X-Git-Url: http://git.rot13.org/?p=bcm963xx.git;a=blobdiff_plain;f=userapps%2Fopensource%2Fopenssl%2Fapps%2Fenc.c;h=6f3161395ecd863fbb8f0a9067cb708ddb55ef71;hp=0a9f7310bf51db47160428126592c551af60e625;hb=864458111a0e69d94bbae210d5b7349ca072a6b7;hpb=a69849c98808437716b821267cd97529c56f45b0 diff --git a/userapps/opensource/openssl/apps/enc.c b/userapps/opensource/openssl/apps/enc.c index 0a9f7310..6f316139 100755 --- a/userapps/opensource/openssl/apps/enc.c +++ b/userapps/opensource/openssl/apps/enc.c @@ -114,9 +114,11 @@ int MAIN(int argc, char **argv) unsigned char salt[PKCS5_SALT_LEN]; char *str=NULL, *passarg = NULL, *pass = NULL; char *hkey=NULL,*hiv=NULL,*hsalt = NULL; + char *md=NULL; int enc=1,printkey=0,i,base64=0; int debug=0,olb64=0,nosalt=0; const EVP_CIPHER *cipher=NULL,*c; + EVP_CIPHER_CTX *ctx = NULL; char *inf=NULL,*outf=NULL; BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; #define PROG_NAME_SIZE 39 @@ -124,6 +126,8 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_ENGINE char *engine = NULL; #endif + const EVP_MD *dgst=NULL; + int non_fips_allow = 0; apps_startup(); @@ -253,6 +257,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; hiv= *(++argv); } + else if (strcmp(*argv,"-md") == 0) + { + if (--argc < 1) goto bad; + md= *(++argv); + } + else if (strcmp(*argv,"-non-fips-allow") == 0) + non_fips_allow = 1; else if ((argv[0][0] == '-') && ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) { @@ -271,8 +282,10 @@ bad: BIO_printf(bio_err,"%-14s encrypt\n","-e"); BIO_printf(bio_err,"%-14s decrypt\n","-d"); BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64"); - BIO_printf(bio_err,"%-14s key is the next argument\n","-k"); - BIO_printf(bio_err,"%-14s key is the first line of the file argument\n","-kfile"); + BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k"); + BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile"); + BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md"); + BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n",""); BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv"); BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]"); BIO_printf(bio_err,"%-14s buffer size\n","-bufsize "); @@ -296,6 +309,20 @@ bad: e = setup_engine(bio_err, engine, 0); #endif + if (md && (dgst=EVP_get_digestbyname(md)) == NULL) + { + BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); + goto end; + } + + if (dgst == NULL) + { + if (in_FIPS_mode) + dgst = EVP_sha1(); + else + dgst = EVP_md5(); + } + if (bufsize != NULL) { unsigned long n; @@ -373,9 +400,9 @@ bad: { char buf[200]; - sprintf(buf,"enter %s %s password:", - OBJ_nid2ln(EVP_CIPHER_nid(cipher)), - (enc)?"encryption":"decryption"); + BIO_snprintf(buf,sizeof buf,"enter %s %s password:", + OBJ_nid2ln(EVP_CIPHER_nid(cipher)), + (enc)?"encryption":"decryption"); strbuf[0]='\0'; i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc); if (i == 0) @@ -483,7 +510,7 @@ bad: sptr = salt; } - EVP_BytesToKey(cipher,EVP_md5(),sptr, + EVP_BytesToKey(cipher,dgst,sptr, (unsigned char *)str, strlen(str),1,key,iv); /* zero the complete buffer or the string @@ -516,13 +543,43 @@ bad: if ((benc=BIO_new(BIO_f_cipher())) == NULL) goto end; - BIO_set_cipher(benc,cipher,key,iv,enc); - if (nopad) + + /* Since we may be changing parameters work on the encryption + * context rather than calling BIO_set_cipher(). + */ + + BIO_get_cipher_ctx(benc, &ctx); + if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) { - EVP_CIPHER_CTX *ctx; - BIO_get_cipher_ctx(benc, &ctx); + BIO_printf(bio_err, "Error setting cipher %s\n", + EVP_CIPHER_name(cipher)); + ERR_print_errors(bio_err); + goto end; + } + + if (non_fips_allow) + EVP_CIPHER_CTX_set_flags(ctx, + EVP_CIPH_FLAG_NON_FIPS_ALLOW); + + if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) + { + BIO_printf(bio_err, "Error setting cipher %s\n", + EVP_CIPHER_name(cipher)); + ERR_print_errors(bio_err); + goto end; + } + + if (nopad) EVP_CIPHER_CTX_set_padding(ctx, 0); + + if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) + { + BIO_printf(bio_err, "Error setting cipher %s\n", + EVP_CIPHER_name(cipher)); + ERR_print_errors(bio_err); + goto end; } + if (debug) { BIO_set_callback(benc,BIO_debug_callback);