summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/enc.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/usr.bin/openssl/enc.c232
1 files changed, 116 insertions, 116 deletions
diff --git a/src/usr.bin/openssl/enc.c b/src/usr.bin/openssl/enc.c
index 6be0a30dec..b80a177cd8 100644
--- a/src/usr.bin/openssl/enc.c
+++ b/src/usr.bin/openssl/enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: enc.c,v 1.26 2023/03/04 21:58:54 tb Exp $ */ 1/* $OpenBSD: enc.c,v 1.27 2023/03/06 14:32:06 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -100,7 +100,7 @@ static struct {
100 int pbkdf2; 100 int pbkdf2;
101 int printkey; 101 int printkey;
102 int verbose; 102 int verbose;
103} enc_config; 103} cfg;
104 104
105static int 105static int
106enc_opt_cipher(int argc, char **argv, int *argsused) 106enc_opt_cipher(int argc, char **argv, int *argsused)
@@ -111,12 +111,12 @@ enc_opt_cipher(int argc, char **argv, int *argsused)
111 return (1); 111 return (1);
112 112
113 if (strcmp(name, "none") == 0) { 113 if (strcmp(name, "none") == 0) {
114 enc_config.cipher = NULL; 114 cfg.cipher = NULL;
115 *argsused = 1; 115 *argsused = 1;
116 return (0); 116 return (0);
117 } 117 }
118 118
119 if ((enc_config.cipher = EVP_get_cipherbyname(name)) != NULL) { 119 if ((cfg.cipher = EVP_get_cipherbyname(name)) != NULL) {
120 *argsused = 1; 120 *argsused = 1;
121 return (0); 121 return (0);
122 } 122 }
@@ -129,44 +129,44 @@ static const struct option enc_options[] = {
129 .name = "A", 129 .name = "A",
130 .desc = "Process base64 data on one line (requires -a)", 130 .desc = "Process base64 data on one line (requires -a)",
131 .type = OPTION_FLAG, 131 .type = OPTION_FLAG,
132 .opt.flag = &enc_config.olb64, 132 .opt.flag = &cfg.olb64,
133 }, 133 },
134 { 134 {
135 .name = "a", 135 .name = "a",
136 .desc = "Perform base64 encoding/decoding (alias -base64)", 136 .desc = "Perform base64 encoding/decoding (alias -base64)",
137 .type = OPTION_FLAG, 137 .type = OPTION_FLAG,
138 .opt.flag = &enc_config.base64, 138 .opt.flag = &cfg.base64,
139 }, 139 },
140 { 140 {
141 .name = "base64", 141 .name = "base64",
142 .type = OPTION_FLAG, 142 .type = OPTION_FLAG,
143 .opt.flag = &enc_config.base64, 143 .opt.flag = &cfg.base64,
144 }, 144 },
145 { 145 {
146 .name = "bufsize", 146 .name = "bufsize",
147 .argname = "size", 147 .argname = "size",
148 .desc = "Specify the buffer size to use for I/O", 148 .desc = "Specify the buffer size to use for I/O",
149 .type = OPTION_ARG, 149 .type = OPTION_ARG,
150 .opt.arg = &enc_config.bufsize, 150 .opt.arg = &cfg.bufsize,
151 }, 151 },
152 { 152 {
153 .name = "d", 153 .name = "d",
154 .desc = "Decrypt the input data", 154 .desc = "Decrypt the input data",
155 .type = OPTION_VALUE, 155 .type = OPTION_VALUE,
156 .opt.value = &enc_config.enc, 156 .opt.value = &cfg.enc,
157 .value = 0, 157 .value = 0,
158 }, 158 },
159 { 159 {
160 .name = "debug", 160 .name = "debug",
161 .desc = "Print debugging information", 161 .desc = "Print debugging information",
162 .type = OPTION_FLAG, 162 .type = OPTION_FLAG,
163 .opt.flag = &enc_config.debug, 163 .opt.flag = &cfg.debug,
164 }, 164 },
165 { 165 {
166 .name = "e", 166 .name = "e",
167 .desc = "Encrypt the input data (default)", 167 .desc = "Encrypt the input data (default)",
168 .type = OPTION_VALUE, 168 .type = OPTION_VALUE,
169 .opt.value = &enc_config.enc, 169 .opt.value = &cfg.enc,
170 .value = 1, 170 .value = 1,
171 }, 171 },
172 { 172 {
@@ -174,45 +174,45 @@ static const struct option enc_options[] = {
174 .argname = "file", 174 .argname = "file",
175 .desc = "Input file to read from (default stdin)", 175 .desc = "Input file to read from (default stdin)",
176 .type = OPTION_ARG, 176 .type = OPTION_ARG,
177 .opt.arg = &enc_config.inf, 177 .opt.arg = &cfg.inf,
178 }, 178 },
179 { 179 {
180 .name = "iter", 180 .name = "iter",
181 .argname = "iterations", 181 .argname = "iterations",
182 .desc = "Specify iteration count and force use of PBKDF2", 182 .desc = "Specify iteration count and force use of PBKDF2",
183 .type = OPTION_ARG_INT, 183 .type = OPTION_ARG_INT,
184 .opt.value = &enc_config.iter, 184 .opt.value = &cfg.iter,
185 }, 185 },
186 { 186 {
187 .name = "iv", 187 .name = "iv",
188 .argname = "IV", 188 .argname = "IV",
189 .desc = "IV to use, specified as a hexadecimal string", 189 .desc = "IV to use, specified as a hexadecimal string",
190 .type = OPTION_ARG, 190 .type = OPTION_ARG,
191 .opt.arg = &enc_config.hiv, 191 .opt.arg = &cfg.hiv,
192 }, 192 },
193 { 193 {
194 .name = "K", 194 .name = "K",
195 .argname = "key", 195 .argname = "key",
196 .desc = "Key to use, specified as a hexadecimal string", 196 .desc = "Key to use, specified as a hexadecimal string",
197 .type = OPTION_ARG, 197 .type = OPTION_ARG,
198 .opt.arg = &enc_config.hkey, 198 .opt.arg = &cfg.hkey,
199 }, 199 },
200 { 200 {
201 .name = "k", /* Superseded by -pass. */ 201 .name = "k", /* Superseded by -pass. */
202 .type = OPTION_ARG, 202 .type = OPTION_ARG,
203 .opt.arg = &enc_config.keystr, 203 .opt.arg = &cfg.keystr,
204 }, 204 },
205 { 205 {
206 .name = "kfile", /* Superseded by -pass. */ 206 .name = "kfile", /* Superseded by -pass. */
207 .type = OPTION_ARG, 207 .type = OPTION_ARG,
208 .opt.arg = &enc_config.keyfile, 208 .opt.arg = &cfg.keyfile,
209 }, 209 },
210 { 210 {
211 .name = "md", 211 .name = "md",
212 .argname = "digest", 212 .argname = "digest",
213 .desc = "Digest to use to create a key from the passphrase", 213 .desc = "Digest to use to create a key from the passphrase",
214 .type = OPTION_ARG, 214 .type = OPTION_ARG,
215 .opt.arg = &enc_config.md, 215 .opt.arg = &cfg.md,
216 }, 216 },
217 { 217 {
218 .name = "none", 218 .name = "none",
@@ -224,12 +224,12 @@ static const struct option enc_options[] = {
224 .name = "nopad", 224 .name = "nopad",
225 .desc = "Disable standard block padding", 225 .desc = "Disable standard block padding",
226 .type = OPTION_FLAG, 226 .type = OPTION_FLAG,
227 .opt.flag = &enc_config.nopad, 227 .opt.flag = &cfg.nopad,
228 }, 228 },
229 { 229 {
230 .name = "nosalt", 230 .name = "nosalt",
231 .type = OPTION_VALUE, 231 .type = OPTION_VALUE,
232 .opt.value = &enc_config.nosalt, 232 .opt.value = &cfg.nosalt,
233 .value = 1, 233 .value = 1,
234 }, 234 },
235 { 235 {
@@ -237,21 +237,21 @@ static const struct option enc_options[] = {
237 .argname = "file", 237 .argname = "file",
238 .desc = "Output file to write to (default stdout)", 238 .desc = "Output file to write to (default stdout)",
239 .type = OPTION_ARG, 239 .type = OPTION_ARG,
240 .opt.arg = &enc_config.outf, 240 .opt.arg = &cfg.outf,
241 }, 241 },
242 { 242 {
243 .name = "P", 243 .name = "P",
244 .desc = "Print out the salt, key and IV used, then exit\n" 244 .desc = "Print out the salt, key and IV used, then exit\n"
245 " (no encryption or decryption is performed)", 245 " (no encryption or decryption is performed)",
246 .type = OPTION_VALUE, 246 .type = OPTION_VALUE,
247 .opt.value = &enc_config.printkey, 247 .opt.value = &cfg.printkey,
248 .value = 2, 248 .value = 2,
249 }, 249 },
250 { 250 {
251 .name = "p", 251 .name = "p",
252 .desc = "Print out the salt, key and IV used", 252 .desc = "Print out the salt, key and IV used",
253 .type = OPTION_VALUE, 253 .type = OPTION_VALUE,
254 .opt.value = &enc_config.printkey, 254 .opt.value = &cfg.printkey,
255 .value = 1, 255 .value = 1,
256 }, 256 },
257 { 257 {
@@ -259,40 +259,40 @@ static const struct option enc_options[] = {
259 .argname = "source", 259 .argname = "source",
260 .desc = "Password source", 260 .desc = "Password source",
261 .type = OPTION_ARG, 261 .type = OPTION_ARG,
262 .opt.arg = &enc_config.passarg, 262 .opt.arg = &cfg.passarg,
263 }, 263 },
264 { 264 {
265 .name = "pbkdf2", 265 .name = "pbkdf2",
266 .desc = "Use the pbkdf2 key derivation function", 266 .desc = "Use the pbkdf2 key derivation function",
267 .type = OPTION_FLAG, 267 .type = OPTION_FLAG,
268 .opt.flag = &enc_config.pbkdf2, 268 .opt.flag = &cfg.pbkdf2,
269 }, 269 },
270 { 270 {
271 .name = "S", 271 .name = "S",
272 .argname = "salt", 272 .argname = "salt",
273 .desc = "Salt to use, specified as a hexadecimal string", 273 .desc = "Salt to use, specified as a hexadecimal string",
274 .type = OPTION_ARG, 274 .type = OPTION_ARG,
275 .opt.arg = &enc_config.hsalt, 275 .opt.arg = &cfg.hsalt,
276 }, 276 },
277 { 277 {
278 .name = "salt", 278 .name = "salt",
279 .desc = "Use a salt in the key derivation routines (default)", 279 .desc = "Use a salt in the key derivation routines (default)",
280 .type = OPTION_VALUE, 280 .type = OPTION_VALUE,
281 .opt.value = &enc_config.nosalt, 281 .opt.value = &cfg.nosalt,
282 .value = 0, 282 .value = 0,
283 }, 283 },
284 { 284 {
285 .name = "v", 285 .name = "v",
286 .desc = "Verbose", 286 .desc = "Verbose",
287 .type = OPTION_FLAG, 287 .type = OPTION_FLAG,
288 .opt.flag = &enc_config.verbose, 288 .opt.flag = &cfg.verbose,
289 }, 289 },
290#ifdef ZLIB 290#ifdef ZLIB
291 { 291 {
292 .name = "z", 292 .name = "z",
293 .desc = "Perform zlib compression/decompression", 293 .desc = "Perform zlib compression/decompression",
294 .type = OPTION_FLAG, 294 .type = OPTION_FLAG,
295 .opt.flag = &enc_config.do_zlib, 295 .opt.flag = &cfg.do_zlib,
296 }, 296 },
297#endif 297#endif
298 { 298 {
@@ -365,27 +365,27 @@ enc_main(int argc, char **argv)
365 exit(1); 365 exit(1);
366 } 366 }
367 367
368 memset(&enc_config, 0, sizeof(enc_config)); 368 memset(&cfg, 0, sizeof(cfg));
369 enc_config.enc = 1; 369 cfg.enc = 1;
370 370
371 /* first check the program name */ 371 /* first check the program name */
372 program_name(argv[0], pname, sizeof(pname)); 372 program_name(argv[0], pname, sizeof(pname));
373 373
374 if (strcmp(pname, "base64") == 0) 374 if (strcmp(pname, "base64") == 0)
375 enc_config.base64 = 1; 375 cfg.base64 = 1;
376 376
377#ifdef ZLIB 377#ifdef ZLIB
378 if (strcmp(pname, "zlib") == 0) 378 if (strcmp(pname, "zlib") == 0)
379 enc_config.do_zlib = 1; 379 cfg.do_zlib = 1;
380#endif 380#endif
381 381
382 enc_config.cipher = EVP_get_cipherbyname(pname); 382 cfg.cipher = EVP_get_cipherbyname(pname);
383 383
384#ifdef ZLIB 384#ifdef ZLIB
385 if (!enc_config.do_zlib && !enc_config.base64 && 385 if (!cfg.do_zlib && !cfg.base64 &&
386 enc_config.cipher == NULL && strcmp(pname, "enc") != 0) 386 cfg.cipher == NULL && strcmp(pname, "enc") != 0)
387#else 387#else
388 if (!enc_config.base64 && enc_config.cipher == NULL && 388 if (!cfg.base64 && cfg.cipher == NULL &&
389 strcmp(pname, "enc") != 0) 389 strcmp(pname, "enc") != 0)
390#endif 390#endif
391 { 391 {
@@ -398,20 +398,20 @@ enc_main(int argc, char **argv)
398 goto end; 398 goto end;
399 } 399 }
400 400
401 if (enc_config.keyfile != NULL) { 401 if (cfg.keyfile != NULL) {
402 static char buf[128]; 402 static char buf[128];
403 FILE *infile; 403 FILE *infile;
404 404
405 infile = fopen(enc_config.keyfile, "r"); 405 infile = fopen(cfg.keyfile, "r");
406 if (infile == NULL) { 406 if (infile == NULL) {
407 BIO_printf(bio_err, "unable to read key from '%s'\n", 407 BIO_printf(bio_err, "unable to read key from '%s'\n",
408 enc_config.keyfile); 408 cfg.keyfile);
409 goto end; 409 goto end;
410 } 410 }
411 buf[0] = '\0'; 411 buf[0] = '\0';
412 if (!fgets(buf, sizeof buf, infile)) { 412 if (!fgets(buf, sizeof buf, infile)) {
413 BIO_printf(bio_err, "unable to read key from '%s'\n", 413 BIO_printf(bio_err, "unable to read key from '%s'\n",
414 enc_config.keyfile); 414 cfg.keyfile);
415 fclose(infile); 415 fclose(infile);
416 goto end; 416 goto end;
417 } 417 }
@@ -425,34 +425,34 @@ enc_main(int argc, char **argv)
425 BIO_printf(bio_err, "zero length password\n"); 425 BIO_printf(bio_err, "zero length password\n");
426 goto end; 426 goto end;
427 } 427 }
428 enc_config.keystr = buf; 428 cfg.keystr = buf;
429 } 429 }
430 430
431 if (enc_config.cipher != NULL && 431 if (cfg.cipher != NULL &&
432 (EVP_CIPHER_flags(enc_config.cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) { 432 (EVP_CIPHER_flags(cfg.cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) {
433 BIO_printf(bio_err, "enc does not support AEAD ciphers\n"); 433 BIO_printf(bio_err, "enc does not support AEAD ciphers\n");
434 goto end; 434 goto end;
435 } 435 }
436 436
437 if (enc_config.cipher != NULL && 437 if (cfg.cipher != NULL &&
438 EVP_CIPHER_mode(enc_config.cipher) == EVP_CIPH_XTS_MODE) { 438 EVP_CIPHER_mode(cfg.cipher) == EVP_CIPH_XTS_MODE) {
439 BIO_printf(bio_err, "enc does not support XTS mode\n"); 439 BIO_printf(bio_err, "enc does not support XTS mode\n");
440 goto end; 440 goto end;
441 } 441 }
442 442
443 if (enc_config.md != NULL && 443 if (cfg.md != NULL &&
444 (dgst = EVP_get_digestbyname(enc_config.md)) == NULL) { 444 (dgst = EVP_get_digestbyname(cfg.md)) == NULL) {
445 BIO_printf(bio_err, 445 BIO_printf(bio_err,
446 "%s is an unsupported message digest type\n", 446 "%s is an unsupported message digest type\n",
447 enc_config.md); 447 cfg.md);
448 goto end; 448 goto end;
449 } 449 }
450 if (dgst == NULL) { 450 if (dgst == NULL) {
451 dgst = EVP_sha256(); 451 dgst = EVP_sha256();
452 } 452 }
453 453
454 if (enc_config.bufsize != NULL) { 454 if (cfg.bufsize != NULL) {
455 char *p = enc_config.bufsize; 455 char *p = cfg.bufsize;
456 unsigned long n; 456 unsigned long n;
457 457
458 /* XXX - provide an OPTION_ARG_DISKUNIT. */ 458 /* XXX - provide an OPTION_ARG_DISKUNIT. */
@@ -471,11 +471,11 @@ enc_main(int argc, char **argv)
471 goto end; 471 goto end;
472 } 472 }
473 /* It must be large enough for a base64 encoded line. */ 473 /* It must be large enough for a base64 encoded line. */
474 if (enc_config.base64 && n < 80) 474 if (cfg.base64 && n < 80)
475 n = 80; 475 n = 80;
476 476
477 bsize = (int)n; 477 bsize = (int)n;
478 if (enc_config.verbose) 478 if (cfg.verbose)
479 BIO_printf(bio_err, "bufsize=%d\n", bsize); 479 BIO_printf(bio_err, "bufsize=%d\n", bsize);
480 } 480 }
481 strbuf = malloc(SIZE); 481 strbuf = malloc(SIZE);
@@ -490,41 +490,41 @@ enc_main(int argc, char **argv)
490 ERR_print_errors(bio_err); 490 ERR_print_errors(bio_err);
491 goto end; 491 goto end;
492 } 492 }
493 if (enc_config.debug) { 493 if (cfg.debug) {
494 BIO_set_callback(in, BIO_debug_callback); 494 BIO_set_callback(in, BIO_debug_callback);
495 BIO_set_callback(out, BIO_debug_callback); 495 BIO_set_callback(out, BIO_debug_callback);
496 BIO_set_callback_arg(in, (char *) bio_err); 496 BIO_set_callback_arg(in, (char *) bio_err);
497 BIO_set_callback_arg(out, (char *) bio_err); 497 BIO_set_callback_arg(out, (char *) bio_err);
498 } 498 }
499 if (enc_config.inf == NULL) { 499 if (cfg.inf == NULL) {
500 if (enc_config.bufsize != NULL) 500 if (cfg.bufsize != NULL)
501 setvbuf(stdin, (char *) NULL, _IONBF, 0); 501 setvbuf(stdin, (char *) NULL, _IONBF, 0);
502 BIO_set_fp(in, stdin, BIO_NOCLOSE); 502 BIO_set_fp(in, stdin, BIO_NOCLOSE);
503 } else { 503 } else {
504 if (BIO_read_filename(in, enc_config.inf) <= 0) { 504 if (BIO_read_filename(in, cfg.inf) <= 0) {
505 perror(enc_config.inf); 505 perror(cfg.inf);
506 goto end; 506 goto end;
507 } 507 }
508 } 508 }
509 509
510 if (!enc_config.keystr && enc_config.passarg) { 510 if (!cfg.keystr && cfg.passarg) {
511 if (!app_passwd(bio_err, enc_config.passarg, NULL, 511 if (!app_passwd(bio_err, cfg.passarg, NULL,
512 &pass, NULL)) { 512 &pass, NULL)) {
513 BIO_printf(bio_err, "Error getting password\n"); 513 BIO_printf(bio_err, "Error getting password\n");
514 goto end; 514 goto end;
515 } 515 }
516 enc_config.keystr = pass; 516 cfg.keystr = pass;
517 } 517 }
518 if (enc_config.keystr == NULL && enc_config.cipher != NULL && 518 if (cfg.keystr == NULL && cfg.cipher != NULL &&
519 enc_config.hkey == NULL) { 519 cfg.hkey == NULL) {
520 for (;;) { 520 for (;;) {
521 char buf[200]; 521 char buf[200];
522 int retval; 522 int retval;
523 523
524 retval = snprintf(buf, sizeof buf, 524 retval = snprintf(buf, sizeof buf,
525 "enter %s %s password:", 525 "enter %s %s password:",
526 OBJ_nid2ln(EVP_CIPHER_nid(enc_config.cipher)), 526 OBJ_nid2ln(EVP_CIPHER_nid(cfg.cipher)),
527 enc_config.enc ? "encryption" : "decryption"); 527 cfg.enc ? "encryption" : "decryption");
528 if ((size_t)retval >= sizeof buf) { 528 if ((size_t)retval >= sizeof buf) {
529 BIO_printf(bio_err, 529 BIO_printf(bio_err,
530 "Password prompt too long\n"); 530 "Password prompt too long\n");
@@ -532,13 +532,13 @@ enc_main(int argc, char **argv)
532 } 532 }
533 strbuf[0] = '\0'; 533 strbuf[0] = '\0';
534 i = EVP_read_pw_string((char *)strbuf, SIZE, buf, 534 i = EVP_read_pw_string((char *)strbuf, SIZE, buf,
535 enc_config.enc); 535 cfg.enc);
536 if (i == 0) { 536 if (i == 0) {
537 if (strbuf[0] == '\0') { 537 if (strbuf[0] == '\0') {
538 ret = 1; 538 ret = 1;
539 goto end; 539 goto end;
540 } 540 }
541 enc_config.keystr = strbuf; 541 cfg.keystr = strbuf;
542 break; 542 break;
543 } 543 }
544 if (i < 0) { 544 if (i < 0) {
@@ -547,13 +547,13 @@ enc_main(int argc, char **argv)
547 } 547 }
548 } 548 }
549 } 549 }
550 if (enc_config.outf == NULL) { 550 if (cfg.outf == NULL) {
551 BIO_set_fp(out, stdout, BIO_NOCLOSE); 551 BIO_set_fp(out, stdout, BIO_NOCLOSE);
552 if (enc_config.bufsize != NULL) 552 if (cfg.bufsize != NULL)
553 setvbuf(stdout, (char *)NULL, _IONBF, 0); 553 setvbuf(stdout, (char *)NULL, _IONBF, 0);
554 } else { 554 } else {
555 if (BIO_write_filename(out, enc_config.outf) <= 0) { 555 if (BIO_write_filename(out, cfg.outf) <= 0) {
556 perror(enc_config.outf); 556 perror(cfg.outf);
557 goto end; 557 goto end;
558 } 558 }
559 } 559 }
@@ -572,38 +572,38 @@ enc_main(int argc, char **argv)
572 } 572 }
573#endif 573#endif
574 574
575 if (enc_config.base64) { 575 if (cfg.base64) {
576 if ((b64 = BIO_new(BIO_f_base64())) == NULL) 576 if ((b64 = BIO_new(BIO_f_base64())) == NULL)
577 goto end; 577 goto end;
578 if (enc_config.debug) { 578 if (cfg.debug) {
579 BIO_set_callback(b64, BIO_debug_callback); 579 BIO_set_callback(b64, BIO_debug_callback);
580 BIO_set_callback_arg(b64, (char *) bio_err); 580 BIO_set_callback_arg(b64, (char *) bio_err);
581 } 581 }
582 if (enc_config.olb64) 582 if (cfg.olb64)
583 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); 583 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
584 if (enc_config.enc) 584 if (cfg.enc)
585 wbio = BIO_push(b64, wbio); 585 wbio = BIO_push(b64, wbio);
586 else 586 else
587 rbio = BIO_push(b64, rbio); 587 rbio = BIO_push(b64, rbio);
588 } 588 }
589 if (enc_config.cipher != NULL) { 589 if (cfg.cipher != NULL) {
590 /* 590 /*
591 * Note that keystr is NULL if a key was passed on the command 591 * Note that keystr is NULL if a key was passed on the command
592 * line, so we get no salt in that case. Is this a bug? 592 * line, so we get no salt in that case. Is this a bug?
593 */ 593 */
594 if (enc_config.keystr != NULL) { 594 if (cfg.keystr != NULL) {
595 /* 595 /*
596 * Salt handling: if encrypting generate a salt and 596 * Salt handling: if encrypting generate a salt and
597 * write to output BIO. If decrypting read salt from 597 * write to output BIO. If decrypting read salt from
598 * input BIO. 598 * input BIO.
599 */ 599 */
600 unsigned char *sptr; 600 unsigned char *sptr;
601 if (enc_config.nosalt) 601 if (cfg.nosalt)
602 sptr = NULL; 602 sptr = NULL;
603 else { 603 else {
604 if (enc_config.enc) { 604 if (cfg.enc) {
605 if (enc_config.hsalt) { 605 if (cfg.hsalt) {
606 if (!set_hex(enc_config.hsalt, salt, sizeof salt)) { 606 if (!set_hex(cfg.hsalt, salt, sizeof salt)) {
607 BIO_printf(bio_err, 607 BIO_printf(bio_err,
608 "invalid hex salt value\n"); 608 "invalid hex salt value\n");
609 goto end; 609 goto end;
@@ -615,7 +615,7 @@ enc_main(int argc, char **argv)
615 * If -P option then don't bother 615 * If -P option then don't bother
616 * writing 616 * writing
617 */ 617 */
618 if ((enc_config.printkey != 2) 618 if ((cfg.printkey != 2)
619 && (BIO_write(wbio, magic, 619 && (BIO_write(wbio, magic,
620 sizeof magic - 1) != sizeof magic - 1 620 sizeof magic - 1) != sizeof magic - 1
621 || BIO_write(wbio, 621 || BIO_write(wbio,
@@ -636,23 +636,23 @@ enc_main(int argc, char **argv)
636 } 636 }
637 sptr = salt; 637 sptr = salt;
638 } 638 }
639 if (enc_config.pbkdf2 == 1 || enc_config.iter > 0) { 639 if (cfg.pbkdf2 == 1 || cfg.iter > 0) {
640 /* 640 /*
641 * derive key and default iv 641 * derive key and default iv
642 * concatenated into a temporary buffer 642 * concatenated into a temporary buffer
643 */ 643 */
644 unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH]; 644 unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH];
645 int iklen = EVP_CIPHER_key_length(enc_config.cipher); 645 int iklen = EVP_CIPHER_key_length(cfg.cipher);
646 int ivlen = EVP_CIPHER_iv_length(enc_config.cipher); 646 int ivlen = EVP_CIPHER_iv_length(cfg.cipher);
647 /* not needed if HASH_UPDATE() is fixed : */ 647 /* not needed if HASH_UPDATE() is fixed : */
648 int islen = (sptr != NULL ? sizeof(salt) : 0); 648 int islen = (sptr != NULL ? sizeof(salt) : 0);
649 649
650 if (enc_config.iter == 0) 650 if (cfg.iter == 0)
651 enc_config.iter = 10000; 651 cfg.iter = 10000;
652 652
653 if (!PKCS5_PBKDF2_HMAC(enc_config.keystr, 653 if (!PKCS5_PBKDF2_HMAC(cfg.keystr,
654 strlen(enc_config.keystr), sptr, islen, 654 strlen(cfg.keystr), sptr, islen,
655 enc_config.iter, dgst, iklen+ivlen, tmpkeyiv)) { 655 cfg.iter, dgst, iklen+ivlen, tmpkeyiv)) {
656 BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n"); 656 BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n");
657 goto end; 657 goto end;
658 } 658 }
@@ -661,9 +661,9 @@ enc_main(int argc, char **argv)
661 memcpy(iv, tmpkeyiv + iklen, ivlen); 661 memcpy(iv, tmpkeyiv + iklen, ivlen);
662 explicit_bzero(tmpkeyiv, sizeof tmpkeyiv); 662 explicit_bzero(tmpkeyiv, sizeof tmpkeyiv);
663 } else { 663 } else {
664 EVP_BytesToKey(enc_config.cipher, dgst, sptr, 664 EVP_BytesToKey(cfg.cipher, dgst, sptr,
665 (unsigned char *)enc_config.keystr, 665 (unsigned char *)cfg.keystr,
666 strlen(enc_config.keystr), 1, key, iv); 666 strlen(cfg.keystr), 1, key, iv);
667 } 667 }
668 668
669 /* 669 /*
@@ -671,19 +671,19 @@ enc_main(int argc, char **argv)
671 * the command line bug picked up by Larry J. Hughes 671 * the command line bug picked up by Larry J. Hughes
672 * Jr. <hughes@indiana.edu> 672 * Jr. <hughes@indiana.edu>
673 */ 673 */
674 if (enc_config.keystr == strbuf) 674 if (cfg.keystr == strbuf)
675 explicit_bzero(enc_config.keystr, SIZE); 675 explicit_bzero(cfg.keystr, SIZE);
676 else 676 else
677 explicit_bzero(enc_config.keystr, 677 explicit_bzero(cfg.keystr,
678 strlen(enc_config.keystr)); 678 strlen(cfg.keystr));
679 } 679 }
680 if (enc_config.hiv != NULL && 680 if (cfg.hiv != NULL &&
681 !set_hex(enc_config.hiv, iv, sizeof iv)) { 681 !set_hex(cfg.hiv, iv, sizeof iv)) {
682 BIO_printf(bio_err, "invalid hex iv value\n"); 682 BIO_printf(bio_err, "invalid hex iv value\n");
683 goto end; 683 goto end;
684 } 684 }
685 if (enc_config.hiv == NULL && enc_config.keystr == NULL && 685 if (cfg.hiv == NULL && cfg.keystr == NULL &&
686 EVP_CIPHER_iv_length(enc_config.cipher) != 0) { 686 EVP_CIPHER_iv_length(cfg.cipher) != 0) {
687 /* 687 /*
688 * No IV was explicitly set and no IV was generated 688 * No IV was explicitly set and no IV was generated
689 * during EVP_BytesToKey. Hence the IV is undefined, 689 * during EVP_BytesToKey. Hence the IV is undefined,
@@ -692,8 +692,8 @@ enc_main(int argc, char **argv)
692 BIO_printf(bio_err, "iv undefined\n"); 692 BIO_printf(bio_err, "iv undefined\n");
693 goto end; 693 goto end;
694 } 694 }
695 if (enc_config.hkey != NULL && 695 if (cfg.hkey != NULL &&
696 !set_hex(enc_config.hkey, key, sizeof key)) { 696 !set_hex(cfg.hkey, key, sizeof key)) {
697 BIO_printf(bio_err, "invalid hex key value\n"); 697 BIO_printf(bio_err, "invalid hex key value\n");
698 goto end; 698 goto end;
699 } 699 }
@@ -707,51 +707,51 @@ enc_main(int argc, char **argv)
707 707
708 BIO_get_cipher_ctx(benc, &ctx); 708 BIO_get_cipher_ctx(benc, &ctx);
709 709
710 if (!EVP_CipherInit_ex(ctx, enc_config.cipher, NULL, NULL, 710 if (!EVP_CipherInit_ex(ctx, cfg.cipher, NULL, NULL,
711 NULL, enc_config.enc)) { 711 NULL, cfg.enc)) {
712 BIO_printf(bio_err, "Error setting cipher %s\n", 712 BIO_printf(bio_err, "Error setting cipher %s\n",
713 EVP_CIPHER_name(enc_config.cipher)); 713 EVP_CIPHER_name(cfg.cipher));
714 ERR_print_errors(bio_err); 714 ERR_print_errors(bio_err);
715 goto end; 715 goto end;
716 } 716 }
717 if (enc_config.nopad) 717 if (cfg.nopad)
718 EVP_CIPHER_CTX_set_padding(ctx, 0); 718 EVP_CIPHER_CTX_set_padding(ctx, 0);
719 719
720 if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 720 if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv,
721 enc_config.enc)) { 721 cfg.enc)) {
722 BIO_printf(bio_err, "Error setting cipher %s\n", 722 BIO_printf(bio_err, "Error setting cipher %s\n",
723 EVP_CIPHER_name(enc_config.cipher)); 723 EVP_CIPHER_name(cfg.cipher));
724 ERR_print_errors(bio_err); 724 ERR_print_errors(bio_err);
725 goto end; 725 goto end;
726 } 726 }
727 if (enc_config.debug) { 727 if (cfg.debug) {
728 BIO_set_callback(benc, BIO_debug_callback); 728 BIO_set_callback(benc, BIO_debug_callback);
729 BIO_set_callback_arg(benc, (char *) bio_err); 729 BIO_set_callback_arg(benc, (char *) bio_err);
730 } 730 }
731 if (enc_config.printkey) { 731 if (cfg.printkey) {
732 int key_len, iv_len; 732 int key_len, iv_len;
733 733
734 if (!enc_config.nosalt) { 734 if (!cfg.nosalt) {
735 printf("salt="); 735 printf("salt=");
736 for (i = 0; i < (int) sizeof(salt); i++) 736 for (i = 0; i < (int) sizeof(salt); i++)
737 printf("%02X", salt[i]); 737 printf("%02X", salt[i]);
738 printf("\n"); 738 printf("\n");
739 } 739 }
740 key_len = EVP_CIPHER_key_length(enc_config.cipher); 740 key_len = EVP_CIPHER_key_length(cfg.cipher);
741 if (key_len > 0) { 741 if (key_len > 0) {
742 printf("key="); 742 printf("key=");
743 for (i = 0; i < key_len; i++) 743 for (i = 0; i < key_len; i++)
744 printf("%02X", key[i]); 744 printf("%02X", key[i]);
745 printf("\n"); 745 printf("\n");
746 } 746 }
747 iv_len = EVP_CIPHER_iv_length(enc_config.cipher); 747 iv_len = EVP_CIPHER_iv_length(cfg.cipher);
748 if (iv_len > 0) { 748 if (iv_len > 0) {
749 printf("iv ="); 749 printf("iv =");
750 for (i = 0; i < iv_len; i++) 750 for (i = 0; i < iv_len; i++)
751 printf("%02X", iv[i]); 751 printf("%02X", iv[i]);
752 printf("\n"); 752 printf("\n");
753 } 753 }
754 if (enc_config.printkey == 2) { 754 if (cfg.printkey == 2) {
755 ret = 0; 755 ret = 0;
756 goto end; 756 goto end;
757 } 757 }
@@ -775,7 +775,7 @@ enc_main(int argc, char **argv)
775 goto end; 775 goto end;
776 } 776 }
777 ret = 0; 777 ret = 0;
778 if (enc_config.verbose) { 778 if (cfg.verbose) {
779 BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in)); 779 BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in));
780 BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out)); 780 BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out));
781 } 781 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-02 21:24:13 +0000