Mercurial > projects > sencrypt
annotate sencrypt.c @ 13:5a992d873084
Use a symlink for the manpage alias instead of a soelim stub
author | Guido Berhoerster <guido+sencrypt@berhoerster.name> |
---|---|
date | Tue, 13 Sep 2016 19:50:38 +0200 |
parents | 14e58decdf87 |
children | 00ca3ee8e310 |
rev | line source |
---|---|
0
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
1 /* |
9
cc930aa0f3c2
Perform 50000 iterations with the PBKDF2 hash function when creating new files
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
4
diff
changeset
|
2 * Copyright (C) 2016 Guido Berhoerster <guido+sencrypt@berhoerster.name> |
0
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
3 * |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
4 * Permission is hereby granted, free of charge, to any person obtaining |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
5 * a copy of this software and associated documentation files (the |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
6 * "Software"), to deal in the Software without restriction, including |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
7 * without limitation the rights to use, copy, modify, merge, publish, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
8 * distribute, sublicense, and/or sell copies of the Software, and to |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
9 * permit persons to whom the Software is furnished to do so, subject to |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
10 * the following conditions: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
11 * |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
12 * The above copyright notice and this permission notice shall be included |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
13 * in all copies or substantial portions of the Software. |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
14 * |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
18 * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
19 * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
20 * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
21 * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
22 */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
23 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
24 #include <stdio.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
25 #include <string.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
26 #include <stdint.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
27 #include <stdbool.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
28 #include <unistd.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
29 #include <limits.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
30 #include <libgen.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
31 #include <arpa/inet.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
32 #include <sys/stat.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
33 #include <openssl/conf.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
34 #include <openssl/rand.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
35 #include <openssl/evp.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
36 #include <openssl/err.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
37 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
38 #ifdef HAVE_ERR_H |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
39 #include <err.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
40 #endif /* HAVE_ERR_H */ |
4
abb770754967
Use C99-compatible version of snprintf on UnixWare 7
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
3
diff
changeset
|
41 #include "compat.h" |
0
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
42 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
43 #define MAX(a, b) (((a) > (b)) ? (a) : (b)) |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
44 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
45 #define EXIT_USAGE 2 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
46 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
47 #define SENCRYPT_FORMAT_VERSION 1 |
9
cc930aa0f3c2
Perform 50000 iterations with the PBKDF2 hash function when creating new files
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
4
diff
changeset
|
48 #define PBKDF2_ITERATIONS 50000 |
0
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
49 #define SALT_LEN 16 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
50 #define BUFFER_SIZE (16 * 1024) |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
51 #define MAX_PASSWORD_LEN 256 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
52 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
53 enum { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
54 CMD_SENCRYPT, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
55 CMD_SDECRYPT |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
56 }; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
57 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
58 static void |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
59 openssl_warn(void) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
60 unsigned long errcode; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
61 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
62 while ((errcode = ERR_get_error()) != 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
63 warnx("%s", ERR_error_string(errcode, NULL)); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
64 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
65 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
66 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
67 static size_t |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
68 read_keyfile(const char *filename, unsigned char *key, size_t key_size_max) |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
69 { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
70 size_t keyfile_size = 0; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
71 FILE *fp = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
72 struct stat statbuf; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
73 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
74 fp = fopen(filename, "r"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
75 if (fp == NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
76 warn("could not open key file \"%s\"", filename); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
77 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
78 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
79 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
80 if (fstat(fileno(fp), &statbuf) == -1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
81 warn("could not stat key file \"%s\"", filename); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
82 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
83 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
84 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
85 if (!S_ISREG(statbuf.st_mode)) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
86 warnx("key file \"%s\" is not a regular file", filename); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
87 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
88 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
89 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
90 if ((uintmax_t)statbuf.st_size > SIZE_MAX) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
91 warnx("key file \"%s\" is too large", filename); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
92 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
93 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
94 keyfile_size = (size_t)statbuf.st_size; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
95 if ((keyfile_size > key_size_max) || |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
96 (keyfile_size == 0)) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
97 warnx("invalid key size"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
98 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
99 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
100 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
101 if (fread(key, 1, keyfile_size, fp) != keyfile_size) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
102 warnx("could not read key file \"%s\"", filename); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
103 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
104 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
105 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
106 out: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
107 if (fp != NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
108 fclose(fp); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
109 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
110 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
111 return (keyfile_size); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
112 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
113 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
114 static int |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
115 find_algorithm(const char *algo_name, const EVP_CIPHER **cipher_ptr, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
116 size_t *key_len_ptr) |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
117 { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
118 int retval = 0; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
119 const EVP_CIPHER *cipher = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
120 size_t key_len = *key_len_ptr; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
121 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
122 if (strcmp(algo_name, "aes") == 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
123 switch (key_len) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
124 case 0: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
125 key_len = 16; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
126 case 16: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
127 cipher = EVP_aes_128_cbc(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
128 break; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
129 case 24: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
130 cipher = EVP_aes_192_cbc(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
131 break; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
132 case 32: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
133 cipher = EVP_aes_256_cbc(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
134 break; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
135 default: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
136 warnx("invalid key length %zu", key_len); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
137 retval = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
138 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
139 } else if (strcmp(algo_name, "arcfour") == 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
140 if (key_len == 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
141 key_len = 16; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
142 cipher = EVP_rc4(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
143 } else if (key_len <= EVP_MAX_KEY_LENGTH) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
144 /* |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
145 * for RC4 keys are not used verbatim but dervied using |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
146 * PBKDF2 with a hardcoded key length of 128 bit |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
147 */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
148 key_len = 16; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
149 cipher = EVP_rc4(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
150 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
151 warnx("invalid key length %zu", key_len); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
152 retval = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
153 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
154 } else if (strcmp(algo_name, "des") == 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
155 if (key_len == 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
156 key_len = 8; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
157 cipher = EVP_des_cbc(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
158 } else if (key_len == 8) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
159 cipher = EVP_des_cbc(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
160 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
161 warnx("invalid key length %zu", key_len); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
162 retval = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
163 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
164 } else if (strcmp(algo_name, "3des") == 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
165 if (key_len == 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
166 key_len = 24; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
167 cipher = EVP_des_ede3_cbc(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
168 } else if (key_len == 24) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
169 cipher = EVP_des_ede3_cbc(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
170 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
171 warnx("invalid key length %zu", key_len); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
172 retval = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
173 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
174 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
175 warnx("unknown algorithm \"%s\"", algo_name); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
176 retval = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
177 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
178 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
179 *cipher_ptr = cipher; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
180 *key_len_ptr = key_len; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
181 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
182 return (retval); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
183 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
184 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
185 static int |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
186 read_header(BIO *bio_in, uint32_t *iterations, unsigned char *iv, int iv_len, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
187 unsigned char *salt, int salt_len) |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
188 { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
189 int read_len; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
190 uint32_t version; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
191 int retval = 0; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
192 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
193 read_len = BIO_read(bio_in, &version, sizeof (version)); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
194 if (read_len != sizeof (version)) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
195 warnx("failed to read version from input file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
196 if (read_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
197 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
198 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
199 retval = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
200 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
201 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
202 version = htonl(version); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
203 if (version != SENCRYPT_FORMAT_VERSION) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
204 warnx("unknown format version %d", version); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
205 retval = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
206 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
207 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
208 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
209 read_len = BIO_read(bio_in, iterations, sizeof (*iterations)); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
210 if (read_len != sizeof (*iterations)) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
211 warnx("failed to read iterations from input file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
212 if (read_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
213 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
214 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
215 retval = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
216 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
217 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
218 *iterations = htonl(*iterations); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
219 if ((*iterations == 0) || ((sizeof (int) <= sizeof (uint32_t)) && |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
220 (*iterations > INT_MAX))) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
221 warnx("invalid number of iterations"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
222 retval = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
223 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
224 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
225 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
226 if (iv_len > 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
227 read_len = BIO_read(bio_in, iv, iv_len); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
228 if (read_len != iv_len) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
229 warnx("failed to read IV from input file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
230 if (read_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
231 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
232 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
233 retval = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
234 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
235 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
236 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
237 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
238 read_len = BIO_read(bio_in, salt, salt_len); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
239 if (read_len != salt_len) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
240 warnx("failed to read salt from input file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
241 if (read_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
242 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
243 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
244 retval = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
245 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
246 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
247 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
248 out: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
249 return (retval); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
250 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
251 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
252 static int |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
253 sencrypt(const EVP_CIPHER *cipher, BIO *bio_in, BIO *bio_out, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
254 const unsigned char *key, size_t key_len, const unsigned char *iv, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
255 const unsigned char *salt) |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
256 { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
257 int retval = 0; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
258 uint32_t version; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
259 uint32_t iterations; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
260 int iv_len; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
261 int write_len; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
262 int read_len; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
263 BIO *bio_cipher = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
264 char *buf = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
265 EVP_CIPHER_CTX *cipher_ctx; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
266 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
267 /* set up cipher filter */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
268 bio_cipher = BIO_new(BIO_f_cipher()); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
269 BIO_set_cipher(bio_cipher, cipher, NULL, NULL, 1); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
270 BIO_get_cipher_ctx(bio_cipher, &cipher_ctx); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
271 if (EVP_CIPHER_CTX_set_key_length(cipher_ctx, (int)key_len) != 1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
272 warnx("failed to set key length"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
273 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
274 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
275 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
276 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
277 if (EVP_CipherInit_ex(cipher_ctx, NULL, NULL, key, iv, 1) != 1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
278 warnx("failed to initialize cipher"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
279 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
280 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
281 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
282 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
283 BIO_push(bio_cipher, bio_out); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
284 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
285 /* write header */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
286 version = htonl(SENCRYPT_FORMAT_VERSION); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
287 write_len = BIO_write(bio_out, &version, sizeof (version)); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
288 if (write_len != sizeof (version)) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
289 warnx("failed to write version to output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
290 if (write_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
291 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
292 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
293 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
294 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
295 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
296 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
297 iterations = htonl(PBKDF2_ITERATIONS); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
298 write_len = BIO_write(bio_out, &iterations, sizeof (iterations)); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
299 if (write_len != sizeof (iterations)) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
300 warnx("failed to write iterations to output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
301 if (write_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
302 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
303 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
304 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
305 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
306 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
307 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
308 iv_len = EVP_CIPHER_iv_length(cipher); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
309 if (iv_len > 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
310 write_len = BIO_write(bio_out, iv, iv_len); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
311 if (write_len != iv_len) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
312 warnx("failed to write IV to output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
313 if (write_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
314 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
315 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
316 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
317 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
318 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
319 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
320 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
321 write_len = BIO_write(bio_out, salt, SALT_LEN); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
322 if (write_len != SALT_LEN) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
323 warnx("failed to write salt to output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
324 if (write_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
325 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
326 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
327 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
328 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
329 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
330 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
331 if (BIO_flush(bio_out) < 1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
332 warnx("failed to flush output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
333 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
334 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
335 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
336 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
337 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
338 buf = malloc(BUFFER_SIZE); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
339 if (buf == NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
340 warn(NULL); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
341 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
342 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
343 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
344 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
345 /* encrypt data */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
346 while ((read_len = BIO_read(bio_in, buf, BUFFER_SIZE)) > 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
347 if ((write_len = BIO_write(bio_cipher, buf, read_len)) != |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
348 read_len) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
349 warnx("failed to write to output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
350 if (write_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
351 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
352 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
353 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
354 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
355 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
356 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
357 if (read_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
358 warnx("failed to read from input file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
359 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
360 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
361 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
362 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
363 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
364 if (BIO_flush(bio_cipher) < 1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
365 warnx("failed to flush output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
366 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
367 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
368 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
369 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
370 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
371 out: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
372 free(buf); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
373 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
374 if (bio_cipher != NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
375 BIO_pop(bio_cipher); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
376 BIO_free(bio_cipher); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
377 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
378 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
379 return (retval); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
380 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
381 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
382 static int |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
383 sdecrypt(const EVP_CIPHER *cipher, BIO *bio_in, BIO *bio_out, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
384 const unsigned char *key, size_t key_len, const unsigned char *iv) |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
385 { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
386 int read_len; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
387 BIO *bio_cipher = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
388 int write_len; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
389 char *buf = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
390 EVP_CIPHER_CTX *cipher_ctx; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
391 int retval = 0; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
392 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
393 buf = malloc(BUFFER_SIZE); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
394 if (buf == NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
395 warn(NULL); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
396 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
397 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
398 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
399 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
400 /* set up cipher filter */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
401 bio_cipher = BIO_new(BIO_f_cipher()); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
402 BIO_set_cipher(bio_cipher, cipher, NULL, NULL, 0); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
403 BIO_get_cipher_ctx(bio_cipher, &cipher_ctx); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
404 if (EVP_CIPHER_CTX_set_key_length(cipher_ctx, (int)key_len) != 1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
405 warnx("failed to set key length"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
406 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
407 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
408 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
409 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
410 if (EVP_CipherInit_ex(cipher_ctx, NULL, NULL, key, iv, 0) != 1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
411 warnx("failed to initialize cipher"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
412 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
413 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
414 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
415 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
416 BIO_push(bio_cipher, bio_in); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
417 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
418 /* decrypt data */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
419 while ((read_len = BIO_read(bio_cipher, buf, BUFFER_SIZE)) > 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
420 if ((write_len = BIO_write(bio_out, buf, read_len)) != |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
421 read_len) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
422 warnx("failed to write to to output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
423 if (write_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
424 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
425 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
426 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
427 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
428 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
429 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
430 if (read_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
431 warnx("failed to read from input file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
432 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
433 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
434 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
435 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
436 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
437 if (BIO_flush(bio_out) < 1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
438 warnx("failed to flush output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
439 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
440 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
441 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
442 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
443 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
444 if (BIO_get_cipher_status(bio_cipher) == 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
445 warnx("decryption failed"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
446 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
447 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
448 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
449 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
450 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
451 out: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
452 free(buf); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
453 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
454 if (bio_cipher != NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
455 BIO_pop(bio_cipher); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
456 BIO_free(bio_cipher); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
457 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
458 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
459 return (retval); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
460 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
461 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
462 static void |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
463 list_algorithms(void) |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
464 { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
465 printf("Algorithm Keysize: Min Max (bits)\n" |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
466 "------------------------------------------\n"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
467 printf("%-15s %5u %5u\n", "aes", 128, 256); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
468 printf("%-15s %5u %5u\n", "arcfour", 8, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
469 EVP_MAX_KEY_LENGTH * 8); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
470 printf("%-15s %5u %5u\n", "des", 64, 64); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
471 printf("%-15s %5u %5u\n", "3des", 192, 192); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
472 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
473 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
474 static void |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
475 usage(int cmd) |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
476 { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
477 if (cmd == CMD_SENCRYPT) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
478 fprintf(stderr, "usage: sencrypt -l | [-v] -a algorithm " |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
479 "[-k key_file] [-i input_file] [-o output_file]\n"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
480 } else if (cmd == CMD_SDECRYPT) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
481 fprintf(stderr, "usage: sdecrypt -l | [-v] -a algorithm " |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
482 "[-k key_file] [-i input_file] [-o output_file]\n"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
483 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
484 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
485 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
486 int |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
487 main(int argc, char *argv[]) |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
488 { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
489 char *progname; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
490 int cmd; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
491 int c; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
492 bool aflag = false; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
493 char *algo_name = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
494 bool is_algo_rc4 = false; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
495 bool iflag = false; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
496 char *in_filename = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
497 bool kflag = false; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
498 char *key_filename = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
499 bool lflag = false; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
500 bool oflag = false; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
501 char *out_filename = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
502 bool vflag = false; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
503 bool errflag = false; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
504 unsigned char key[EVP_MAX_KEY_LENGTH]; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
505 size_t key_len = 0; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
506 size_t key_file_len; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
507 const EVP_CIPHER *cipher; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
508 BIO *bio_in = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
509 uint32_t iterations = PBKDF2_ITERATIONS; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
510 unsigned char iv[EVP_MAX_IV_LENGTH]; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
511 unsigned char salt[SALT_LEN]; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
512 BIO *bio_out = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
513 int need_tmpfile = 0; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
514 FILE *fp_in; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
515 struct stat statbuf_in; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
516 struct stat statbuf_out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
517 int fd_tmp = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
518 FILE *fp_tmp = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
519 char *out_filename_tmp = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
520 char *out_dir = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
521 char *tmp_filename = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
522 int len; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
523 mode_t old_mode; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
524 char pwdata[MAX(MAX_PASSWORD_LEN, EVP_MAX_KEY_LENGTH)]; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
525 size_t pwdata_len = 0; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
526 int status = EXIT_SUCCESS; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
527 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
528 /* initialize OpenSSL */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
529 OpenSSL_add_all_algorithms(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
530 ERR_load_crypto_strings(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
531 OPENSSL_config(NULL); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
532 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
533 progname = strrchr(argv[0], '/'); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
534 progname = (progname != NULL) ? progname + 1 : argv[0]; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
535 if ((strcmp(progname, "sencrypt") == 0) || |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
536 (strcmp(progname, "encrypt") == 0)) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
537 cmd = CMD_SENCRYPT; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
538 } else if ((strcmp(progname, "sdecrypt") == 0) || |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
539 (strcmp(progname, "decrypt") == 0)) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
540 cmd = CMD_SDECRYPT; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
541 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
542 fprintf(stderr, "invalid command name"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
543 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
544 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
545 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
546 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
547 while (!errflag && (c = getopt(argc, argv, "a:i:k:lo:v")) != -1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
548 switch (c) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
549 case 'a': |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
550 aflag = true; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
551 algo_name = optarg; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
552 is_algo_rc4 = (strcmp(algo_name, "arcfour") == 0); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
553 break; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
554 case 'i': |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
555 iflag = true; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
556 in_filename = optarg; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
557 break; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
558 case 'k': |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
559 kflag = true; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
560 key_filename = optarg; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
561 break; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
562 case 'l': |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
563 lflag = true; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
564 break; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
565 case 'o': |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
566 oflag = true; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
567 out_filename = optarg; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
568 break; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
569 case 'v': |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
570 vflag = true; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
571 break; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
572 default: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
573 errflag = true; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
574 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
575 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
576 if (errflag || (!lflag && !aflag) || (lflag && aflag) || |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
577 (argc > optind)) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
578 usage(cmd); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
579 status = EXIT_USAGE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
580 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
581 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
582 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
583 if (lflag) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
584 list_algorithms(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
585 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
586 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
587 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
588 if (kflag) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
589 key_file_len = read_keyfile(key_filename, key, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
590 (off_t)sizeof (key)); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
591 if (key_file_len < 1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
592 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
593 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
594 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
595 key_len = key_file_len; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
596 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
597 if (EVP_read_pw_string(pwdata, sizeof (pwdata), "Enter key:", |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
598 (cmd == CMD_SENCRYPT) ? 1 : 0) != 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
599 warnx("could not read passphrase"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
600 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
601 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
602 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
603 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
604 pwdata_len = strlen(pwdata); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
605 if (pwdata_len < 1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
606 warnx("invalid passphrase"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
607 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
608 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
609 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
610 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
611 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
612 /* the cipher is determined based on name and length of the key file */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
613 if (find_algorithm(algo_name, &cipher, &key_len) == -1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
614 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
615 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
616 } |
10
8e9dd5328b5a
Print a warning message when using an insecure algorithm
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
9
diff
changeset
|
617 if ((cmd == CMD_SENCRYPT) && ((cipher != EVP_aes_128_cbc()) && |
8e9dd5328b5a
Print a warning message when using an insecure algorithm
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
9
diff
changeset
|
618 (cipher != EVP_aes_192_cbc()) && (cipher != EVP_aes_256_cbc()))) { |
8e9dd5328b5a
Print a warning message when using an insecure algorithm
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
9
diff
changeset
|
619 fprintf(stderr, "warning: the %s algorithm is no longer " |
8e9dd5328b5a
Print a warning message when using an insecure algorithm
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
9
diff
changeset
|
620 "considered secure", algo_name); |
8e9dd5328b5a
Print a warning message when using an insecure algorithm
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
9
diff
changeset
|
621 } |
0
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
622 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
623 if (iflag) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
624 bio_in = BIO_new_file(in_filename, "r"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
625 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
626 bio_in = BIO_new_fp(stdin, BIO_NOCLOSE); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
627 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
628 if (bio_in == NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
629 warnx("could not open input file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
630 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
631 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
632 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
633 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
634 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
635 if (cmd == CMD_SENCRYPT) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
636 /* generate random salt and IV */ |
3
f230c550e261
Correct check for errors from RAND_bytes()
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
0
diff
changeset
|
637 if ((RAND_bytes(salt, sizeof (salt)) != 1) || |
f230c550e261
Correct check for errors from RAND_bytes()
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
0
diff
changeset
|
638 (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) != 1)) { |
0
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
639 /* not enough entropy or unknown error */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
640 warnx("failed to generate random data"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
641 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
642 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
643 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
644 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
645 read_header(bio_in, &iterations, iv, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
646 EVP_CIPHER_iv_length(cipher), salt, (int)sizeof (salt)); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
647 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
648 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
649 /* |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
650 * if no keyfile was given or the RC4 cipher is used, derive the key |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
651 * from the password and salt |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
652 */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
653 if (kflag && is_algo_rc4) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
654 memcpy(pwdata, key, key_file_len); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
655 pwdata_len = key_file_len; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
656 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
657 if (!kflag || is_algo_rc4) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
658 if (PKCS5_PBKDF2_HMAC_SHA1(pwdata, (int)pwdata_len, salt, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
659 sizeof (salt), (int)iterations, (int)key_len, key) == 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
660 warnx("failed to generate key"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
661 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
662 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
663 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
664 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
665 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
666 if (oflag) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
667 /* |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
668 * if input and output files are identical, create and write the |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
669 * output to a temporary file for the output which is then |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
670 * renamed to out_filename |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
671 */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
672 if (iflag) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
673 BIO_get_fp(bio_in, &fp_in); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
674 if (fstat(fileno(fp_in), &statbuf_in) == -1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
675 warn("could not stat input file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
676 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
677 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
678 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
679 if (stat(out_filename, &statbuf_out) == -1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
680 if (errno != ENOENT) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
681 warn("could not stat output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
682 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
683 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
684 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
685 } else if ((statbuf_in.st_ino == statbuf_out.st_ino) && |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
686 (statbuf_in.st_dev == statbuf_out.st_dev)) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
687 need_tmpfile = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
688 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
689 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
690 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
691 if (need_tmpfile) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
692 out_filename_tmp = strdup(out_filename); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
693 if (out_filename_tmp == NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
694 warn(NULL); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
695 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
696 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
697 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
698 out_dir = dirname(out_filename_tmp); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
699 len = snprintf(NULL, 0, "%s/sencryptXXXXXX", out_dir); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
700 if (len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
701 warn(NULL); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
702 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
703 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
704 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
705 tmp_filename = malloc((size_t)len + 1); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
706 if (tmp_filename == NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
707 warn(NULL); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
708 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
709 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
710 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
711 if (snprintf(tmp_filename, (size_t)len + 1, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
712 "%s/sencryptXXXXXX", out_dir) != len) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
713 warn(NULL); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
714 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
715 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
716 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
717 old_mode = umask(077); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
718 fd_tmp = mkstemp(tmp_filename); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
719 umask(old_mode); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
720 if (fd_tmp == -1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
721 warn("could not create temporary file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
722 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
723 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
724 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
725 fp_tmp = fdopen(fd_tmp, "w"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
726 if (fp_tmp == NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
727 warn("could not open temporary file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
728 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
729 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
730 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
731 fd_tmp = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
732 bio_out = BIO_new_fp(fp_tmp, BIO_CLOSE); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
733 if (bio_out == NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
734 warnx("could not open temporary file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
735 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
736 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
737 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
738 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
739 fp_tmp = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
740 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
741 old_mode = umask(077); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
742 bio_out = BIO_new_file(out_filename, "w"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
743 umask(old_mode); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
744 if (bio_out == NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
745 warnx("could not open output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
746 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
747 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
748 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
749 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
750 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
751 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
752 bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
753 if (bio_out == NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
754 warnx("could not open output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
755 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
756 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
757 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
758 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
759 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
760 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
761 if (cmd == CMD_SENCRYPT) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
762 if (sencrypt(cipher, bio_in, bio_out, key, key_len, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
763 iv, salt) == -1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
764 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
765 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
766 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
767 if (sdecrypt(cipher, bio_in, bio_out, key, key_len, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
768 iv) == -1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
769 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
770 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
771 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
772 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
773 out: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
774 OPENSSL_cleanse(pwdata, pwdata_len); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
775 OPENSSL_cleanse(key, key_len); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
776 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
777 if (fd_tmp != -1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
778 close(fd_tmp); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
779 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
780 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
781 if (fp_tmp != NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
782 fclose(fp_tmp); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
783 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
784 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
785 if (bio_in != NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
786 BIO_free_all(bio_in); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
787 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
788 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
789 if (bio_out != NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
790 BIO_free_all(bio_out); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
791 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
792 if (status == 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
793 if (need_tmpfile) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
794 if (rename(tmp_filename, out_filename) == -1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
795 warn("could not create output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
796 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
797 unlink(tmp_filename); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
798 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
799 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
800 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
801 if (need_tmpfile) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
802 unlink(tmp_filename); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
803 } else if (oflag) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
804 unlink(out_filename); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
805 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
806 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
807 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
808 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
809 free(out_filename_tmp); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
810 free(tmp_filename); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
811 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
812 EVP_cleanup(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
813 ERR_free_strings(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
814 CONF_modules_free(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
815 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
816 exit(status); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
817 } |