Mercurial > projects > sencrypt
annotate sencrypt.c @ 3:f230c550e261
Correct check for errors from RAND_bytes()
author | Guido Berhoerster <guido+sencrypt@berhoerster.name> |
---|---|
date | Thu, 10 Apr 2014 00:05:56 +0200 |
parents | 73af139d1a94 |
children | abb770754967 |
rev | line source |
---|---|
0
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
1 /* |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
2 * Copyright (C) 2011 Guido Berhoerster <guido+sencrypt@berhoerster.name> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
3 * |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
4 * Permission is hereby granted, free of charge, to any person obtaining |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
5 * a copy of this software and associated documentation files (the |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
6 * "Software"), to deal in the Software without restriction, including |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
7 * without limitation the rights to use, copy, modify, merge, publish, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
8 * distribute, sublicense, and/or sell copies of the Software, and to |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
9 * permit persons to whom the Software is furnished to do so, subject to |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
10 * the following conditions: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
11 * |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
12 * The above copyright notice and this permission notice shall be included |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
13 * in all copies or substantial portions of the Software. |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
14 * |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
18 * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
19 * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
20 * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
21 * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
22 */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
23 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
24 #define _XOPEN_SOURCE 600 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
25 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
26 #include <stdio.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
27 #include <string.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
28 #include <stdint.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
29 #include <stdbool.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
30 #include <unistd.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
31 #include <limits.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
32 #include <libgen.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
33 #include <arpa/inet.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
34 #include <sys/stat.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
35 #include <openssl/conf.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
36 #include <openssl/rand.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
37 #include <openssl/evp.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
38 #include <openssl/err.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
39 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
40 #ifdef HAVE_ERR_H |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
41 #include <err.h> |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
42 #else |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
43 #include "err.h" |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
44 #endif /* HAVE_ERR_H */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
45 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
46 #define MAX(a, b) (((a) > (b)) ? (a) : (b)) |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
47 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
48 #define EXIT_USAGE 2 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
49 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
50 #define SENCRYPT_FORMAT_VERSION 1 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
51 #define PBKDF2_ITERATIONS 1000 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
52 #define SALT_LEN 16 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
53 #define BUFFER_SIZE (16 * 1024) |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
54 #define MAX_PASSWORD_LEN 256 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
55 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
56 enum { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
57 CMD_SENCRYPT, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
58 CMD_SDECRYPT |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
59 }; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
60 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
61 static void |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
62 openssl_warn(void) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
63 unsigned long errcode; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
64 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
65 while ((errcode = ERR_get_error()) != 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
66 warnx("%s", ERR_error_string(errcode, NULL)); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
67 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
68 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
69 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
70 static size_t |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
71 read_keyfile(const char *filename, unsigned char *key, size_t key_size_max) |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
72 { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
73 size_t keyfile_size = 0; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
74 FILE *fp = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
75 struct stat statbuf; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
76 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
77 fp = fopen(filename, "r"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
78 if (fp == NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
79 warn("could not open key file \"%s\"", filename); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
80 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
81 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
82 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
83 if (fstat(fileno(fp), &statbuf) == -1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
84 warn("could not stat key file \"%s\"", filename); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
85 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
86 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
87 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
88 if (!S_ISREG(statbuf.st_mode)) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
89 warnx("key file \"%s\" is not a regular file", filename); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
90 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
91 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
92 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
93 if ((uintmax_t)statbuf.st_size > SIZE_MAX) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
94 warnx("key file \"%s\" is too large", filename); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
95 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
96 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
97 keyfile_size = (size_t)statbuf.st_size; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
98 if ((keyfile_size > key_size_max) || |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
99 (keyfile_size == 0)) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
100 warnx("invalid key size"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
101 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
102 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
103 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
104 if (fread(key, 1, keyfile_size, fp) != keyfile_size) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
105 warnx("could not read key file \"%s\"", filename); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
106 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
107 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
108 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
109 out: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
110 if (fp != NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
111 fclose(fp); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
112 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
113 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
114 return (keyfile_size); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
115 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
116 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
117 static int |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
118 find_algorithm(const char *algo_name, const EVP_CIPHER **cipher_ptr, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
119 size_t *key_len_ptr) |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
120 { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
121 int retval = 0; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
122 const EVP_CIPHER *cipher = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
123 size_t key_len = *key_len_ptr; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
124 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
125 if (strcmp(algo_name, "aes") == 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
126 switch (key_len) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
127 case 0: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
128 key_len = 16; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
129 case 16: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
130 cipher = EVP_aes_128_cbc(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
131 break; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
132 case 24: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
133 cipher = EVP_aes_192_cbc(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
134 break; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
135 case 32: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
136 cipher = EVP_aes_256_cbc(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
137 break; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
138 default: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
139 warnx("invalid key length %zu", key_len); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
140 retval = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
141 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
142 } else if (strcmp(algo_name, "arcfour") == 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
143 if (key_len == 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
144 key_len = 16; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
145 cipher = EVP_rc4(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
146 } else if (key_len <= EVP_MAX_KEY_LENGTH) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
147 /* |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
148 * for RC4 keys are not used verbatim but dervied using |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
149 * PBKDF2 with a hardcoded key length of 128 bit |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
150 */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
151 key_len = 16; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
152 cipher = EVP_rc4(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
153 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
154 warnx("invalid key length %zu", key_len); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
155 retval = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
156 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
157 } else if (strcmp(algo_name, "des") == 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
158 if (key_len == 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
159 key_len = 8; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
160 cipher = EVP_des_cbc(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
161 } else if (key_len == 8) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
162 cipher = EVP_des_cbc(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
163 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
164 warnx("invalid key length %zu", key_len); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
165 retval = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
166 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
167 } else if (strcmp(algo_name, "3des") == 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
168 if (key_len == 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
169 key_len = 24; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
170 cipher = EVP_des_ede3_cbc(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
171 } else if (key_len == 24) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
172 cipher = EVP_des_ede3_cbc(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
173 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
174 warnx("invalid key length %zu", key_len); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
175 retval = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
176 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
177 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
178 warnx("unknown algorithm \"%s\"", algo_name); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
179 retval = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
180 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
181 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
182 *cipher_ptr = cipher; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
183 *key_len_ptr = key_len; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
184 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
185 return (retval); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
186 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
187 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
188 static int |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
189 read_header(BIO *bio_in, uint32_t *iterations, unsigned char *iv, int iv_len, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
190 unsigned char *salt, int salt_len) |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
191 { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
192 int read_len; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
193 uint32_t version; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
194 int retval = 0; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
195 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
196 read_len = BIO_read(bio_in, &version, sizeof (version)); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
197 if (read_len != sizeof (version)) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
198 warnx("failed to read version from input file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
199 if (read_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
200 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
201 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
202 retval = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
203 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
204 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
205 version = htonl(version); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
206 if (version != SENCRYPT_FORMAT_VERSION) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
207 warnx("unknown format version %d", version); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
208 retval = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
209 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
210 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
211 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
212 read_len = BIO_read(bio_in, iterations, sizeof (*iterations)); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
213 if (read_len != sizeof (*iterations)) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
214 warnx("failed to read iterations from input file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
215 if (read_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
216 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
217 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
218 retval = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
219 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
220 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
221 *iterations = htonl(*iterations); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
222 if ((*iterations == 0) || ((sizeof (int) <= sizeof (uint32_t)) && |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
223 (*iterations > INT_MAX))) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
224 warnx("invalid number of iterations"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
225 retval = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
226 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
227 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
228 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
229 if (iv_len > 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
230 read_len = BIO_read(bio_in, iv, iv_len); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
231 if (read_len != iv_len) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
232 warnx("failed to read IV from input file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
233 if (read_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
234 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
235 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
236 retval = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
237 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
238 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
239 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
240 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
241 read_len = BIO_read(bio_in, salt, salt_len); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
242 if (read_len != salt_len) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
243 warnx("failed to read salt from input file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
244 if (read_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
245 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
246 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
247 retval = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
248 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
249 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
250 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
251 out: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
252 return (retval); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
253 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
254 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
255 static int |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
256 sencrypt(const EVP_CIPHER *cipher, BIO *bio_in, BIO *bio_out, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
257 const unsigned char *key, size_t key_len, const unsigned char *iv, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
258 const unsigned char *salt) |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
259 { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
260 int retval = 0; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
261 uint32_t version; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
262 uint32_t iterations; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
263 int iv_len; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
264 int write_len; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
265 int read_len; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
266 BIO *bio_cipher = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
267 char *buf = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
268 EVP_CIPHER_CTX *cipher_ctx; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
269 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
270 /* set up cipher filter */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
271 bio_cipher = BIO_new(BIO_f_cipher()); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
272 BIO_set_cipher(bio_cipher, cipher, NULL, NULL, 1); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
273 BIO_get_cipher_ctx(bio_cipher, &cipher_ctx); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
274 if (EVP_CIPHER_CTX_set_key_length(cipher_ctx, (int)key_len) != 1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
275 warnx("failed to set key length"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
276 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
277 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
278 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
279 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
280 if (EVP_CipherInit_ex(cipher_ctx, NULL, NULL, key, iv, 1) != 1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
281 warnx("failed to initialize cipher"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
282 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
283 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
284 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
285 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
286 BIO_push(bio_cipher, bio_out); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
287 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
288 /* write header */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
289 version = htonl(SENCRYPT_FORMAT_VERSION); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
290 write_len = BIO_write(bio_out, &version, sizeof (version)); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
291 if (write_len != sizeof (version)) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
292 warnx("failed to write version to output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
293 if (write_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
294 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
295 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
296 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
297 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
298 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
299 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
300 iterations = htonl(PBKDF2_ITERATIONS); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
301 write_len = BIO_write(bio_out, &iterations, sizeof (iterations)); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
302 if (write_len != sizeof (iterations)) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
303 warnx("failed to write iterations to output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
304 if (write_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
305 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
306 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
307 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
308 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
309 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
310 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
311 iv_len = EVP_CIPHER_iv_length(cipher); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
312 if (iv_len > 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
313 write_len = BIO_write(bio_out, iv, iv_len); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
314 if (write_len != iv_len) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
315 warnx("failed to write IV to output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
316 if (write_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
317 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
318 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
319 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
320 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
321 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
322 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
323 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
324 write_len = BIO_write(bio_out, salt, SALT_LEN); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
325 if (write_len != SALT_LEN) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
326 warnx("failed to write salt to output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
327 if (write_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
328 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
329 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
330 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
331 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
332 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
333 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
334 if (BIO_flush(bio_out) < 1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
335 warnx("failed to flush output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
336 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
337 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
338 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
339 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
340 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
341 buf = malloc(BUFFER_SIZE); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
342 if (buf == NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
343 warn(NULL); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
344 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
345 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
346 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
347 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
348 /* encrypt data */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
349 while ((read_len = BIO_read(bio_in, buf, BUFFER_SIZE)) > 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
350 if ((write_len = BIO_write(bio_cipher, buf, read_len)) != |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
351 read_len) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
352 warnx("failed to write to output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
353 if (write_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
354 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
355 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
356 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
357 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
358 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
359 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
360 if (read_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
361 warnx("failed to read from input file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
362 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
363 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
364 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
365 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
366 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
367 if (BIO_flush(bio_cipher) < 1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
368 warnx("failed to flush output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
369 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
370 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
371 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
372 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
373 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
374 out: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
375 free(buf); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
376 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
377 if (bio_cipher != NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
378 BIO_pop(bio_cipher); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
379 BIO_free(bio_cipher); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
380 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
381 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
382 return (retval); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
383 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
384 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
385 static int |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
386 sdecrypt(const EVP_CIPHER *cipher, BIO *bio_in, BIO *bio_out, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
387 const unsigned char *key, size_t key_len, const unsigned char *iv) |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
388 { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
389 int read_len; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
390 BIO *bio_cipher = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
391 int write_len; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
392 char *buf = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
393 EVP_CIPHER_CTX *cipher_ctx; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
394 int retval = 0; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
395 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
396 buf = malloc(BUFFER_SIZE); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
397 if (buf == NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
398 warn(NULL); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
399 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
400 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
401 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
402 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
403 /* set up cipher filter */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
404 bio_cipher = BIO_new(BIO_f_cipher()); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
405 BIO_set_cipher(bio_cipher, cipher, NULL, NULL, 0); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
406 BIO_get_cipher_ctx(bio_cipher, &cipher_ctx); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
407 if (EVP_CIPHER_CTX_set_key_length(cipher_ctx, (int)key_len) != 1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
408 warnx("failed to set key length"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
409 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
410 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
411 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
412 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
413 if (EVP_CipherInit_ex(cipher_ctx, NULL, NULL, key, iv, 0) != 1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
414 warnx("failed to initialize cipher"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
415 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
416 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
417 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
418 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
419 BIO_push(bio_cipher, bio_in); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
420 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
421 /* decrypt data */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
422 while ((read_len = BIO_read(bio_cipher, buf, BUFFER_SIZE)) > 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
423 if ((write_len = BIO_write(bio_out, buf, read_len)) != |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
424 read_len) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
425 warnx("failed to write to to output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
426 if (write_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
427 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
428 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
429 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
430 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
431 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
432 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
433 if (read_len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
434 warnx("failed to read from input file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
435 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
436 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
437 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
438 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
439 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
440 if (BIO_flush(bio_out) < 1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
441 warnx("failed to flush output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
442 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
443 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
444 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
445 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
446 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
447 if (BIO_get_cipher_status(bio_cipher) == 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
448 warnx("decryption failed"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
449 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
450 retval = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
451 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
452 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
453 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
454 out: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
455 free(buf); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
456 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
457 if (bio_cipher != NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
458 BIO_pop(bio_cipher); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
459 BIO_free(bio_cipher); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
460 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
461 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
462 return (retval); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
463 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
464 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
465 static void |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
466 list_algorithms(void) |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
467 { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
468 printf("Algorithm Keysize: Min Max (bits)\n" |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
469 "------------------------------------------\n"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
470 printf("%-15s %5u %5u\n", "aes", 128, 256); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
471 printf("%-15s %5u %5u\n", "arcfour", 8, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
472 EVP_MAX_KEY_LENGTH * 8); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
473 printf("%-15s %5u %5u\n", "des", 64, 64); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
474 printf("%-15s %5u %5u\n", "3des", 192, 192); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
475 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
476 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
477 static void |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
478 usage(int cmd) |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
479 { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
480 if (cmd == CMD_SENCRYPT) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
481 fprintf(stderr, "usage: sencrypt -l | [-v] -a algorithm " |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
482 "[-k key_file] [-i input_file] [-o output_file]\n"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
483 } else if (cmd == CMD_SDECRYPT) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
484 fprintf(stderr, "usage: sdecrypt -l | [-v] -a algorithm " |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
485 "[-k key_file] [-i input_file] [-o output_file]\n"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
486 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
487 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
488 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
489 int |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
490 main(int argc, char *argv[]) |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
491 { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
492 char *progname; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
493 int cmd; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
494 int c; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
495 bool aflag = false; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
496 char *algo_name = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
497 bool is_algo_rc4 = false; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
498 bool iflag = false; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
499 char *in_filename = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
500 bool kflag = false; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
501 char *key_filename = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
502 bool lflag = false; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
503 bool oflag = false; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
504 char *out_filename = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
505 bool vflag = false; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
506 bool errflag = false; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
507 unsigned char key[EVP_MAX_KEY_LENGTH]; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
508 size_t key_len = 0; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
509 size_t key_file_len; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
510 const EVP_CIPHER *cipher; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
511 BIO *bio_in = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
512 uint32_t iterations = PBKDF2_ITERATIONS; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
513 unsigned char iv[EVP_MAX_IV_LENGTH]; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
514 unsigned char salt[SALT_LEN]; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
515 BIO *bio_out = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
516 int need_tmpfile = 0; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
517 FILE *fp_in; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
518 struct stat statbuf_in; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
519 struct stat statbuf_out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
520 int fd_tmp = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
521 FILE *fp_tmp = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
522 char *out_filename_tmp = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
523 char *out_dir = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
524 char *tmp_filename = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
525 int len; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
526 mode_t old_mode; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
527 char pwdata[MAX(MAX_PASSWORD_LEN, EVP_MAX_KEY_LENGTH)]; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
528 size_t pwdata_len = 0; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
529 int status = EXIT_SUCCESS; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
530 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
531 /* initialize OpenSSL */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
532 OpenSSL_add_all_algorithms(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
533 ERR_load_crypto_strings(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
534 OPENSSL_config(NULL); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
535 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
536 progname = strrchr(argv[0], '/'); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
537 progname = (progname != NULL) ? progname + 1 : argv[0]; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
538 if ((strcmp(progname, "sencrypt") == 0) || |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
539 (strcmp(progname, "encrypt") == 0)) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
540 cmd = CMD_SENCRYPT; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
541 } else if ((strcmp(progname, "sdecrypt") == 0) || |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
542 (strcmp(progname, "decrypt") == 0)) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
543 cmd = CMD_SDECRYPT; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
544 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
545 fprintf(stderr, "invalid command name"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
546 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
547 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
548 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
549 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
550 while (!errflag && (c = getopt(argc, argv, "a:i:k:lo:v")) != -1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
551 switch (c) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
552 case 'a': |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
553 aflag = true; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
554 algo_name = optarg; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
555 is_algo_rc4 = (strcmp(algo_name, "arcfour") == 0); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
556 break; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
557 case 'i': |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
558 iflag = true; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
559 in_filename = optarg; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
560 break; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
561 case 'k': |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
562 kflag = true; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
563 key_filename = optarg; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
564 break; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
565 case 'l': |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
566 lflag = true; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
567 break; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
568 case 'o': |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
569 oflag = true; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
570 out_filename = optarg; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
571 break; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
572 case 'v': |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
573 vflag = true; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
574 break; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
575 default: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
576 errflag = true; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
577 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
578 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
579 if (errflag || (!lflag && !aflag) || (lflag && aflag) || |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
580 (argc > optind)) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
581 usage(cmd); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
582 status = EXIT_USAGE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
583 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
584 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
585 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
586 if (lflag) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
587 list_algorithms(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
588 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
589 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
590 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
591 if (kflag) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
592 key_file_len = read_keyfile(key_filename, key, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
593 (off_t)sizeof (key)); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
594 if (key_file_len < 1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
595 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
596 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
597 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
598 key_len = key_file_len; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
599 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
600 if (EVP_read_pw_string(pwdata, sizeof (pwdata), "Enter key:", |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
601 (cmd == CMD_SENCRYPT) ? 1 : 0) != 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
602 warnx("could not read passphrase"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
603 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
604 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
605 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
606 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
607 pwdata_len = strlen(pwdata); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
608 if (pwdata_len < 1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
609 warnx("invalid passphrase"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
610 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
611 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
612 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
613 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
614 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
615 /* the cipher is determined based on name and length of the key file */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
616 if (find_algorithm(algo_name, &cipher, &key_len) == -1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
617 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
618 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
619 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
620 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
621 if (iflag) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
622 bio_in = BIO_new_file(in_filename, "r"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
623 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
624 bio_in = BIO_new_fp(stdin, BIO_NOCLOSE); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
625 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
626 if (bio_in == NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
627 warnx("could not open input file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
628 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
629 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
630 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
631 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
632 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
633 if (cmd == CMD_SENCRYPT) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
634 /* generate random salt and IV */ |
3
f230c550e261
Correct check for errors from RAND_bytes()
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
0
diff
changeset
|
635 if ((RAND_bytes(salt, sizeof (salt)) != 1) || |
f230c550e261
Correct check for errors from RAND_bytes()
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
0
diff
changeset
|
636 (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) != 1)) { |
0
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
637 /* not enough entropy or unknown error */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
638 warnx("failed to generate random data"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
639 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
640 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
641 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
642 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
643 read_header(bio_in, &iterations, iv, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
644 EVP_CIPHER_iv_length(cipher), salt, (int)sizeof (salt)); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
645 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
646 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
647 /* |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
648 * if no keyfile was given or the RC4 cipher is used, derive the key |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
649 * from the password and salt |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
650 */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
651 if (kflag && is_algo_rc4) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
652 memcpy(pwdata, key, key_file_len); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
653 pwdata_len = key_file_len; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
654 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
655 if (!kflag || is_algo_rc4) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
656 if (PKCS5_PBKDF2_HMAC_SHA1(pwdata, (int)pwdata_len, salt, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
657 sizeof (salt), (int)iterations, (int)key_len, key) == 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
658 warnx("failed to generate key"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
659 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
660 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
661 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
662 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
663 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
664 if (oflag) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
665 /* |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
666 * if input and output files are identical, create and write the |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
667 * output to a temporary file for the output which is then |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
668 * renamed to out_filename |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
669 */ |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
670 if (iflag) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
671 BIO_get_fp(bio_in, &fp_in); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
672 if (fstat(fileno(fp_in), &statbuf_in) == -1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
673 warn("could not stat input file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
674 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
675 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
676 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
677 if (stat(out_filename, &statbuf_out) == -1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
678 if (errno != ENOENT) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
679 warn("could not stat output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
680 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
681 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
682 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
683 } else if ((statbuf_in.st_ino == statbuf_out.st_ino) && |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
684 (statbuf_in.st_dev == statbuf_out.st_dev)) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
685 need_tmpfile = 1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
686 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
687 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
688 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
689 if (need_tmpfile) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
690 out_filename_tmp = strdup(out_filename); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
691 if (out_filename_tmp == NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
692 warn(NULL); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
693 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
694 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
695 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
696 out_dir = dirname(out_filename_tmp); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
697 len = snprintf(NULL, 0, "%s/sencryptXXXXXX", out_dir); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
698 if (len < 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
699 warn(NULL); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
700 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
701 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
702 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
703 tmp_filename = malloc((size_t)len + 1); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
704 if (tmp_filename == NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
705 warn(NULL); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
706 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
707 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
708 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
709 if (snprintf(tmp_filename, (size_t)len + 1, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
710 "%s/sencryptXXXXXX", out_dir) != len) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
711 warn(NULL); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
712 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
713 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
714 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
715 old_mode = umask(077); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
716 fd_tmp = mkstemp(tmp_filename); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
717 umask(old_mode); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
718 if (fd_tmp == -1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
719 warn("could not create temporary file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
720 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
721 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
722 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
723 fp_tmp = fdopen(fd_tmp, "w"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
724 if (fp_tmp == NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
725 warn("could not open temporary file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
726 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
727 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
728 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
729 fd_tmp = -1; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
730 bio_out = BIO_new_fp(fp_tmp, BIO_CLOSE); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
731 if (bio_out == NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
732 warnx("could not open temporary file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
733 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
734 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
735 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
736 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
737 fp_tmp = NULL; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
738 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
739 old_mode = umask(077); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
740 bio_out = BIO_new_file(out_filename, "w"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
741 umask(old_mode); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
742 if (bio_out == NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
743 warnx("could not open output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
744 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
745 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
746 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
747 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
748 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
749 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
750 bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
751 if (bio_out == NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
752 warnx("could not open output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
753 openssl_warn(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
754 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
755 goto out; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
756 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
757 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
758 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
759 if (cmd == CMD_SENCRYPT) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
760 if (sencrypt(cipher, bio_in, bio_out, key, key_len, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
761 iv, salt) == -1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
762 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
763 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
764 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
765 if (sdecrypt(cipher, bio_in, bio_out, key, key_len, |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
766 iv) == -1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
767 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
768 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
769 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
770 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
771 out: |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
772 OPENSSL_cleanse(pwdata, pwdata_len); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
773 OPENSSL_cleanse(key, key_len); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
774 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
775 if (fd_tmp != -1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
776 close(fd_tmp); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
777 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
778 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
779 if (fp_tmp != NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
780 fclose(fp_tmp); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
781 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
782 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
783 if (bio_in != NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
784 BIO_free_all(bio_in); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
785 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
786 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
787 if (bio_out != NULL) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
788 BIO_free_all(bio_out); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
789 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
790 if (status == 0) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
791 if (need_tmpfile) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
792 if (rename(tmp_filename, out_filename) == -1) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
793 warn("could not create output file"); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
794 status = EXIT_FAILURE; |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
795 unlink(tmp_filename); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
796 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
797 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
798 } else { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
799 if (need_tmpfile) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
800 unlink(tmp_filename); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
801 } else if (oflag) { |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
802 unlink(out_filename); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
803 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
804 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
805 } |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
806 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
807 free(out_filename_tmp); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
808 free(tmp_filename); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
809 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
810 EVP_cleanup(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
811 ERR_free_strings(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
812 CONF_modules_free(); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
813 |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
814 exit(status); |
73af139d1a94
Initial revision
Guido Berhoerster <guido+sencrypt@berhoerster.name>
parents:
diff
changeset
|
815 } |