 173304046Sae { 174304046Sae if (--argc < 1) goto bad; 175304046Sae inf= *(++argv); 176304046Sae } 177304046Sae else if (strcmp(*argv,"-out") == 0) 178304046Sae { 179304046Sae if (--argc < 1) goto bad; 180304046Sae outf= *(++argv); 181304046Sae } 182304046Sae else if (strcmp(*argv,"-pass") == 0) 183304046Sae { 184304046Sae if (--argc < 1) goto bad; 185304046Sae passarg= *(++argv); 186304046Sae } 187304046Sae#ifndef OPENSSL_NO_ENGINE 188304046Sae else if (strcmp(*argv,"-engine") == 0) 189304046Sae { 190304046Sae if (--argc < 1) goto bad; 191316446Sae engine= *(++argv); 192304046Sae } 193304046Sae#endif 194304046Sae else if (strcmp(*argv,"-d") == 0) 195304046Sae enc=0; 196334836Sae else if (strcmp(*argv,"-p") == 0) 197304046Sae printkey=1; 198304046Sae else if (strcmp(*argv,"-v") == 0) 199304046Sae verbose=1; 200304046Sae else if (strcmp(*argv,"-nopad") == 0) 201304046Sae nopad=1; 202334836Sae else if (strcmp(*argv,"-salt") == 0) 203304046Sae nosalt=0; 204304046Sae else if (strcmp(*argv,"-nosalt") == 0) 205304046Sae nosalt=1; 206304046Sae else if (strcmp(*argv,"-debug") == 0) 207304046Sae debug=1; 208304046Sae else if (strcmp(*argv,"-P") == 0) 209304046Sae printkey=2; 210304046Sae else if (strcmp(*argv,"-A") == 0) 211316446Sae olb64=1; 212304046Sae else if (strcmp(*argv,"-a") == 0) 213304046Sae base64=1; 214304046Sae else if (strcmp(*argv,"-base64") == 0) 215304046Sae base64=1; 216304046Sae#ifdef ZLIB 217304046Sae else if (strcmp(*argv,"-z") == 0) 218304046Sae do_zlib=1; 219304046Sae#endif 220304046Sae else if (strcmp(*argv,"-bufsize") == 0) 221304046Sae { 222304046Sae if (--argc < 1) goto bad; 223304046Sae bufsize=(unsigned char *)*(++argv); 224304046Sae } 225304046Sae else if (strcmp(*argv,"-k") == 0) 226304046Sae { 227316446Sae if (--argc < 1) goto bad; 228316446Sae str= *(++argv); 229316446Sae } 230304046Sae else if (strcmp(*argv,"-kfile") == 0) 231304046Sae { 232316446Sae static char buf[128]; 233304046Sae FILE *infile; 234304046Sae char *file; 235304046Sae 236304046Sae if (--argc < 1) goto bad; 237304046Sae file= *(++argv); 238304046Sae infile=fopen(file,"r"); 239304046Sae if (infile == NULL) 240304046Sae { 241304046Sae BIO_printf(bio_err,"unable to read key from '%s'\n", 242304046Sae file); 243304046Sae goto bad; 244304046Sae } 245304046Sae buf[0]='\0'; 246304046Sae if (!fgets(buf,sizeof buf,infile)) 247304046Sae { 248304046Sae BIO_printf(bio_err,"unable to read key from '%s'\n", 249304046Sae file); 250304046Sae goto bad; 251304046Sae } 252304046Sae fclose(infile); 253304046Sae i=strlen(buf); 254304046Sae if ((i > 0) && 255304046Sae ((buf[i-1] == '\n') || (buf[i-1] == '\r'))) 256304046Sae buf[--i]='\0'; 257304046Sae if ((i > 0) && 258304046Sae ((buf[i-1] == '\n') || (buf[i-1] == '\r'))) 259304046Sae buf[--i]='\0'; 260304046Sae if (i < 1) 261304046Sae { 262304046Sae BIO_printf(bio_err,"zero length password\n"); 263346210Sae goto bad; 264304046Sae } 265304046Sae str=buf; 266304046Sae } 267 else if (strcmp(*argv,"-K") == 0) 268 { 269 if (--argc < 1) goto bad; 270 hkey= *(++argv); 271 } 272 else if (strcmp(*argv,"-S") == 0) 273 { 274 if (--argc < 1) goto bad; 275 hsalt= *(++argv); 276 } 277 else if (strcmp(*argv,"-iv") == 0) 278 { 279 if (--argc < 1) goto bad; 280 hiv= *(++argv); 281 } 282 else if (strcmp(*argv,"-md") == 0) 283 { 284 if (--argc < 1) goto bad; 285 md= *(++argv); 286 } 287 else if (strcmp(*argv,"-non-fips-allow") == 0) 288 non_fips_allow = 1; 289 else if ((argv[0][0] == '-') && 290 ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) 291 { 292 cipher=c; 293 } 294 else if (strcmp(*argv,"-none") == 0) 295 cipher=NULL; 296 else 297 { 298 BIO_printf(bio_err,"unknown option '%s'\n",*argv); 299bad: 300 BIO_printf(bio_err,"options are\n"); 301 BIO_printf(bio_err,"%-14s input file\n","-in <file>"); 302 BIO_printf(bio_err,"%-14s output file\n","-out <file>"); 303 BIO_printf(bio_err,"%-14s pass phrase source\n","-pass <arg>"); 304 BIO_printf(bio_err,"%-14s encrypt\n","-e"); 305 BIO_printf(bio_err,"%-14s decrypt\n","-d"); 306 BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64"); 307 BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k"); 308 BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile"); 309 BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md"); 310 BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n",""); 311 BIO_printf(bio_err,"%-14s salt in hex is the next argument\n","-S"); 312 BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv"); 313 BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]"); 314 BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>"); 315 BIO_printf(bio_err,"%-14s disable standard block padding\n","-nopad"); 316#ifndef OPENSSL_NO_ENGINE 317 BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e"); 318#endif 319 320 BIO_printf(bio_err,"Cipher Types\n"); 321 OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, 322 show_ciphers, 323 bio_err); 324 BIO_printf(bio_err,"\n"); 325 326 goto end; 327 } 328 argc--; 329 argv++; 330 } 331 332#ifndef OPENSSL_NO_ENGINE 333 setup_engine(bio_err, engine, 0); 334#endif 335 336 if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) 337 { 338 BIO_printf(bio_err, "AEAD ciphers not supported by the enc utility\n"); 339 goto end; 340 } 341 342 if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) 343 { 344 BIO_printf(bio_err, "Ciphers in XTS mode are not supported by the enc utility\n"); 345 goto end; 346 } 347 348 if (md && (dgst=EVP_get_digestbyname(md)) == NULL) 349 { 350 BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); 351 goto end; 352 } 353 354 if (dgst == NULL) 355 { 356 dgst = EVP_md5(); 357 } 358 359 if (bufsize != NULL) 360 { 361 unsigned long n; 362 363 for (n=0; *bufsize; bufsize++) 364 { 365 i= *bufsize; 366 if ((i <= '9') && (i >= '0')) 367 n=n*10+i-'0'; 368 else if (i == 'k') 369 { 370 n*=1024; 371 bufsize++; 372 break; 373 } 374 } 375 if (*bufsize != '\0') 376 { 377 BIO_printf(bio_err,"invalid 'bufsize' specified.\n"); 378 goto end; 379 } 380 381 /* It must be large enough for a base64 encoded line */ 382 if (base64 && n < 80) n=80; 383 384 bsize=(int)n; 385 if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize); 386 } 387 388 strbuf=OPENSSL_malloc(SIZE); 389 buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize)); 390 if ((buff == NULL) || (strbuf == NULL)) 391 { 392 BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize)); 393 goto end; 394 } 395 396 in=BIO_new(BIO_s_file()); 397 out=BIO_new(BIO_s_file()); 398 if ((in == NULL) || (out == NULL)) 399 { 400 ERR_print_errors(bio_err); 401 goto end; 402 } 403 if (debug) 404 { 405 BIO_set_callback(in,BIO_debug_callback); 406 BIO_set_callback(out,BIO_debug_callback); 407 BIO_set_callback_arg(in,(char *)bio_err); 408 BIO_set_callback_arg(out,(char *)bio_err); 409 } 410 411 if (inf == NULL) 412 { 413#ifndef OPENSSL_NO_SETVBUF_IONBF 414 if (bufsize != NULL) 415 setvbuf(stdin, (char *)NULL, _IONBF, 0); 416#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ 417 BIO_set_fp(in,stdin,BIO_NOCLOSE); 418 } 419 else 420 { 421 if (BIO_read_filename(in,inf) <= 0) 422 { 423 perror(inf); 424 goto end; 425 } 426 } 427 428 if(!str && passarg) { 429 if(!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { 430 BIO_printf(bio_err, "Error getting password\n"); 431 goto end; 432 } 433 str = pass; 434 } 435 436 if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) 437 { 438 for (;;) 439 { 440 char buf[200]; 441 442 BIO_snprintf(buf,sizeof buf,"enter %s %s password:", 443 OBJ_nid2ln(EVP_CIPHER_nid(cipher)), 444 (enc)?"encryption":"decryption"); 445 strbuf[0]='\0'; 446 i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc); 447 if (i == 0) 448 { 449 if (strbuf[0] == '\0') 450 { 451 ret=1; 452 goto end; 453 } 454 str=strbuf; 455 break; 456 } 457 if (i < 0) 458 { 459 BIO_printf(bio_err,"bad password read\n"); 460 goto end; 461 } 462 } 463 } 464 465 466 if (outf == NULL) 467 { 468 BIO_set_fp(out,stdout,BIO_NOCLOSE); 469#ifndef OPENSSL_NO_SETVBUF_IONBF 470 if (bufsize != NULL) 471 setvbuf(stdout, (char *)NULL, _IONBF, 0); 472#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ 473#ifdef OPENSSL_SYS_VMS 474 { 475 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 476 out = BIO_push(tmpbio, out); 477 } 478#endif 479 } 480 else 481 { 482 if (BIO_write_filename(out,outf) <= 0) 483 { 484 perror(outf); 485 goto end; 486 } 487 } 488 489 rbio=in; 490 wbio=out; 491 492#ifdef ZLIB 493 494 if (do_zlib) 495 { 496 if ((bzl=BIO_new(BIO_f_zlib())) == NULL) 497 goto end; 498 if (enc) 499 wbio=BIO_push(bzl,wbio); 500 else 501 rbio=BIO_push(bzl,rbio); 502 } 503#endif 504 505 if (base64) 506 { 507 if ((b64=BIO_new(BIO_f_base64())) == NULL) 508 goto end; 509 if (debug) 510 { 511 BIO_set_callback(b64,BIO_debug_callback); 512 BIO_set_callback_arg(b64,(char *)bio_err); 513 } 514 if (olb64) 515 BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); 516 if (enc) 517 wbio=BIO_push(b64,wbio); 518 else 519 rbio=BIO_push(b64,rbio); 520 } 521 522 if (cipher != NULL) 523 { 524 /* Note that str is NULL if a key was passed on the command 525 * line, so we get no salt in that case. Is this a bug? 526 */ 527 if (str != NULL) 528 { 529 /* Salt handling: if encrypting generate a salt and 530 * write to output BIO. If decrypting read salt from 531 * input BIO. 532 */ 533 unsigned char *sptr; 534 if(nosalt) sptr = NULL; 535 else { 536 if(enc) { 537 if(hsalt) { 538 if(!set_hex(hsalt,salt,sizeof salt)) { 539 BIO_printf(bio_err, 540 "invalid hex salt value\n"); 541 goto end; 542 } 543 } else if (RAND_pseudo_bytes(salt, sizeof salt) < 0) 544 goto end; 545 /* If -P option then don't bother writing */ 546 if((printkey != 2) 547 && (BIO_write(wbio,magic, 548 sizeof magic-1) != sizeof magic-1 549 || BIO_write(wbio, 550 (char *)salt, 551 sizeof salt) != sizeof salt)) { 552 BIO_printf(bio_err,"error writing output file\n"); 553 goto end; 554 } 555 } else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf 556 || BIO_read(rbio, 557 (unsigned char *)salt, 558 sizeof salt) != sizeof salt) { 559 BIO_printf(bio_err,"error reading input file\n"); 560 goto end; 561 } else if(memcmp(mbuf,magic,sizeof magic-1)) { 562 BIO_printf(bio_err,"bad magic number\n"); 563 goto end; 564 } 565 566 sptr = salt; 567 } 568 569 EVP_BytesToKey(cipher,dgst,sptr, 570 (unsigned char *)str, 571 strlen(str),1,key,iv); 572 /* zero the complete buffer or the string 573 * passed from the command line 574 * bug picked up by 575 * Larry J. Hughes Jr. <hughes@indiana.edu> */ 576 if (str == strbuf) 577 OPENSSL_cleanse(str,SIZE); 578 else 579 OPENSSL_cleanse(str,strlen(str)); 580 } 581 if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv)) 582 { 583 BIO_printf(bio_err,"invalid hex iv value\n"); 584 goto end; 585 } 586 if ((hiv == NULL) && (str == NULL) 587 && EVP_CIPHER_iv_length(cipher) != 0) 588 { 589 /* No IV was explicitly set and no IV was generated 590 * during EVP_BytesToKey. Hence the IV is undefined, 591 * making correct decryption impossible. */ 592 BIO_printf(bio_err, "iv undefined\n"); 593 goto end; 594 } 595 if ((hkey != NULL) && !set_hex(hkey,key,sizeof key)) 596 { 597 BIO_printf(bio_err,"invalid hex key value\n"); 598 goto end; 599 } 600 601 if ((benc=BIO_new(BIO_f_cipher())) == NULL) 602 goto end; 603 604 /* Since we may be changing parameters work on the encryption 605 * context rather than calling BIO_set_cipher(). 606 */ 607 608 BIO_get_cipher_ctx(benc, &ctx); 609 610 if (non_fips_allow) 611 EVP_CIPHER_CTX_set_flags(ctx, 612 EVP_CIPH_FLAG_NON_FIPS_ALLOW); 613 614 if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) 615 { 616 BIO_printf(bio_err, "Error setting cipher %s\n", 617 EVP_CIPHER_name(cipher)); 618 ERR_print_errors(bio_err); 619 goto end; 620 } 621 622 if (nopad) 623 EVP_CIPHER_CTX_set_padding(ctx, 0); 624 625 if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) 626 { 627 BIO_printf(bio_err, "Error setting cipher %s\n", 628 EVP_CIPHER_name(cipher)); 629 ERR_print_errors(bio_err); 630 goto end; 631 } 632 633 if (debug) 634 { 635 BIO_set_callback(benc,BIO_debug_callback); 636 BIO_set_callback_arg(benc,(char *)bio_err); 637 } 638 639 if (printkey) 640 { 641 if (!nosalt) 642 { 643 printf("salt="); 644 for (i=0; i<(int)sizeof(salt); i++) 645 printf("%02X",salt[i]); 646 printf("\n"); 647 } 648 if (cipher->key_len > 0) 649 { 650 printf("key="); 651 for (i=0; i<cipher->key_len; i++) 652 printf("%02X",key[i]); 653 printf("\n"); 654 } 655 if (cipher->iv_len > 0) 656 { 657 printf("iv ="); 658 for (i=0; i<cipher->iv_len; i++) 659 printf("%02X",iv[i]); 660 printf("\n"); 661 } 662 if (printkey == 2) 663 { 664 ret=0; 665 goto end; 666 } 667 } 668 } 669 670 /* Only encrypt/decrypt as we write the file */ 671 if (benc != NULL) 672 wbio=BIO_push(benc,wbio); 673 674 for (;;) 675 { 676 inl=BIO_read(rbio,(char *)buff,bsize); 677 if (inl <= 0) break; 678 if (BIO_write(wbio,(char *)buff,inl) != inl) 679 { 680 BIO_printf(bio_err,"error writing output file\n"); 681 goto end; 682 } 683 } 684 if (!BIO_flush(wbio)) 685 { 686 BIO_printf(bio_err,"bad decrypt\n"); 687 goto end; 688 } 689 690 ret=0; 691 if (verbose) 692 { 693 BIO_printf(bio_err,"bytes read :%8ld\n",BIO_number_read(in)); 694 BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out)); 695 } 696end: 697 ERR_print_errors(bio_err); 698 if (strbuf != NULL) OPENSSL_free(strbuf); 699 if (buff != NULL) OPENSSL_free(buff); 700 if (in != NULL) BIO_free(in); 701 if (out != NULL) BIO_free_all(out); 702 if (benc != NULL) BIO_free(benc); 703 if (b64 != NULL) BIO_free(b64); 704#ifdef ZLIB 705 if (bzl != NULL) BIO_free(bzl); 706#endif 707 if(pass) OPENSSL_free(pass); 708 apps_shutdown(); 709 OPENSSL_EXIT(ret); 710 } 711 712int set_hex(char *in, unsigned char *out, int size) 713 { 714 int i,n; 715 unsigned char j; 716 717 n=strlen(in); 718 if (n > (size*2)) 719 { 720 BIO_printf(bio_err,"hex string is too long\n"); 721 return(0); 722 } 723 memset(out,0,size); 724 for (i=0; i<n; i++) 725 { 726 j=(unsigned char)*in; 727 *(in++)='\0'; 728 if (j == 0) break; 729 if ((j >= '0') && (j <= '9')) 730 j-='0'; 731 else if ((j >= 'A') && (j <= 'F')) 732 j=j-'A'+10; 733 else if ((j >= 'a') && (j <= 'f')) 734 j=j-'a'+10; 735 else 736 { 737 BIO_printf(bio_err,"non-hex digit\n"); 738 return(0); 739 } 740 if (i&1) 741 out[i/2]|=j; 742 else 743 out[i/2]=(j<<4); 744 } 745 return(1); 746 } 747