From: jsing Date: Thu, 1 Jan 2015 13:55:03 +0000 (+0000) Subject: Convert the openssl(1) enc command to the new option parsing and usage. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=7ed34fb232d9b99da20fb9c56f15b7c0f19d31f5;p=openbsd Convert the openssl(1) enc command to the new option parsing and usage. With input from doug@ --- diff --git a/usr.bin/openssl/enc.c b/usr.bin/openssl/enc.c index b5aaab9842d..e449ac8cc78 100644 --- a/usr.bin/openssl/enc.c +++ b/usr.bin/openssl/enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: enc.c,v 1.3 2014/10/22 13:54:03 jsing Exp $ */ +/* $OpenBSD: enc.c,v 1.4 2015/01/01 13:55:03 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -75,23 +75,257 @@ int set_hex(char *in, unsigned char *out, int size); #define SIZE (512) #define BSIZE (8*1024) -#define PROG enc_main + +static struct { + int base64; + char *bufsize; + const EVP_CIPHER *cipher; + int debug; +#ifdef ZLIB + int do_zlib; +#endif + int enc; +#ifndef OPENSSL_NO_ENGINE + char *engine; +#endif + char *hiv; + char *hkey; + char *hsalt; + char *inf; + char *keyfile; + char *keystr; + char *md; + int nopad; + int nosalt; + int olb64; + char *outf; + char *passarg; + int printkey; + int verbose; +} enc_config; + +static int +enc_opt_cipher(int argc, char **argv, int *argsused) +{ + char *name = argv[0]; + + if (*name++ != '-') + return (1); + + if (strcmp(name, "none") == 0) { + enc_config.cipher = NULL; + *argsused = 1; + return (0); + } + + if ((enc_config.cipher = EVP_get_cipherbyname(name)) != NULL) { + *argsused = 1; + return (0); + } + + return (1); +} + +static struct option enc_options[] = { + { + .name = "A", + .desc = "Process base64 data on one line (requires -a)", + .type = OPTION_FLAG, + .opt.flag = &enc_config.olb64, + }, + { + .name = "a", + .desc = "Perform base64 encoding/decoding (alias -base64)", + .type = OPTION_FLAG, + .opt.flag = &enc_config.base64, + }, + { + .name = "base64", + .type = OPTION_FLAG, + .opt.flag = &enc_config.base64, + }, + { + .name = "bufsize", + .argname = "size", + .desc = "Specify the buffer size to use for I/O", + .type = OPTION_ARG, + .opt.arg = &enc_config.bufsize, + }, + { + .name = "d", + .desc = "Decrypt the input data", + .type = OPTION_VALUE, + .opt.value = &enc_config.enc, + .value = 0, + }, + { + .name = "debug", + .desc = "Print debugging information", + .type = OPTION_FLAG, + .opt.flag = &enc_config.debug, + }, + { + .name = "e", + .desc = "Encrypt the input data (default)", + .type = OPTION_VALUE, + .opt.value = &enc_config.enc, + .value = 1, + }, +#ifndef OPENSSL_NO_ENGINE + { + .name = "engine", + .argname = "id", + .desc = "Use the engine specified by the given identifier", + .type = OPTION_ARG, + .opt.arg = &enc_config.engine, + }, +#endif + { + .name = "in", + .argname = "file", + .desc = "Input file to read from (default stdin)", + .type = OPTION_ARG, + .opt.arg = &enc_config.inf, + }, + { + .name = "iv", + .argname = "IV", + .desc = "IV to use, specified as a hexidecimal string", + .type = OPTION_ARG, + .opt.arg = &enc_config.hiv, + }, + { + .name = "K", + .argname = "key", + .desc = "Key to use, specified as a hexidecimal string", + .type = OPTION_ARG, + .opt.arg = &enc_config.hkey, + }, + { + .name = "k", /* Superseded by -pass. */ + .type = OPTION_ARG, + .opt.arg = &enc_config.keystr, + }, + { + .name = "kfile", /* Superseded by -pass. */ + .type = OPTION_ARG, + .opt.arg = &enc_config.keyfile, + }, + { + .name = "md", + .argname = "digest", + .desc = "Digest to use to create a key from the passphrase", + .type = OPTION_ARG, + .opt.arg = &enc_config.md, + }, + { + .name = "none", + .desc = "Use NULL cipher (no encryption or decryption)", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = enc_opt_cipher, + }, + { + .name = "nopad", + .desc = "Disable standard block padding", + .type = OPTION_FLAG, + .opt.flag = &enc_config.nopad, + }, + { + .name = "nosalt", + .type = OPTION_VALUE, + .opt.value = &enc_config.nosalt, + .value = 1, + }, + { + .name = "out", + .argname = "file", + .desc = "Output file to write to (default stdout)", + .type = OPTION_ARG, + .opt.arg = &enc_config.outf, + }, + { + .name = "P", + .desc = "Print out the salt, key and IV used, then exit\n" + " (no encryption or decryption is performed)", + .type = OPTION_VALUE, + .opt.value = &enc_config.printkey, + .value = 2, + }, + { + .name = "p", + .desc = "Print out the salt, key and IV used", + .type = OPTION_VALUE, + .opt.value = &enc_config.printkey, + .value = 1, + }, + { + .name = "pass", + .argname = "source", + .desc = "Password source", + .type = OPTION_ARG, + .opt.arg = &enc_config.passarg, + }, + { + .name = "S", + .argname = "salt", + .desc = "Salt to use, specified as a hexidecimal string", + .type = OPTION_ARG, + .opt.arg = &enc_config.hsalt, + }, + { + .name = "salt", + .desc = "Use a salt in the key derivation routines (default)", + .type = OPTION_VALUE, + .opt.value = &enc_config.nosalt, + .value = 0, + }, + { + .name = "v", + .desc = "Verbose", + .type = OPTION_FLAG, + .opt.flag = &enc_config.verbose, + }, +#ifdef ZLIB + { + .name = "z", + .desc = "Perform zlib compression/decompression", + .type = OPTION_FLAG, + .opt.flag = &enc_config.do_zlib, + }, +#endif + { + .name = NULL, + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = enc_opt_cipher, + }, + { NULL }, +}; static void -show_ciphers(const OBJ_NAME * name, void *bio_) +show_ciphers(const OBJ_NAME *name, void *arg) { - BIO *bio = bio_; static int n; - if (!islower((unsigned char) *name->name)) + if (!islower((unsigned char)*name->name)) return; - BIO_printf(bio, "-%-25s", name->name); - if (++n == 3) { - BIO_printf(bio, "\n"); - n = 0; - } else - BIO_printf(bio, " "); + fprintf(stderr, " -%-24s%s", name->name, (++n % 3 ? "" : "\n")); +} + +static void +enc_usage(void) +{ + fprintf(stderr, "usage: enc -ciphername [-AadePp] [-base64] " + "[-bufsize number] [-debug]\n" + " [-engine id] [-in file] [-iv IV] [-K key] [-k password]\n" + " [-kfile file] [-md digest] [-none] [-nopad] [-nosalt]\n" + " [-out file] [-pass arg] [-S salt] [-salt]\n\n"); + options_usage(enc_options); + fprintf(stderr, "\n"); + + fprintf(stderr, "Valid ciphername values:\n\n"); + OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, show_ciphers, NULL); + fprintf(stderr, "\n"); } int enc_main(int, char **); @@ -101,237 +335,126 @@ enc_main(int argc, char **argv) { static const char magic[] = "Salted__"; char mbuf[sizeof magic - 1]; - char *strbuf = NULL; - unsigned char *buff = NULL, *bufsize = NULL; - int bsize = BSIZE, verbose = 0; + char *strbuf = NULL, *pass = NULL; + unsigned char *buff = NULL; + int bsize = BSIZE; int ret = 1, inl; - int nopad = 0; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; unsigned char salt[PKCS5_SALT_LEN]; - char *str = NULL, *passarg = NULL, *pass = NULL; - char *hkey = NULL, *hiv = NULL, *hsalt = NULL; - char *md = NULL; - int enc = 1, printkey = 0, i, base64 = 0; #ifdef ZLIB - int do_zlib = 0; BIO *bzl = NULL; #endif - int debug = 0, olb64 = 0, nosalt = 0; - const EVP_CIPHER *cipher = NULL, *c; EVP_CIPHER_CTX *ctx = NULL; - char *inf = NULL, *outf = NULL; - BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio = NULL, - *wbio = NULL; + const EVP_MD *dgst = NULL; + BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL; + BIO *rbio = NULL, *wbio = NULL; #define PROG_NAME_SIZE 39 char pname[PROG_NAME_SIZE + 1]; -#ifndef OPENSSL_NO_ENGINE - char *engine = NULL; -#endif - const EVP_MD *dgst = NULL; + int i; + + memset(&enc_config, 0, sizeof(enc_config)); + enc_config.enc = 1; /* first check the program name */ - program_name(argv[0], pname, sizeof pname); + program_name(argv[0], pname, sizeof(pname)); + if (strcmp(pname, "base64") == 0) - base64 = 1; + enc_config.base64 = 1; + #ifdef ZLIB if (strcmp(pname, "zlib") == 0) - do_zlib = 1; + enc_config.do_zlib = 1; #endif - cipher = EVP_get_cipherbyname(pname); + enc_config.cipher = EVP_get_cipherbyname(pname); + #ifdef ZLIB - if (!do_zlib && !base64 && (cipher == NULL) - && (strcmp(pname, "enc") != 0)) + if (!enc_config.do_zlib && !enc_config.base64 && + enc_config.cipher == NULL && strcmp(pname, "enc") != 0) #else - if (!base64 && (cipher == NULL) && (strcmp(pname, "enc") != 0)) + if (!enc_config.base64 && enc_config.cipher == NULL && + strcmp(pname, "enc") != 0) #endif { BIO_printf(bio_err, "%s is an unknown cipher\n", pname); - goto bad; + goto end; } - argc--; - argv++; - while (argc >= 1) { - if (strcmp(*argv, "-e") == 0) - enc = 1; - else if (strcmp(*argv, "-in") == 0) { - if (--argc < 1) - goto bad; - inf = *(++argv); - } else if (strcmp(*argv, "-out") == 0) { - if (--argc < 1) - goto bad; - outf = *(++argv); - } else if (strcmp(*argv, "-pass") == 0) { - if (--argc < 1) - goto bad; - passarg = *(++argv); - } -#ifndef OPENSSL_NO_ENGINE - else if (strcmp(*argv, "-engine") == 0) { - if (--argc < 1) - goto bad; - engine = *(++argv); - } -#endif - else if (strcmp(*argv, "-d") == 0) - enc = 0; - else if (strcmp(*argv, "-p") == 0) - printkey = 1; - else if (strcmp(*argv, "-v") == 0) - verbose = 1; - else if (strcmp(*argv, "-nopad") == 0) - nopad = 1; - else if (strcmp(*argv, "-salt") == 0) - nosalt = 0; - else if (strcmp(*argv, "-nosalt") == 0) - nosalt = 1; - else if (strcmp(*argv, "-debug") == 0) - debug = 1; - else if (strcmp(*argv, "-P") == 0) - printkey = 2; - else if (strcmp(*argv, "-A") == 0) - olb64 = 1; - else if (strcmp(*argv, "-a") == 0) - base64 = 1; - else if (strcmp(*argv, "-base64") == 0) - base64 = 1; -#ifdef ZLIB - else if (strcmp(*argv, "-z") == 0) - do_zlib = 1; -#endif - else if (strcmp(*argv, "-bufsize") == 0) { - if (--argc < 1) - goto bad; - bufsize = (unsigned char *) *(++argv); - } else if (strcmp(*argv, "-k") == 0) { - if (--argc < 1) - goto bad; - str = *(++argv); - } else if (strcmp(*argv, "-kfile") == 0) { - static char buf[128]; - FILE *infile; - char *file; - - if (--argc < 1) - goto bad; - file = *(++argv); - infile = fopen(file, "r"); - if (infile == NULL) { - BIO_printf(bio_err, "unable to read key from '%s'\n", - file); - goto bad; - } - buf[0] = '\0'; - if (!fgets(buf, sizeof buf, infile)) { - BIO_printf(bio_err, "unable to read key from '%s'\n", - file); - fclose(infile); - goto bad; - } - fclose(infile); - i = strlen(buf); - if ((i > 0) && - ((buf[i - 1] == '\n') || (buf[i - 1] == '\r'))) - buf[--i] = '\0'; - if ((i > 0) && - ((buf[i - 1] == '\n') || (buf[i - 1] == '\r'))) - buf[--i] = '\0'; - if (i < 1) { - BIO_printf(bio_err, "zero length password\n"); - goto bad; - } - str = buf; - } else if (strcmp(*argv, "-K") == 0) { - if (--argc < 1) - goto bad; - hkey = *(++argv); - } else if (strcmp(*argv, "-S") == 0) { - if (--argc < 1) - goto bad; - hsalt = *(++argv); - } else if (strcmp(*argv, "-iv") == 0) { - if (--argc < 1) - goto bad; - hiv = *(++argv); - } else if (strcmp(*argv, "-md") == 0) { - if (--argc < 1) - goto bad; - md = *(++argv); - } else if ((argv[0][0] == '-') && - ((c = EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) { - cipher = c; - } else if (strcmp(*argv, "-none") == 0) - cipher = NULL; - else { - BIO_printf(bio_err, "unknown option '%s'\n", *argv); - bad: - BIO_printf(bio_err, "options are\n"); - BIO_printf(bio_err, "%-14s input file\n", "-in "); - BIO_printf(bio_err, "%-14s output file\n", "-out "); - BIO_printf(bio_err, "%-14s pass phrase source\n", "-pass "); - BIO_printf(bio_err, "%-14s encrypt\n", "-e"); - BIO_printf(bio_err, "%-14s decrypt\n", "-d"); - BIO_printf(bio_err, "%-14s base64 encode/decode, depending on encryption flag\n", "-a/-base64"); - BIO_printf(bio_err, "%-14s passphrase is the next argument\n", "-k"); - BIO_printf(bio_err, "%-14s passphrase is the first line of the file argument\n", "-kfile"); - BIO_printf(bio_err, "%-14s the next argument is the md to use to create a key\n", "-md"); - BIO_printf(bio_err, "%-14s from a passphrase. One of md2, md5, sha or sha1\n", ""); - BIO_printf(bio_err, "%-14s salt in hex is the next argument\n", "-S"); - BIO_printf(bio_err, "%-14s key/iv in hex is the next argument\n", "-K/-iv"); - BIO_printf(bio_err, "%-14s print the iv/key (then exit if -P)\n", "-[pP]"); - BIO_printf(bio_err, "%-14s buffer size\n", "-bufsize "); - BIO_printf(bio_err, "%-14s disable standard block padding\n", "-nopad"); -#ifndef OPENSSL_NO_ENGINE - BIO_printf(bio_err, "%-14s use engine e, possibly a hardware device.\n", "-engine e"); -#endif - BIO_printf(bio_err, "Cipher Types\n"); - OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, - show_ciphers, - bio_err); - BIO_printf(bio_err, "\n"); + if (options_parse(argc, argv, enc_options, NULL, NULL) != 0) { + enc_usage(); + goto end; + } + + if (enc_config.keyfile != NULL) { + static char buf[128]; + FILE *infile; + infile = fopen(enc_config.keyfile, "r"); + if (infile == NULL) { + BIO_printf(bio_err, "unable to read key from '%s'\n", + enc_config.keyfile); + goto end; + } + buf[0] = '\0'; + if (!fgets(buf, sizeof buf, infile)) { + BIO_printf(bio_err, "unable to read key from '%s'\n", + enc_config.keyfile); + fclose(infile); goto end; } - argc--; - argv++; + fclose(infile); + i = strlen(buf); + if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r'))) + buf[--i] = '\0'; + if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r'))) + buf[--i] = '\0'; + if (i < 1) { + BIO_printf(bio_err, "zero length password\n"); + goto end; + } + enc_config.keystr = buf; } #ifndef OPENSSL_NO_ENGINE - setup_engine(bio_err, engine, 0); + setup_engine(bio_err, enc_config.engine, 0); #endif - if (md && (dgst = EVP_get_digestbyname(md)) == NULL) { - BIO_printf(bio_err, "%s is an unsupported message digest type\n", md); + if (enc_config.md != NULL && + (dgst = EVP_get_digestbyname(enc_config.md)) == NULL) { + BIO_printf(bio_err, + "%s is an unsupported message digest type\n", + enc_config.md); goto end; } if (dgst == NULL) { - dgst = EVP_md5(); + dgst = EVP_md5(); /* XXX */ } - if (bufsize != NULL) { + + if (enc_config.bufsize != NULL) { + char *p = enc_config.bufsize; unsigned long n; - for (n = 0; *bufsize; bufsize++) { - i = *bufsize; + /* XXX - provide an OPTION_ARG_DISKUNIT. */ + for (n = 0; *p != '\0'; p++) { + i = *p; if ((i <= '9') && (i >= '0')) n = n * 10 + i - '0'; else if (i == 'k') { n *= 1024; - bufsize++; + p++; break; } } - if (*bufsize != '\0') { + if (*p != '\0') { BIO_printf(bio_err, "invalid 'bufsize' specified.\n"); goto end; } - /* It must be large enough for a base64 encoded line */ - if (base64 && n < 80) + /* It must be large enough for a base64 encoded line. */ + if (enc_config.base64 && n < 80) n = 80; - bsize = (int) n; - if (verbose) + bsize = (int)n; + if (enc_config.verbose) BIO_printf(bio_err, "bufsize=%d\n", bsize); } strbuf = malloc(SIZE); @@ -346,50 +469,55 @@ enc_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (debug) { + if (enc_config.debug) { BIO_set_callback(in, BIO_debug_callback); BIO_set_callback(out, BIO_debug_callback); BIO_set_callback_arg(in, (char *) bio_err); BIO_set_callback_arg(out, (char *) bio_err); } - if (inf == NULL) { - if (bufsize != NULL) + if (enc_config.inf == NULL) { + if (enc_config.bufsize != NULL) setvbuf(stdin, (char *) NULL, _IONBF, 0); BIO_set_fp(in, stdin, BIO_NOCLOSE); } else { - if (BIO_read_filename(in, inf) <= 0) { - perror(inf); + if (BIO_read_filename(in, enc_config.inf) <= 0) { + perror(enc_config.inf); goto end; } } - if (!str && passarg) { - if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { + if (!enc_config.keystr && enc_config.passarg) { + if (!app_passwd(bio_err, enc_config.passarg, NULL, + &pass, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } - str = pass; + enc_config.keystr = pass; } - if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) { + if (enc_config.keystr == NULL && enc_config.cipher != NULL && + enc_config.hkey == NULL) { for (;;) { char buf[200]; int retval; - retval = snprintf(buf, sizeof buf, "enter %s %s password:", - OBJ_nid2ln(EVP_CIPHER_nid(cipher)), - (enc) ? "encryption" : "decryption"); + retval = snprintf(buf, sizeof buf, + "enter %s %s password:", + OBJ_nid2ln(EVP_CIPHER_nid(enc_config.cipher)), + enc_config.enc ? "encryption" : "decryption"); if ((size_t)retval >= sizeof buf) { - BIO_printf(bio_err, "Password prompt too long\n"); + BIO_printf(bio_err, + "Password prompt too long\n"); goto end; } strbuf[0] = '\0'; - i = EVP_read_pw_string((char *) strbuf, SIZE, buf, enc); + i = EVP_read_pw_string((char *)strbuf, SIZE, buf, + enc_config.enc); if (i == 0) { if (strbuf[0] == '\0') { ret = 1; goto end; } - str = strbuf; + enc_config.keystr = strbuf; break; } if (i < 0) { @@ -398,13 +526,13 @@ enc_main(int argc, char **argv) } } } - if (outf == NULL) { + if (enc_config.outf == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); - if (bufsize != NULL) - setvbuf(stdout, (char *) NULL, _IONBF, 0); + if (enc_config.bufsize != NULL) + setvbuf(stdout, (char *)NULL, _IONBF, 0); } else { - if (BIO_write_filename(out, outf) <= 0) { - perror(outf); + if (BIO_write_filename(out, enc_config.outf) <= 0) { + perror(enc_config.outf); goto end; } } @@ -413,7 +541,6 @@ enc_main(int argc, char **argv) wbio = out; #ifdef ZLIB - if (do_zlib) { if ((bzl = BIO_new(BIO_f_zlib())) == NULL) goto end; @@ -424,38 +551,38 @@ enc_main(int argc, char **argv) } #endif - if (base64) { + if (enc_config.base64) { if ((b64 = BIO_new(BIO_f_base64())) == NULL) goto end; - if (debug) { + if (enc_config.debug) { BIO_set_callback(b64, BIO_debug_callback); BIO_set_callback_arg(b64, (char *) bio_err); } - if (olb64) + if (enc_config.olb64) BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); - if (enc) + if (enc_config.enc) wbio = BIO_push(b64, wbio); else rbio = BIO_push(b64, rbio); } - if (cipher != NULL) { + if (enc_config.cipher != NULL) { /* - * Note that str is NULL if a key was passed on the command + * Note that keystr is NULL if a key was passed on the command * line, so we get no salt in that case. Is this a bug? */ - if (str != NULL) { + if (enc_config.keystr != NULL) { /* * Salt handling: if encrypting generate a salt and * write to output BIO. If decrypting read salt from * input BIO. */ unsigned char *sptr; - if (nosalt) + if (enc_config.nosalt) sptr = NULL; else { - if (enc) { - if (hsalt) { - if (!set_hex(hsalt, salt, sizeof salt)) { + if (enc_config.enc) { + if (enc_config.hsalt) { + if (!set_hex(enc_config.hsalt, salt, sizeof salt)) { BIO_printf(bio_err, "invalid hex salt value\n"); goto end; @@ -467,7 +594,7 @@ enc_main(int argc, char **argv) * If -P option then don't bother * writing */ - if ((printkey != 2) + if ((enc_config.printkey != 2) && (BIO_write(wbio, magic, sizeof magic - 1) != sizeof magic - 1 || BIO_write(wbio, @@ -489,25 +616,27 @@ enc_main(int argc, char **argv) sptr = salt; } - EVP_BytesToKey(cipher, dgst, sptr, - (unsigned char *) str, - strlen(str), 1, key, iv); + EVP_BytesToKey(enc_config.cipher, dgst, sptr, + (unsigned char *)enc_config.keystr, + strlen(enc_config.keystr), 1, key, iv); /* * zero the complete buffer or the string passed from * the command line bug picked up by Larry J. Hughes * Jr. */ - if (str == strbuf) - OPENSSL_cleanse(str, SIZE); + if (enc_config.keystr == strbuf) + OPENSSL_cleanse(enc_config.keystr, SIZE); else - OPENSSL_cleanse(str, strlen(str)); + OPENSSL_cleanse(enc_config.keystr, + strlen(enc_config.keystr)); } - if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) { + if (enc_config.hiv != NULL && + !set_hex(enc_config.hiv, iv, sizeof iv)) { BIO_printf(bio_err, "invalid hex iv value\n"); goto end; } - if ((hiv == NULL) && (str == NULL) - && EVP_CIPHER_iv_length(cipher) != 0) { + if (enc_config.hiv == NULL && enc_config.keystr == NULL && + EVP_CIPHER_iv_length(enc_config.cipher) != 0) { /* * No IV was explicitly set and no IV was generated * during EVP_BytesToKey. Hence the IV is undefined, @@ -516,7 +645,8 @@ enc_main(int argc, char **argv) BIO_printf(bio_err, "iv undefined\n"); goto end; } - if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) { + if (enc_config.hkey != NULL && + !set_hex(enc_config.hkey, key, sizeof key)) { BIO_printf(bio_err, "invalid hex key value\n"); goto end; } @@ -530,45 +660,47 @@ enc_main(int argc, char **argv) BIO_get_cipher_ctx(benc, &ctx); - if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) { + if (!EVP_CipherInit_ex(ctx, enc_config.cipher, NULL, NULL, + NULL, enc_config.enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", - EVP_CIPHER_name(cipher)); + EVP_CIPHER_name(enc_config.cipher)); ERR_print_errors(bio_err); goto end; } - if (nopad) + if (enc_config.nopad) EVP_CIPHER_CTX_set_padding(ctx, 0); - if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) { + if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, + enc_config.enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", - EVP_CIPHER_name(cipher)); + EVP_CIPHER_name(enc_config.cipher)); ERR_print_errors(bio_err); goto end; } - if (debug) { + if (enc_config.debug) { BIO_set_callback(benc, BIO_debug_callback); BIO_set_callback_arg(benc, (char *) bio_err); } - if (printkey) { - if (!nosalt) { + if (enc_config.printkey) { + if (!enc_config.nosalt) { printf("salt="); for (i = 0; i < (int) sizeof(salt); i++) printf("%02X", salt[i]); printf("\n"); } - if (cipher->key_len > 0) { + if (enc_config.cipher->key_len > 0) { printf("key="); - for (i = 0; i < cipher->key_len; i++) + for (i = 0; i < enc_config.cipher->key_len; i++) printf("%02X", key[i]); printf("\n"); } - if (cipher->iv_len > 0) { + if (enc_config.cipher->iv_len > 0) { printf("iv ="); - for (i = 0; i < cipher->iv_len; i++) + for (i = 0; i < enc_config.cipher->iv_len; i++) printf("%02X", iv[i]); printf("\n"); } - if (printkey == 2) { + if (enc_config.printkey == 2) { ret = 0; goto end; } @@ -592,7 +724,7 @@ enc_main(int argc, char **argv) goto end; } ret = 0; - if (verbose) { + if (enc_config.verbose) { BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in)); BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out)); }