Changeset 94082 in vbox for trunk/src/libs/openssl-3.0.1/apps/enc.c
- Timestamp:
- Mar 3, 2022 7:17:34 PM (3 years ago)
- svn:sync-xref-src-repo-rev:
- 150325
- Location:
- trunk/src/libs/openssl-3.0.1
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
apps/enc.c (modified) (24 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/libs/openssl-3.0.1
- Property svn:mergeinfo
-
old new 12 12 /vendor/openssl/1.1.1c:131722-131725 13 13 /vendor/openssl/1.1.1k:145841-145843 14 /vendor/openssl/3.0.1:150323-150324 15 /vendor/openssl/current:147554-150322
-
- Property svn:mergeinfo
-
trunk/src/libs/openssl-3.0.1/apps/enc.c
r91772 r94082 2 2 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 * Licensed under the OpenSSL license(the "License"). You may not use4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 * this file except in compliance with the License. You can obtain a copy 6 6 * in the file LICENSE in the source distribution or at … … 40 40 41 41 typedef enum OPTION_choice { 42 OPT_ ERR = -1, OPT_EOF = 0, OPT_HELP,42 OPT_COMMON, 43 43 OPT_LIST, 44 44 OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_ENGINE, OPT_D, OPT_P, OPT_V, … … 46 46 OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE, 47 47 OPT_UPPER_S, OPT_IV, OPT_MD, OPT_ITER, OPT_PBKDF2, OPT_CIPHER, 48 OPT_R_ENUM 48 OPT_R_ENUM, OPT_PROV_ENUM 49 49 } OPTION_CHOICE; 50 50 51 51 const OPTIONS enc_options[] = { 52 OPT_SECTION("General"), 52 53 {"help", OPT_HELP, '-', "Display this summary"}, 53 54 {"list", OPT_LIST, '-', "List ciphers"}, 55 #ifndef OPENSSL_NO_DEPRECATED_3_0 54 56 {"ciphers", OPT_LIST, '-', "Alias for -list"}, 55 {"in", OPT_IN, '<', "Input file"}, 56 {"out", OPT_OUT, '>', "Output file"}, 57 {"pass", OPT_PASS, 's', "Passphrase source"}, 57 #endif 58 58 {"e", OPT_E, '-', "Encrypt"}, 59 59 {"d", OPT_D, '-', "Decrypt"}, 60 60 {"p", OPT_P, '-', "Print the iv/key"}, 61 61 {"P", OPT_UPPER_P, '-', "Print the iv/key and exit"}, 62 #ifndef OPENSSL_NO_ENGINE 63 {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, 64 #endif 65 66 OPT_SECTION("Input"), 67 {"in", OPT_IN, '<', "Input file"}, 68 {"k", OPT_K, 's', "Passphrase"}, 69 {"kfile", OPT_KFILE, '<', "Read passphrase from file"}, 70 71 OPT_SECTION("Output"), 72 {"out", OPT_OUT, '>', "Output file"}, 73 {"pass", OPT_PASS, 's', "Passphrase source"}, 62 74 {"v", OPT_V, '-', "Verbose output"}, 75 {"a", OPT_A, '-', "Base64 encode/decode, depending on encryption flag"}, 76 {"base64", OPT_A, '-', "Same as option -a"}, 77 {"A", OPT_UPPER_A, '-', 78 "Used with -[base64|a] to specify base64 buffer as a single line"}, 79 80 OPT_SECTION("Encryption"), 63 81 {"nopad", OPT_NOPAD, '-', "Disable standard block padding"}, 64 82 {"salt", OPT_SALT, '-', "Use salt in the KDF (default)"}, 65 83 {"nosalt", OPT_NOSALT, '-', "Do not use salt in the KDF"}, 66 84 {"debug", OPT_DEBUG, '-', "Print debug info"}, 67 {"a", OPT_A, '-', "Base64 encode/decode, depending on encryption flag"}, 68 {"base64", OPT_A, '-', "Same as option -a"}, 69 {"A", OPT_UPPER_A, '-', 70 "Used with -[base64|a] to specify base64 buffer as a single line"}, 85 71 86 {"bufsize", OPT_BUFSIZE, 's', "Buffer size"}, 72 {"k", OPT_K, 's', "Passphrase"},73 {"kfile", OPT_KFILE, '<', "Read passphrase from file"},74 87 {"K", OPT_UPPER_K, 's', "Raw key, in hex"}, 75 88 {"S", OPT_UPPER_S, 's', "Salt, in hex"}, … … 79 92 {"pbkdf2", OPT_PBKDF2, '-', "Use password-based key derivation function 2"}, 80 93 {"none", OPT_NONE, '-', "Don't encrypt"}, 81 {"", OPT_CIPHER, '-', "Any supported cipher"},82 OPT_R_OPTIONS,83 94 #ifdef ZLIB 84 95 {"z", OPT_Z, '-', "Compress or decompress encrypted data using zlib"}, 85 96 #endif 86 #ifndef OPENSSL_NO_ENGINE 87 {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, 88 #endif 97 {"", OPT_CIPHER, '-', "Any supported cipher"}, 98 99 OPT_R_OPTIONS, 100 OPT_PROV_OPTIONS, 89 101 {NULL} 90 102 }; … … 98 110 NULL, *wbio = NULL; 99 111 EVP_CIPHER_CTX *ctx = NULL; 100 const EVP_CIPHER *cipher = NULL, *c; 101 const EVP_MD *dgst = NULL; 112 EVP_CIPHER *cipher = NULL; 113 EVP_MD *dgst = NULL; 114 const char *digestname = NULL; 102 115 char *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p; 103 116 char *infile = NULL, *outfile = NULL, *prog; 104 117 char *str = NULL, *passarg = NULL, *pass = NULL, *strbuf = NULL; 118 const char *ciphername = NULL; 105 119 char mbuf[sizeof(magic) - 1]; 106 120 OPTION_CHOICE o; … … 120 134 #endif 121 135 122 /* first check the program name */ 123 prog = opt_progname(argv[0]); 124 if (strcmp(prog, "base64") == 0) { 136 /* first check the command name */ 137 if (strcmp(argv[0], "base64") == 0) 125 138 base64 = 1; 126 139 #ifdef ZLIB 127 } else if (strcmp(prog, "zlib") == 0) {140 else if (strcmp(argv[0], "zlib") == 0) 128 141 do_zlib = 1; 129 142 #endif 130 } else { 131 cipher = EVP_get_cipherbyname(prog); 132 if (cipher == NULL && strcmp(prog, "enc") != 0) { 133 BIO_printf(bio_err, "%s is not a known cipher\n", prog); 134 goto end; 135 } 136 } 143 else if (strcmp(argv[0], "enc") != 0) 144 ciphername = argv[0]; 137 145 138 146 prog = opt_init(argc, argv, enc_options); … … 253 261 break; 254 262 case OPT_MD: 255 if (!opt_md(opt_arg(), &dgst)) 256 goto opthelp; 263 digestname = opt_arg(); 257 264 break; 258 265 case OPT_CIPHER: 259 if (!opt_cipher(opt_unknown(), &c)) 260 goto opthelp; 261 cipher = c; 266 ciphername = opt_unknown(); 262 267 break; 263 268 case OPT_ITER: 264 if (!opt_int(opt_arg(), &iter)) 265 goto opthelp; 269 iter = opt_int_arg(); 266 270 pbkdf2 = 1; 267 271 break; … … 278 282 goto end; 279 283 break; 280 } 281 } 282 if (opt_num_rest() != 0) { 283 BIO_printf(bio_err, "Extra arguments given.\n"); 284 case OPT_PROV_CASES: 285 if (!opt_provider(o)) 286 goto end; 287 break; 288 } 289 } 290 291 /* No extra arguments. */ 292 argc = opt_num_rest(); 293 if (argc != 0) 284 294 goto opthelp; 285 } 286 287 if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { 288 BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog); 295 if (!app_RAND_load()) 289 296 goto end; 290 } 291 292 if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) { 293 BIO_printf(bio_err, "%s XTS ciphers not supported\n", prog); 294 goto end; 295 } 296 297 298 /* Get the cipher name, either from progname (if set) or flag. */ 299 if (ciphername != NULL) { 300 if (!opt_cipher(ciphername, &cipher)) 301 goto opthelp; 302 } 303 if (digestname != NULL) { 304 if (!opt_md(digestname, &dgst)) 305 goto opthelp; 306 } 297 307 if (dgst == NULL) 298 dgst = EVP_sha256();308 dgst = (EVP_MD *)EVP_sha256(); 299 309 300 310 if (iter == 0) … … 343 353 344 354 BIO_snprintf(prompt, sizeof(prompt), "enter %s %s password:", 345 OBJ_nid2ln(EVP_CIPHER_nid(cipher)),355 EVP_CIPHER_get0_name(cipher), 346 356 (enc) ? "encryption" : "decryption"); 347 357 strbuf[0] = '\0'; … … 372 382 373 383 if (debug) { 374 BIO_set_callback (in, BIO_debug_callback);375 BIO_set_callback (out, BIO_debug_callback);384 BIO_set_callback_ex(in, BIO_debug_callback_ex); 385 BIO_set_callback_ex(out, BIO_debug_callback_ex); 376 386 BIO_set_callback_arg(in, (char *)bio_err); 377 387 BIO_set_callback_arg(out, (char *)bio_err); … … 386 396 goto end; 387 397 if (debug) { 388 BIO_set_callback (bzl, BIO_debug_callback);398 BIO_set_callback_ex(bzl, BIO_debug_callback_ex); 389 399 BIO_set_callback_arg(bzl, (char *)bio_err); 390 400 } … … 400 410 goto end; 401 411 if (debug) { 402 BIO_set_callback (b64, BIO_debug_callback);412 BIO_set_callback_ex(b64, BIO_debug_callback_ex); 403 413 BIO_set_callback_arg(b64, (char *)bio_err); 404 414 } … … 412 422 413 423 if (cipher != NULL) { 414 /* 415 * Note that str is NULL if a key was passed on the command line, so 416 * we get no salt in that case. Is this a bug? 417 */ 418 if (str != NULL) { 424 if (str != NULL) { /* a passphrase is available */ 419 425 /* 420 * Salt handling: if encrypting generate a salt and write to 421 * output BIO. If decrypting read salt from input BIO. 426 * Salt handling: if encrypting generate a salt if not supplied, 427 * and write to output BIO. If decrypting use salt from input BIO 428 * if not given with args 422 429 */ 423 430 unsigned char *sptr; … … 427 434 sptr = NULL; 428 435 } else { 429 if (enc) { 430 if (hsalt) { 431 if (!set_hex(hsalt, salt, sizeof(salt))) { 432 BIO_printf(bio_err, "invalid hex salt value\n"); 436 if (hsalt != NULL && !set_hex(hsalt, salt, sizeof(salt))) { 437 BIO_printf(bio_err, "invalid hex salt value\n"); 438 goto end; 439 } 440 if (enc) { /* encryption */ 441 if (hsalt == NULL) { 442 if (RAND_bytes(salt, sizeof(salt)) <= 0) { 443 BIO_printf(bio_err, "RAND_bytes failed\n"); 433 444 goto end; 434 445 } 435 } else if (RAND_bytes(salt, sizeof(salt)) <= 0) { 436 goto end; 446 /* 447 * If -P option then don't bother writing. 448 * If salt is given, shouldn't either ? 449 */ 450 if ((printkey != 2) 451 && (BIO_write(wbio, magic, 452 sizeof(magic) - 1) != sizeof(magic) - 1 453 || BIO_write(wbio, 454 (char *)salt, 455 sizeof(salt)) != sizeof(salt))) { 456 BIO_printf(bio_err, "error writing output file\n"); 457 goto end; 458 } 437 459 } 438 /* 439 * If -P option then don't bother writing 440 */ 441 if ((printkey != 2) 442 && (BIO_write(wbio, magic, 443 sizeof(magic) - 1) != sizeof(magic) - 1 444 || BIO_write(wbio, 445 (char *)salt, 446 sizeof(salt)) != sizeof(salt))) { 447 BIO_printf(bio_err, "error writing output file\n"); 448 goto end; 460 } else { /* decryption */ 461 if (hsalt == NULL) { 462 if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)) { 463 BIO_printf(bio_err, "error reading input file\n"); 464 goto end; 465 } 466 if (memcmp(mbuf, magic, sizeof(mbuf)) == 0) { /* file IS salted */ 467 if (BIO_read(rbio, salt, 468 sizeof(salt)) != sizeof(salt)) { 469 BIO_printf(bio_err, "error reading input file\n"); 470 goto end; 471 } 472 } else { /* file is NOT salted, NO salt available */ 473 BIO_printf(bio_err, "bad magic number\n"); 474 goto end; 475 } 449 476 } 450 } else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)451 || BIO_read(rbio,452 (unsigned char *)salt,453 sizeof(salt)) != sizeof(salt)) {454 BIO_printf(bio_err, "error reading input file\n");455 goto end;456 } else if (memcmp(mbuf, magic, sizeof(magic) - 1)) {457 BIO_printf(bio_err, "bad magic number\n");458 goto end;459 477 } 460 478 sptr = salt; … … 467 485 */ 468 486 unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH]; 469 int iklen = EVP_CIPHER_ key_length(cipher);470 int ivlen = EVP_CIPHER_ iv_length(cipher);487 int iklen = EVP_CIPHER_get_key_length(cipher); 488 int ivlen = EVP_CIPHER_get_iv_length(cipher); 471 489 /* not needed if HASH_UPDATE() is fixed : */ 472 490 int islen = (sptr != NULL ? sizeof(salt) : 0); … … 500 518 } 501 519 if (hiv != NULL) { 502 int siz = EVP_CIPHER_ iv_length(cipher);520 int siz = EVP_CIPHER_get_iv_length(cipher); 503 521 if (siz == 0) { 504 522 BIO_printf(bio_err, "warning: iv not used by this cipher\n"); … … 509 527 } 510 528 if ((hiv == NULL) && (str == NULL) 511 && EVP_CIPHER_ iv_length(cipher) != 0) {529 && EVP_CIPHER_get_iv_length(cipher) != 0) { 512 530 /* 513 531 * No IV was explicitly set and no IV was generated. … … 518 536 } 519 537 if (hkey != NULL) { 520 if (!set_hex(hkey, key, EVP_CIPHER_ key_length(cipher))) {538 if (!set_hex(hkey, key, EVP_CIPHER_get_key_length(cipher))) { 521 539 BIO_printf(bio_err, "invalid hex key value\n"); 522 540 goto end; 523 541 } 524 542 /* wiping secret data as we no longer need it */ 525 OPENSSL_cleanse(hkey, strlen(hkey));543 cleanse(hkey); 526 544 } 527 545 … … 536 554 BIO_get_cipher_ctx(benc, &ctx); 537 555 538 if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {556 if (!EVP_CipherInit_ex(ctx, cipher, e, NULL, NULL, enc)) { 539 557 BIO_printf(bio_err, "Error setting cipher %s\n", 540 EVP_CIPHER_ name(cipher));558 EVP_CIPHER_get0_name(cipher)); 541 559 ERR_print_errors(bio_err); 542 560 goto end; … … 548 566 if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) { 549 567 BIO_printf(bio_err, "Error setting cipher %s\n", 550 EVP_CIPHER_ name(cipher));568 EVP_CIPHER_get0_name(cipher)); 551 569 ERR_print_errors(bio_err); 552 570 goto end; … … 554 572 555 573 if (debug) { 556 BIO_set_callback (benc, BIO_debug_callback);574 BIO_set_callback_ex(benc, BIO_debug_callback_ex); 557 575 BIO_set_callback_arg(benc, (char *)bio_err); 558 576 } … … 565 583 printf("\n"); 566 584 } 567 if (EVP_CIPHER_ key_length(cipher) > 0) {585 if (EVP_CIPHER_get_key_length(cipher) > 0) { 568 586 printf("key="); 569 for (i = 0; i < EVP_CIPHER_ key_length(cipher); i++)587 for (i = 0; i < EVP_CIPHER_get_key_length(cipher); i++) 570 588 printf("%02X", key[i]); 571 589 printf("\n"); 572 590 } 573 if (EVP_CIPHER_ iv_length(cipher) > 0) {591 if (EVP_CIPHER_get_iv_length(cipher) > 0) { 574 592 printf("iv ="); 575 for (i = 0; i < EVP_CIPHER_ iv_length(cipher); i++)593 for (i = 0; i < EVP_CIPHER_get_iv_length(cipher); i++) 576 594 printf("%02X", iv[i]); 577 595 printf("\n"); … … 615 633 BIO_free(benc); 616 634 BIO_free(b64); 635 EVP_MD_free(dgst); 636 EVP_CIPHER_free(cipher); 617 637 #ifdef ZLIB 618 638 BIO_free(bzl); … … 633 653 /* Filter out ciphers that we cannot use */ 634 654 cipher = EVP_get_cipherbyname(name->name); 635 if (cipher == NULL ||636 (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||637 EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)655 if (cipher == NULL 656 || (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 657 || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE) 638 658 return; 639 659
Note:
See TracChangeset
for help on using the changeset viewer.
