enc.c 23 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728
  1. /* apps/enc.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. #include <stdio.h>
  59. #include <stdlib.h>
  60. #include <string.h>
  61. #include "apps.h"
  62. #include <openssl/bio.h>
  63. #include <openssl/err.h>
  64. #include <openssl/evp.h>
  65. #include <openssl/objects.h>
  66. #include <openssl/x509.h>
  67. #include <openssl/rand.h>
  68. #include <openssl/pem.h>
  69. #ifndef OPENSSL_NO_COMP
  70. # include <openssl/comp.h>
  71. #endif
  72. #include <ctype.h>
  73. int set_hex(char *in, unsigned char *out, int size);
  74. #undef SIZE
  75. #undef BSIZE
  76. #undef PROG
  77. #define SIZE (512)
  78. #define BSIZE (8*1024)
  79. #define PROG enc_main
  80. struct doall_enc_ciphers {
  81. BIO *bio;
  82. int n;
  83. };
  84. static void show_ciphers(const OBJ_NAME *name, void *arg)
  85. {
  86. struct doall_enc_ciphers *dec = (struct doall_enc_ciphers *)arg;
  87. const EVP_CIPHER *cipher;
  88. if (!islower((unsigned char)*name->name))
  89. return;
  90. /* Filter out ciphers that we cannot use */
  91. cipher = EVP_get_cipherbyname(name->name);
  92. if (cipher == NULL ||
  93. (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||
  94. EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)
  95. return;
  96. BIO_printf(dec->bio, "-%-25s", name->name);
  97. if (++dec->n == 3) {
  98. BIO_printf(dec->bio, "\n");
  99. dec->n = 0;
  100. } else
  101. BIO_printf(dec->bio, " ");
  102. }
  103. int MAIN(int, char **);
  104. int MAIN(int argc, char **argv)
  105. {
  106. static const char magic[] = "Salted__";
  107. char mbuf[sizeof(magic) - 1];
  108. char *strbuf = NULL;
  109. unsigned char *buff = NULL, *bufsize = NULL;
  110. int bsize = BSIZE, verbose = 0;
  111. int ret = 1, inl;
  112. int nopad = 0;
  113. unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
  114. unsigned char salt[PKCS5_SALT_LEN];
  115. char *str = NULL, *passarg = NULL, *pass = NULL;
  116. char *hkey = NULL, *hiv = NULL, *hsalt = NULL;
  117. char *md = NULL;
  118. int enc = 1, printkey = 0, i, base64 = 0;
  119. #ifdef ZLIB
  120. int do_zlib = 0;
  121. BIO *bzl = NULL;
  122. #endif
  123. int debug = 0, olb64 = 0, nosalt = 0;
  124. const EVP_CIPHER *cipher = NULL, *c;
  125. EVP_CIPHER_CTX *ctx = NULL;
  126. char *inf = NULL, *outf = NULL;
  127. BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
  128. NULL, *wbio = NULL;
  129. #define PROG_NAME_SIZE 39
  130. char pname[PROG_NAME_SIZE + 1];
  131. char *engine = NULL;
  132. ENGINE *e = NULL;
  133. const EVP_MD *dgst = NULL;
  134. int non_fips_allow = 0;
  135. struct doall_enc_ciphers dec;
  136. apps_startup();
  137. if (bio_err == NULL)
  138. if ((bio_err = BIO_new(BIO_s_file())) != NULL)
  139. BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
  140. if (!load_config(bio_err, NULL))
  141. goto end;
  142. /* first check the program name */
  143. program_name(argv[0], pname, sizeof(pname));
  144. if (strcmp(pname, "base64") == 0)
  145. base64 = 1;
  146. #ifdef ZLIB
  147. if (strcmp(pname, "zlib") == 0)
  148. do_zlib = 1;
  149. #endif
  150. cipher = EVP_get_cipherbyname(pname);
  151. #ifdef ZLIB
  152. if (!do_zlib && !base64 && (cipher == NULL)
  153. && (strcmp(pname, "enc") != 0))
  154. #else
  155. if (!base64 && (cipher == NULL) && (strcmp(pname, "enc") != 0))
  156. #endif
  157. {
  158. BIO_printf(bio_err, "%s is an unknown cipher\n", pname);
  159. goto bad;
  160. }
  161. argc--;
  162. argv++;
  163. while (argc >= 1) {
  164. if (strcmp(*argv, "-e") == 0)
  165. enc = 1;
  166. else if (strcmp(*argv, "-in") == 0) {
  167. if (--argc < 1)
  168. goto bad;
  169. inf = *(++argv);
  170. } else if (strcmp(*argv, "-out") == 0) {
  171. if (--argc < 1)
  172. goto bad;
  173. outf = *(++argv);
  174. } else if (strcmp(*argv, "-pass") == 0) {
  175. if (--argc < 1)
  176. goto bad;
  177. passarg = *(++argv);
  178. }
  179. #ifndef OPENSSL_NO_ENGINE
  180. else if (strcmp(*argv, "-engine") == 0) {
  181. if (--argc < 1)
  182. goto bad;
  183. engine = *(++argv);
  184. }
  185. #endif
  186. else if (strcmp(*argv, "-d") == 0)
  187. enc = 0;
  188. else if (strcmp(*argv, "-p") == 0)
  189. printkey = 1;
  190. else if (strcmp(*argv, "-v") == 0)
  191. verbose = 1;
  192. else if (strcmp(*argv, "-nopad") == 0)
  193. nopad = 1;
  194. else if (strcmp(*argv, "-salt") == 0)
  195. nosalt = 0;
  196. else if (strcmp(*argv, "-nosalt") == 0)
  197. nosalt = 1;
  198. else if (strcmp(*argv, "-debug") == 0)
  199. debug = 1;
  200. else if (strcmp(*argv, "-P") == 0)
  201. printkey = 2;
  202. else if (strcmp(*argv, "-A") == 0)
  203. olb64 = 1;
  204. else if (strcmp(*argv, "-a") == 0)
  205. base64 = 1;
  206. else if (strcmp(*argv, "-base64") == 0)
  207. base64 = 1;
  208. #ifdef ZLIB
  209. else if (strcmp(*argv, "-z") == 0)
  210. do_zlib = 1;
  211. #endif
  212. else if (strcmp(*argv, "-bufsize") == 0) {
  213. if (--argc < 1)
  214. goto bad;
  215. bufsize = (unsigned char *)*(++argv);
  216. } else if (strcmp(*argv, "-k") == 0) {
  217. if (--argc < 1)
  218. goto bad;
  219. str = *(++argv);
  220. } else if (strcmp(*argv, "-kfile") == 0) {
  221. static char buf[128];
  222. FILE *infile;
  223. char *file;
  224. if (--argc < 1)
  225. goto bad;
  226. file = *(++argv);
  227. infile = fopen(file, "r");
  228. if (infile == NULL) {
  229. BIO_printf(bio_err, "unable to read key from '%s'\n", file);
  230. goto bad;
  231. }
  232. buf[0] = '\0';
  233. if (!fgets(buf, sizeof(buf), infile)) {
  234. BIO_printf(bio_err, "unable to read key from '%s'\n", file);
  235. goto bad;
  236. }
  237. fclose(infile);
  238. i = strlen(buf);
  239. if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
  240. buf[--i] = '\0';
  241. if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
  242. buf[--i] = '\0';
  243. if (i < 1) {
  244. BIO_printf(bio_err, "zero length password\n");
  245. goto bad;
  246. }
  247. str = buf;
  248. } else if (strcmp(*argv, "-K") == 0) {
  249. if (--argc < 1)
  250. goto bad;
  251. hkey = *(++argv);
  252. } else if (strcmp(*argv, "-S") == 0) {
  253. if (--argc < 1)
  254. goto bad;
  255. hsalt = *(++argv);
  256. } else if (strcmp(*argv, "-iv") == 0) {
  257. if (--argc < 1)
  258. goto bad;
  259. hiv = *(++argv);
  260. } else if (strcmp(*argv, "-md") == 0) {
  261. if (--argc < 1)
  262. goto bad;
  263. md = *(++argv);
  264. } else if (strcmp(*argv, "-non-fips-allow") == 0)
  265. non_fips_allow = 1;
  266. else if ((argv[0][0] == '-') &&
  267. ((c = EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) {
  268. cipher = c;
  269. } else if (strcmp(*argv, "-none") == 0)
  270. cipher = NULL;
  271. else {
  272. BIO_printf(bio_err, "unknown option '%s'\n", *argv);
  273. bad:
  274. BIO_printf(bio_err, "options are\n");
  275. BIO_printf(bio_err, "%-14s input file\n", "-in <file>");
  276. BIO_printf(bio_err, "%-14s output file\n", "-out <file>");
  277. BIO_printf(bio_err, "%-14s pass phrase source\n", "-pass <arg>");
  278. BIO_printf(bio_err, "%-14s encrypt\n", "-e");
  279. BIO_printf(bio_err, "%-14s decrypt\n", "-d");
  280. BIO_printf(bio_err,
  281. "%-14s base64 encode/decode, depending on encryption flag\n",
  282. "-a/-base64");
  283. BIO_printf(bio_err, "%-14s passphrase is the next argument\n",
  284. "-k");
  285. BIO_printf(bio_err,
  286. "%-14s passphrase is the first line of the file argument\n",
  287. "-kfile");
  288. BIO_printf(bio_err,
  289. "%-14s the next argument is the md to use to create a key\n",
  290. "-md");
  291. BIO_printf(bio_err,
  292. "%-14s from a passphrase. One of md2, md5, sha or sha1\n",
  293. "");
  294. BIO_printf(bio_err, "%-14s salt in hex is the next argument\n",
  295. "-S");
  296. BIO_printf(bio_err, "%-14s key/iv in hex is the next argument\n",
  297. "-K/-iv");
  298. BIO_printf(bio_err, "%-14s print the iv/key (then exit if -P)\n",
  299. "-[pP]");
  300. BIO_printf(bio_err, "%-14s buffer size\n", "-bufsize <n>");
  301. BIO_printf(bio_err, "%-14s disable standard block padding\n",
  302. "-nopad");
  303. #ifndef OPENSSL_NO_ENGINE
  304. BIO_printf(bio_err,
  305. "%-14s use engine e, possibly a hardware device.\n",
  306. "-engine e");
  307. #endif
  308. BIO_printf(bio_err, "Cipher Types\n");
  309. dec.n = 0;
  310. dec.bio = bio_err;
  311. OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
  312. show_ciphers, &dec);
  313. BIO_printf(bio_err, "\n");
  314. goto end;
  315. }
  316. argc--;
  317. argv++;
  318. }
  319. e = setup_engine(bio_err, engine, 0);
  320. if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
  321. BIO_printf(bio_err,
  322. "AEAD ciphers not supported by the enc utility\n");
  323. goto end;
  324. }
  325. if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) {
  326. BIO_printf(bio_err,
  327. "Ciphers in XTS mode are not supported by the enc utility\n");
  328. goto end;
  329. }
  330. if (md && (dgst = EVP_get_digestbyname(md)) == NULL) {
  331. BIO_printf(bio_err, "%s is an unsupported message digest type\n", md);
  332. goto end;
  333. }
  334. if (dgst == NULL) {
  335. dgst = EVP_md5();
  336. }
  337. if (bufsize != NULL) {
  338. unsigned long n;
  339. for (n = 0; *bufsize; bufsize++) {
  340. i = *bufsize;
  341. if ((i <= '9') && (i >= '0'))
  342. n = n * 10 + i - '0';
  343. else if (i == 'k') {
  344. n *= 1024;
  345. bufsize++;
  346. break;
  347. }
  348. }
  349. if (*bufsize != '\0') {
  350. BIO_printf(bio_err, "invalid 'bufsize' specified.\n");
  351. goto end;
  352. }
  353. /* It must be large enough for a base64 encoded line */
  354. if (base64 && n < 80)
  355. n = 80;
  356. bsize = (int)n;
  357. if (verbose)
  358. BIO_printf(bio_err, "bufsize=%d\n", bsize);
  359. }
  360. strbuf = OPENSSL_malloc(SIZE);
  361. buff = (unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
  362. if ((buff == NULL) || (strbuf == NULL)) {
  363. BIO_printf(bio_err, "OPENSSL_malloc failure %ld\n",
  364. (long)EVP_ENCODE_LENGTH(bsize));
  365. goto end;
  366. }
  367. in = BIO_new(BIO_s_file());
  368. out = BIO_new(BIO_s_file());
  369. if ((in == NULL) || (out == NULL)) {
  370. ERR_print_errors(bio_err);
  371. goto end;
  372. }
  373. if (debug) {
  374. BIO_set_callback(in, BIO_debug_callback);
  375. BIO_set_callback(out, BIO_debug_callback);
  376. BIO_set_callback_arg(in, (char *)bio_err);
  377. BIO_set_callback_arg(out, (char *)bio_err);
  378. }
  379. if (inf == NULL) {
  380. #ifndef OPENSSL_NO_SETVBUF_IONBF
  381. if (bufsize != NULL)
  382. setvbuf(stdin, (char *)NULL, _IONBF, 0);
  383. #endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
  384. BIO_set_fp(in, stdin, BIO_NOCLOSE);
  385. } else {
  386. if (BIO_read_filename(in, inf) <= 0) {
  387. perror(inf);
  388. goto end;
  389. }
  390. }
  391. if (!str && passarg) {
  392. if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
  393. BIO_printf(bio_err, "Error getting password\n");
  394. goto end;
  395. }
  396. str = pass;
  397. }
  398. if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) {
  399. for (;;) {
  400. char buf[200];
  401. BIO_snprintf(buf, sizeof(buf), "enter %s %s password:",
  402. OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
  403. (enc) ? "encryption" : "decryption");
  404. strbuf[0] = '\0';
  405. i = EVP_read_pw_string((char *)strbuf, SIZE, buf, enc);
  406. if (i == 0) {
  407. if (strbuf[0] == '\0') {
  408. ret = 1;
  409. goto end;
  410. }
  411. str = strbuf;
  412. break;
  413. }
  414. if (i < 0) {
  415. BIO_printf(bio_err, "bad password read\n");
  416. goto end;
  417. }
  418. }
  419. }
  420. if (outf == NULL) {
  421. BIO_set_fp(out, stdout, BIO_NOCLOSE);
  422. #ifndef OPENSSL_NO_SETVBUF_IONBF
  423. if (bufsize != NULL)
  424. setvbuf(stdout, (char *)NULL, _IONBF, 0);
  425. #endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
  426. #ifdef OPENSSL_SYS_VMS
  427. {
  428. BIO *tmpbio = BIO_new(BIO_f_linebuffer());
  429. out = BIO_push(tmpbio, out);
  430. }
  431. #endif
  432. } else {
  433. if (BIO_write_filename(out, outf) <= 0) {
  434. perror(outf);
  435. goto end;
  436. }
  437. }
  438. rbio = in;
  439. wbio = out;
  440. #ifdef ZLIB
  441. if (do_zlib) {
  442. if ((bzl = BIO_new(BIO_f_zlib())) == NULL)
  443. goto end;
  444. if (enc)
  445. wbio = BIO_push(bzl, wbio);
  446. else
  447. rbio = BIO_push(bzl, rbio);
  448. }
  449. #endif
  450. if (base64) {
  451. if ((b64 = BIO_new(BIO_f_base64())) == NULL)
  452. goto end;
  453. if (debug) {
  454. BIO_set_callback(b64, BIO_debug_callback);
  455. BIO_set_callback_arg(b64, (char *)bio_err);
  456. }
  457. if (olb64)
  458. BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
  459. if (enc)
  460. wbio = BIO_push(b64, wbio);
  461. else
  462. rbio = BIO_push(b64, rbio);
  463. }
  464. if (cipher != NULL) {
  465. /*
  466. * Note that str is NULL if a key was passed on the command line, so
  467. * we get no salt in that case. Is this a bug?
  468. */
  469. if (str != NULL) {
  470. /*
  471. * Salt handling: if encrypting generate a salt and write to
  472. * output BIO. If decrypting read salt from input BIO.
  473. */
  474. unsigned char *sptr;
  475. if (nosalt)
  476. sptr = NULL;
  477. else {
  478. if (enc) {
  479. if (hsalt) {
  480. if (!set_hex(hsalt, salt, sizeof(salt))) {
  481. BIO_printf(bio_err, "invalid hex salt value\n");
  482. goto end;
  483. }
  484. } else if (RAND_bytes(salt, sizeof(salt)) <= 0)
  485. goto end;
  486. /*
  487. * If -P option then don't bother writing
  488. */
  489. if ((printkey != 2)
  490. && (BIO_write(wbio, magic,
  491. sizeof(magic) - 1) != sizeof(magic) - 1
  492. || BIO_write(wbio,
  493. (char *)salt,
  494. sizeof(salt)) != sizeof(salt))) {
  495. BIO_printf(bio_err, "error writing output file\n");
  496. goto end;
  497. }
  498. } else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)
  499. || BIO_read(rbio,
  500. (unsigned char *)salt,
  501. sizeof(salt)) != sizeof(salt)) {
  502. BIO_printf(bio_err, "error reading input file\n");
  503. goto end;
  504. } else if (memcmp(mbuf, magic, sizeof(magic) - 1)) {
  505. BIO_printf(bio_err, "bad magic number\n");
  506. goto end;
  507. }
  508. sptr = salt;
  509. }
  510. EVP_BytesToKey(cipher, dgst, sptr,
  511. (unsigned char *)str, strlen(str), 1, key, iv);
  512. /*
  513. * zero the complete buffer or the string passed from the command
  514. * line bug picked up by Larry J. Hughes Jr. <hughes@indiana.edu>
  515. */
  516. if (str == strbuf)
  517. OPENSSL_cleanse(str, SIZE);
  518. else
  519. OPENSSL_cleanse(str, strlen(str));
  520. }
  521. if (hiv != NULL) {
  522. int siz = EVP_CIPHER_iv_length(cipher);
  523. if (siz == 0) {
  524. BIO_printf(bio_err, "warning: iv not use by this cipher\n");
  525. } else if (!set_hex(hiv, iv, sizeof(iv))) {
  526. BIO_printf(bio_err, "invalid hex iv value\n");
  527. goto end;
  528. }
  529. }
  530. if ((hiv == NULL) && (str == NULL)
  531. && EVP_CIPHER_iv_length(cipher) != 0) {
  532. /*
  533. * No IV was explicitly set and no IV was generated during
  534. * EVP_BytesToKey. Hence the IV is undefined, making correct
  535. * decryption impossible.
  536. */
  537. BIO_printf(bio_err, "iv undefined\n");
  538. goto end;
  539. }
  540. if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
  541. BIO_printf(bio_err, "invalid hex key value\n");
  542. goto end;
  543. }
  544. if ((benc = BIO_new(BIO_f_cipher())) == NULL)
  545. goto end;
  546. /*
  547. * Since we may be changing parameters work on the encryption context
  548. * rather than calling BIO_set_cipher().
  549. */
  550. BIO_get_cipher_ctx(benc, &ctx);
  551. if (non_fips_allow)
  552. EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
  553. if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {
  554. BIO_printf(bio_err, "Error setting cipher %s\n",
  555. EVP_CIPHER_name(cipher));
  556. ERR_print_errors(bio_err);
  557. goto end;
  558. }
  559. if (nopad)
  560. EVP_CIPHER_CTX_set_padding(ctx, 0);
  561. if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) {
  562. BIO_printf(bio_err, "Error setting cipher %s\n",
  563. EVP_CIPHER_name(cipher));
  564. ERR_print_errors(bio_err);
  565. goto end;
  566. }
  567. if (debug) {
  568. BIO_set_callback(benc, BIO_debug_callback);
  569. BIO_set_callback_arg(benc, (char *)bio_err);
  570. }
  571. if (printkey) {
  572. if (!nosalt) {
  573. printf("salt=");
  574. for (i = 0; i < (int)sizeof(salt); i++)
  575. printf("%02X", salt[i]);
  576. printf("\n");
  577. }
  578. if (cipher->key_len > 0) {
  579. printf("key=");
  580. for (i = 0; i < cipher->key_len; i++)
  581. printf("%02X", key[i]);
  582. printf("\n");
  583. }
  584. if (cipher->iv_len > 0) {
  585. printf("iv =");
  586. for (i = 0; i < cipher->iv_len; i++)
  587. printf("%02X", iv[i]);
  588. printf("\n");
  589. }
  590. if (printkey == 2) {
  591. ret = 0;
  592. goto end;
  593. }
  594. }
  595. }
  596. /* Only encrypt/decrypt as we write the file */
  597. if (benc != NULL)
  598. wbio = BIO_push(benc, wbio);
  599. for (;;) {
  600. inl = BIO_read(rbio, (char *)buff, bsize);
  601. if (inl <= 0)
  602. break;
  603. if (BIO_write(wbio, (char *)buff, inl) != inl) {
  604. BIO_printf(bio_err, "error writing output file\n");
  605. goto end;
  606. }
  607. }
  608. if (!BIO_flush(wbio)) {
  609. BIO_printf(bio_err, "bad decrypt\n");
  610. goto end;
  611. }
  612. ret = 0;
  613. if (verbose) {
  614. BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in));
  615. BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out));
  616. }
  617. end:
  618. ERR_print_errors(bio_err);
  619. if (strbuf != NULL)
  620. OPENSSL_free(strbuf);
  621. if (buff != NULL)
  622. OPENSSL_free(buff);
  623. if (in != NULL)
  624. BIO_free(in);
  625. if (out != NULL)
  626. BIO_free_all(out);
  627. if (benc != NULL)
  628. BIO_free(benc);
  629. if (b64 != NULL)
  630. BIO_free(b64);
  631. #ifdef ZLIB
  632. if (bzl != NULL)
  633. BIO_free(bzl);
  634. #endif
  635. release_engine(e);
  636. if (pass)
  637. OPENSSL_free(pass);
  638. apps_shutdown();
  639. OPENSSL_EXIT(ret);
  640. }
  641. int set_hex(char *in, unsigned char *out, int size)
  642. {
  643. int i, n;
  644. unsigned char j;
  645. n = strlen(in);
  646. if (n > (size * 2)) {
  647. BIO_printf(bio_err, "hex string is too long\n");
  648. return (0);
  649. }
  650. memset(out, 0, size);
  651. for (i = 0; i < n; i++) {
  652. j = (unsigned char)*in;
  653. *(in++) = '\0';
  654. if (j == 0)
  655. break;
  656. if ((j >= '0') && (j <= '9'))
  657. j -= '0';
  658. else if ((j >= 'A') && (j <= 'F'))
  659. j = j - 'A' + 10;
  660. else if ((j >= 'a') && (j <= 'f'))
  661. j = j - 'a' + 10;
  662. else {
  663. BIO_printf(bio_err, "non-hex digit\n");
  664. return (0);
  665. }
  666. if (i & 1)
  667. out[i / 2] |= j;
  668. else
  669. out[i / 2] = (j << 4);
  670. }
  671. return (1);
  672. }