projects/sencrypt

view sencrypt.c @ 21:5f9dc8f3c53e

Release version 3
author Guido Berhoerster <guido+sencrypt@berhoerster.name>
date Mon Aug 05 11:19:02 2019 +0200 (2019-08-05)
parents 07f525330bc7
children
line source
1 /*
2 * Copyright (C) 2016 Guido Berhoerster <guido+sencrypt@berhoerster.name>
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be included
13 * in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
18 * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
19 * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
20 * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
21 * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
22 */
24 #include <stdio.h>
25 #include <string.h>
26 #include <stdint.h>
27 #include <stdbool.h>
28 #include <unistd.h>
29 #include <limits.h>
30 #include <libgen.h>
31 #include <arpa/inet.h>
32 #include <sys/stat.h>
33 #include <openssl/conf.h>
34 #include <openssl/rand.h>
35 #include <openssl/evp.h>
36 #include <openssl/err.h>
38 #ifdef HAVE_ERR_H
39 #include <err.h>
40 #endif /* HAVE_ERR_H */
41 #include "compat.h"
43 #define MAX(a, b) (((a) > (b)) ? (a) : (b))
45 #define EXIT_USAGE 2
47 #define SENCRYPT_FORMAT_VERSION 1
48 #define PBKDF2_ITERATIONS 500000
49 #define SALT_LEN 16
50 #define BUFFER_SIZE (16 * 1024)
51 #define MAX_PASSWORD_LEN 256
53 enum {
54 CMD_SENCRYPT,
55 CMD_SDECRYPT
56 };
58 static void
59 openssl_warn(void) {
60 unsigned long errcode;
62 while ((errcode = ERR_get_error()) != 0) {
63 warnx("%s", ERR_error_string(errcode, NULL));
64 }
65 }
67 static size_t
68 read_keyfile(const char *filename, unsigned char *key, size_t key_size_max)
69 {
70 size_t keyfile_size = 0;
71 FILE *fp = NULL;
73 fp = fopen(filename, "r");
74 if (fp == NULL) {
75 warn("could not open key file \"%s\"", filename);
76 goto out;
77 }
79 keyfile_size = fread(key, 1, key_size_max, fp);
80 if (ferror(fp)) {
81 warn("failed to read key file \"%s\"", filename);
82 goto out;
83 } else if (!feof(fp) || (keyfile_size < 1)) {
84 warnx("invalid key size");
85 goto out;
86 }
88 out:
89 if (fp != NULL) {
90 fclose(fp);
91 }
93 return (keyfile_size);
94 }
96 static int
97 find_algorithm(const char *algo_name, const EVP_CIPHER **cipher_ptr,
98 size_t *key_len_ptr)
99 {
100 int retval = 0;
101 const EVP_CIPHER *cipher = NULL;
102 size_t key_len = *key_len_ptr;
104 if (strcmp(algo_name, "aes") == 0) {
105 switch (key_len) {
106 case 0:
107 key_len = 16;
108 /* FALLTHROUGH */
109 case 16:
110 cipher = EVP_aes_128_cbc();
111 break;
112 case 24:
113 cipher = EVP_aes_192_cbc();
114 break;
115 case 32:
116 cipher = EVP_aes_256_cbc();
117 break;
118 default:
119 warnx("invalid key length %zu", key_len);
120 retval = -1;
121 }
122 } else if (strcmp(algo_name, "arcfour") == 0) {
123 if (key_len == 0) {
124 key_len = 16;
125 cipher = EVP_rc4();
126 } else if (key_len <= EVP_MAX_KEY_LENGTH) {
127 /*
128 * for RC4 keys are not used verbatim but dervied using
129 * PBKDF2 with a hardcoded key length of 128 bit
130 */
131 key_len = 16;
132 cipher = EVP_rc4();
133 } else {
134 warnx("invalid key length %zu", key_len);
135 retval = -1;
136 }
137 } else if (strcmp(algo_name, "des") == 0) {
138 if (key_len == 0) {
139 key_len = 8;
140 cipher = EVP_des_cbc();
141 } else if (key_len == 8) {
142 cipher = EVP_des_cbc();
143 } else {
144 warnx("invalid key length %zu", key_len);
145 retval = -1;
146 }
147 } else if (strcmp(algo_name, "3des") == 0) {
148 if (key_len == 0) {
149 key_len = 24;
150 cipher = EVP_des_ede3_cbc();
151 } else if (key_len == 24) {
152 cipher = EVP_des_ede3_cbc();
153 } else {
154 warnx("invalid key length %zu", key_len);
155 retval = -1;
156 }
157 } else {
158 warnx("unknown algorithm \"%s\"", algo_name);
159 retval = -1;
160 }
162 *cipher_ptr = cipher;
163 *key_len_ptr = key_len;
165 return (retval);
166 }
168 static int
169 read_header(BIO *bio_in, uint32_t *iterations, unsigned char *iv, int iv_len,
170 unsigned char *salt, int salt_len)
171 {
172 int read_len;
173 uint32_t version;
174 int retval = 0;
176 read_len = BIO_read(bio_in, &version, sizeof (version));
177 if (read_len != sizeof (version)) {
178 warnx("failed to read version from input file");
179 if (read_len < 0) {
180 openssl_warn();
181 }
182 retval = -1;
183 goto out;
184 }
185 version = htonl(version);
186 if (version != SENCRYPT_FORMAT_VERSION) {
187 warnx("unknown format version %d", version);
188 retval = -1;
189 goto out;
190 }
192 read_len = BIO_read(bio_in, iterations, sizeof (*iterations));
193 if (read_len != sizeof (*iterations)) {
194 warnx("failed to read iterations from input file");
195 if (read_len < 0) {
196 openssl_warn();
197 }
198 retval = -1;
199 goto out;
200 }
201 *iterations = htonl(*iterations);
202 if ((*iterations == 0) || ((sizeof (int) <= sizeof (uint32_t)) &&
203 (*iterations > INT_MAX))) {
204 warnx("invalid number of iterations");
205 retval = -1;
206 goto out;
207 }
209 if (iv_len > 0) {
210 read_len = BIO_read(bio_in, iv, iv_len);
211 if (read_len != iv_len) {
212 warnx("failed to read IV from input file");
213 if (read_len < 0) {
214 openssl_warn();
215 }
216 retval = -1;
217 goto out;
218 }
219 }
221 read_len = BIO_read(bio_in, salt, salt_len);
222 if (read_len != salt_len) {
223 warnx("failed to read salt from input file");
224 if (read_len < 0) {
225 openssl_warn();
226 }
227 retval = -1;
228 goto out;
229 }
231 out:
232 return (retval);
233 }
235 static int
236 sencrypt(const EVP_CIPHER *cipher, BIO *bio_in, BIO *bio_out,
237 const unsigned char *key, size_t key_len, const unsigned char *iv,
238 const unsigned char *salt)
239 {
240 int retval = 0;
241 uint32_t version;
242 uint32_t iterations;
243 int iv_len;
244 int write_len;
245 int read_len;
246 BIO *bio_cipher = NULL;
247 char *buf = NULL;
248 EVP_CIPHER_CTX *cipher_ctx;
250 /* set up cipher filter */
251 bio_cipher = BIO_new(BIO_f_cipher());
252 BIO_set_cipher(bio_cipher, cipher, NULL, NULL, 1);
253 BIO_get_cipher_ctx(bio_cipher, &cipher_ctx);
254 if (EVP_CIPHER_CTX_set_key_length(cipher_ctx, (int)key_len) != 1) {
255 warnx("failed to set key length");
256 openssl_warn();
257 retval = 1;
258 goto out;
259 }
260 if (EVP_CipherInit_ex(cipher_ctx, NULL, NULL, key, iv, 1) != 1) {
261 warnx("failed to initialize cipher");
262 openssl_warn();
263 retval = 1;
264 goto out;
265 }
266 BIO_push(bio_cipher, bio_out);
268 /* write header */
269 version = htonl(SENCRYPT_FORMAT_VERSION);
270 write_len = BIO_write(bio_out, &version, sizeof (version));
271 if (write_len != sizeof (version)) {
272 warnx("failed to write version to output file");
273 if (write_len < 0) {
274 openssl_warn();
275 }
276 retval = 1;
277 goto out;
278 }
280 iterations = htonl(PBKDF2_ITERATIONS);
281 write_len = BIO_write(bio_out, &iterations, sizeof (iterations));
282 if (write_len != sizeof (iterations)) {
283 warnx("failed to write iterations to output file");
284 if (write_len < 0) {
285 openssl_warn();
286 }
287 retval = 1;
288 goto out;
289 }
291 iv_len = EVP_CIPHER_iv_length(cipher);
292 if (iv_len > 0) {
293 write_len = BIO_write(bio_out, iv, iv_len);
294 if (write_len != iv_len) {
295 warnx("failed to write IV to output file");
296 if (write_len < 0) {
297 openssl_warn();
298 }
299 retval = 1;
300 goto out;
301 }
302 }
304 write_len = BIO_write(bio_out, salt, SALT_LEN);
305 if (write_len != SALT_LEN) {
306 warnx("failed to write salt to output file");
307 if (write_len < 0) {
308 openssl_warn();
309 }
310 retval = 1;
311 goto out;
312 }
314 if (BIO_flush(bio_out) < 1) {
315 warnx("failed to flush output file");
316 openssl_warn();
317 retval = 1;
318 goto out;
319 }
321 buf = malloc(BUFFER_SIZE);
322 if (buf == NULL) {
323 warn(NULL);
324 retval = 1;
325 goto out;
326 }
328 /* encrypt data */
329 while ((read_len = BIO_read(bio_in, buf, BUFFER_SIZE)) > 0) {
330 if ((write_len = BIO_write(bio_cipher, buf, read_len)) !=
331 read_len) {
332 warnx("failed to write to output file");
333 if (write_len < 0) {
334 openssl_warn();
335 }
336 retval = 1;
337 goto out;
338 }
339 }
340 if (read_len < 0) {
341 warnx("failed to read from input file");
342 openssl_warn();
343 retval = 1;
344 goto out;
345 }
347 if (BIO_flush(bio_cipher) < 1) {
348 warnx("failed to flush output file");
349 openssl_warn();
350 retval = 1;
351 goto out;
352 }
354 out:
355 free(buf);
357 if (bio_cipher != NULL) {
358 BIO_pop(bio_cipher);
359 BIO_free(bio_cipher);
360 }
362 return (retval);
363 }
365 static int
366 sdecrypt(const EVP_CIPHER *cipher, BIO *bio_in, BIO *bio_out,
367 const unsigned char *key, size_t key_len, const unsigned char *iv)
368 {
369 int read_len;
370 BIO *bio_cipher = NULL;
371 int write_len;
372 char *buf = NULL;
373 EVP_CIPHER_CTX *cipher_ctx;
374 int retval = 0;
376 buf = malloc(BUFFER_SIZE);
377 if (buf == NULL) {
378 warn(NULL);
379 retval = 1;
380 goto out;
381 }
383 /* set up cipher filter */
384 bio_cipher = BIO_new(BIO_f_cipher());
385 BIO_set_cipher(bio_cipher, cipher, NULL, NULL, 0);
386 BIO_get_cipher_ctx(bio_cipher, &cipher_ctx);
387 if (EVP_CIPHER_CTX_set_key_length(cipher_ctx, (int)key_len) != 1) {
388 warnx("failed to set key length");
389 openssl_warn();
390 retval = 1;
391 goto out;
392 }
393 if (EVP_CipherInit_ex(cipher_ctx, NULL, NULL, key, iv, 0) != 1) {
394 warnx("failed to initialize cipher");
395 openssl_warn();
396 retval = 1;
397 goto out;
398 }
399 BIO_push(bio_cipher, bio_in);
401 /* decrypt data */
402 while ((read_len = BIO_read(bio_cipher, buf, BUFFER_SIZE)) > 0) {
403 if ((write_len = BIO_write(bio_out, buf, read_len)) !=
404 read_len) {
405 warnx("failed to write to to output file");
406 if (write_len < 0) {
407 openssl_warn();
408 }
409 retval = 1;
410 goto out;
411 }
412 }
413 if (read_len < 0) {
414 warnx("failed to read from input file");
415 openssl_warn();
416 retval = 1;
417 goto out;
418 }
420 if (BIO_flush(bio_out) < 1) {
421 warnx("failed to flush output file");
422 openssl_warn();
423 retval = 1;
424 goto out;
425 }
427 if (BIO_get_cipher_status(bio_cipher) == 0) {
428 warnx("decryption failed");
429 openssl_warn();
430 retval = 1;
431 goto out;
432 }
434 out:
435 free(buf);
437 if (bio_cipher != NULL) {
438 BIO_pop(bio_cipher);
439 BIO_free(bio_cipher);
440 }
442 return (retval);
443 }
445 static void
446 list_algorithms(void)
447 {
448 printf("Algorithm Keysize: Min Max (bits)\n"
449 "------------------------------------------\n");
450 printf("%-15s %5u %5u\n", "aes", 128, 256);
451 printf("%-15s %5u %5u\n", "arcfour", 8,
452 EVP_MAX_KEY_LENGTH * 8);
453 printf("%-15s %5u %5u\n", "des", 64, 64);
454 printf("%-15s %5u %5u\n", "3des", 192, 192);
455 }
457 static void
458 usage(int cmd)
459 {
460 if (cmd == CMD_SENCRYPT) {
461 fprintf(stderr, "usage: sencrypt -l | [-v] -a algorithm "
462 "[-k key_file] [-i input_file] [-o output_file]\n");
463 } else if (cmd == CMD_SDECRYPT) {
464 fprintf(stderr, "usage: sdecrypt -l | [-v] -a algorithm "
465 "[-k key_file] [-i input_file] [-o output_file]\n");
466 }
467 }
469 int
470 main(int argc, char *argv[])
471 {
472 char *progname;
473 int cmd;
474 int c;
475 bool aflag = false;
476 char *algo_name = NULL;
477 bool is_algo_rc4 = false;
478 bool iflag = false;
479 char *in_filename = NULL;
480 bool kflag = false;
481 char *key_filename = NULL;
482 bool lflag = false;
483 bool oflag = false;
484 char *out_filename = NULL;
485 bool vflag = false;
486 bool errflag = false;
487 unsigned char key[EVP_MAX_KEY_LENGTH];
488 size_t key_len = 0;
489 size_t key_file_len;
490 const EVP_CIPHER *cipher;
491 BIO *bio_in = NULL;
492 uint32_t iterations = PBKDF2_ITERATIONS;
493 unsigned char iv[EVP_MAX_IV_LENGTH];
494 unsigned char salt[SALT_LEN];
495 BIO *bio_out = NULL;
496 int need_tmpfile = 0;
497 FILE *fp_in;
498 struct stat statbuf_in;
499 struct stat statbuf_out;
500 int fd_tmp = -1;
501 FILE *fp_tmp = NULL;
502 char *out_filename_tmp = NULL;
503 char *out_dir = NULL;
504 char *tmp_filename = NULL;
505 int len;
506 mode_t old_mode;
507 char pwdata[MAX(MAX_PASSWORD_LEN, EVP_MAX_KEY_LENGTH)];
508 size_t pwdata_len = 0;
509 int status = EXIT_SUCCESS;
511 #if OPENSSL_VERSION_NUMBER < 0x10100000L
512 /* initialize OpenSSL */
513 OpenSSL_add_all_algorithms();
514 ERR_load_crypto_strings();
515 OPENSSL_config(NULL);
516 #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
518 progname = strrchr(argv[0], '/');
519 progname = (progname != NULL) ? progname + 1 : argv[0];
520 if ((strcmp(progname, "sencrypt") == 0) ||
521 (strcmp(progname, "encrypt") == 0)) {
522 cmd = CMD_SENCRYPT;
523 } else if ((strcmp(progname, "sdecrypt") == 0) ||
524 (strcmp(progname, "decrypt") == 0)) {
525 cmd = CMD_SDECRYPT;
526 } else {
527 fprintf(stderr, "invalid command name");
528 status = EXIT_FAILURE;
529 goto out;
530 }
532 while (!errflag && (c = getopt(argc, argv, "a:i:k:lo:v")) != -1) {
533 switch (c) {
534 case 'a':
535 aflag = true;
536 algo_name = optarg;
537 is_algo_rc4 = (strcmp(algo_name, "arcfour") == 0);
538 break;
539 case 'i':
540 iflag = true;
541 in_filename = optarg;
542 break;
543 case 'k':
544 kflag = true;
545 key_filename = optarg;
546 break;
547 case 'l':
548 lflag = true;
549 break;
550 case 'o':
551 oflag = true;
552 out_filename = optarg;
553 break;
554 case 'v':
555 vflag = true;
556 break;
557 default:
558 errflag = true;
559 }
560 }
561 if (errflag || (!lflag && !aflag) || (lflag && aflag) ||
562 (argc > optind)) {
563 usage(cmd);
564 status = EXIT_USAGE;
565 goto out;
566 }
568 if (lflag) {
569 list_algorithms();
570 goto out;
571 }
573 if (kflag) {
574 key_file_len = read_keyfile(key_filename, key, sizeof (key));
575 if (key_file_len < 1) {
576 status = EXIT_FAILURE;
577 goto out;
578 }
579 key_len = key_file_len;
580 } else {
581 if (EVP_read_pw_string(pwdata, sizeof (pwdata), "Enter key:",
582 (cmd == CMD_SENCRYPT) ? 1 : 0) != 0) {
583 warnx("could not read passphrase");
584 openssl_warn();
585 status = EXIT_FAILURE;
586 goto out;
587 }
588 pwdata_len = strlen(pwdata);
589 if (pwdata_len < 1) {
590 warnx("invalid passphrase");
591 status = EXIT_FAILURE;
592 goto out;
593 }
594 }
596 /* the cipher is determined based on name and length of the key file */
597 if (find_algorithm(algo_name, &cipher, &key_len) == -1) {
598 status = EXIT_FAILURE;
599 goto out;
600 }
601 if ((cmd == CMD_SENCRYPT) && ((cipher != EVP_aes_128_cbc()) &&
602 (cipher != EVP_aes_192_cbc()) && (cipher != EVP_aes_256_cbc()))) {
603 fprintf(stderr, "warning: the %s algorithm is no longer "
604 "considered secure", algo_name);
605 }
607 if (iflag) {
608 bio_in = BIO_new_file(in_filename, "r");
609 } else {
610 bio_in = BIO_new_fp(stdin, BIO_NOCLOSE);
611 }
612 if (bio_in == NULL) {
613 warnx("could not open input file");
614 openssl_warn();
615 status = EXIT_FAILURE;
616 goto out;
617 }
619 if (cmd == CMD_SENCRYPT) {
620 /* generate random salt and IV */
621 if ((RAND_bytes(salt, sizeof (salt)) != 1) ||
622 (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) != 1)) {
623 /* not enough entropy or unknown error */
624 warnx("failed to generate random data");
625 status = EXIT_FAILURE;
626 goto out;
627 }
628 } else {
629 read_header(bio_in, &iterations, iv,
630 EVP_CIPHER_iv_length(cipher), salt, (int)sizeof (salt));
631 }
633 /*
634 * if no keyfile was given or the RC4 cipher is used, derive the key
635 * from the password and salt
636 */
637 if (kflag && is_algo_rc4) {
638 memcpy(pwdata, key, key_file_len);
639 pwdata_len = key_file_len;
640 }
641 if (!kflag || is_algo_rc4) {
642 if (PKCS5_PBKDF2_HMAC_SHA1(pwdata, (int)pwdata_len, salt,
643 sizeof (salt), (int)iterations, (int)key_len, key) == 0) {
644 warnx("failed to generate key");
645 status = EXIT_FAILURE;
646 goto out;
647 }
648 }
650 if (oflag) {
651 /*
652 * if input and output files are identical, create and write the
653 * output to a temporary file for the output which is then
654 * renamed to out_filename
655 */
656 if (iflag) {
657 BIO_get_fp(bio_in, &fp_in);
658 if (fstat(fileno(fp_in), &statbuf_in) == -1) {
659 warn("could not stat input file");
660 status = EXIT_FAILURE;
661 goto out;
662 }
663 if (stat(out_filename, &statbuf_out) == -1) {
664 if (errno != ENOENT) {
665 warn("could not stat output file");
666 status = EXIT_FAILURE;
667 goto out;
668 }
669 } else if ((statbuf_in.st_ino == statbuf_out.st_ino) &&
670 (statbuf_in.st_dev == statbuf_out.st_dev)) {
671 need_tmpfile = 1;
672 }
673 }
675 if (need_tmpfile) {
676 out_filename_tmp = strdup(out_filename);
677 if (out_filename_tmp == NULL) {
678 warn(NULL);
679 status = EXIT_FAILURE;
680 goto out;
681 }
682 out_dir = dirname(out_filename_tmp);
683 len = snprintf(NULL, 0, "%s/sencryptXXXXXX", out_dir);
684 if (len < 0) {
685 warn(NULL);
686 status = EXIT_FAILURE;
687 goto out;
688 }
689 tmp_filename = malloc((size_t)len + 1);
690 if (tmp_filename == NULL) {
691 warn(NULL);
692 status = EXIT_FAILURE;
693 goto out;
694 }
695 if (snprintf(tmp_filename, (size_t)len + 1,
696 "%s/sencryptXXXXXX", out_dir) != len) {
697 warn(NULL);
698 status = EXIT_FAILURE;
699 goto out;
700 }
701 old_mode = umask(077);
702 fd_tmp = mkstemp(tmp_filename);
703 umask(old_mode);
704 if (fd_tmp == -1) {
705 warn("could not create temporary file");
706 status = EXIT_FAILURE;
707 goto out;
708 }
709 fp_tmp = fdopen(fd_tmp, "w");
710 if (fp_tmp == NULL) {
711 warn("could not open temporary file");
712 status = EXIT_FAILURE;
713 goto out;
714 }
715 fd_tmp = -1;
716 bio_out = BIO_new_fp(fp_tmp, BIO_CLOSE);
717 if (bio_out == NULL) {
718 warnx("could not open temporary file");
719 openssl_warn();
720 status = EXIT_FAILURE;
721 goto out;
722 }
723 fp_tmp = NULL;
724 } else {
725 old_mode = umask(077);
726 bio_out = BIO_new_file(out_filename, "w");
727 umask(old_mode);
728 if (bio_out == NULL) {
729 warnx("could not open output file");
730 openssl_warn();
731 status = EXIT_FAILURE;
732 goto out;
733 }
734 }
735 } else {
736 bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
737 if (bio_out == NULL) {
738 warnx("could not open output file");
739 openssl_warn();
740 status = EXIT_FAILURE;
741 goto out;
742 }
743 }
745 if (cmd == CMD_SENCRYPT) {
746 if (sencrypt(cipher, bio_in, bio_out, key, key_len,
747 iv, salt) == -1) {
748 status = EXIT_FAILURE;
749 }
750 } else {
751 if (sdecrypt(cipher, bio_in, bio_out, key, key_len,
752 iv) == -1) {
753 status = EXIT_FAILURE;
754 }
755 }
757 out:
758 OPENSSL_cleanse(pwdata, pwdata_len);
759 OPENSSL_cleanse(key, key_len);
761 if (fd_tmp != -1) {
762 close(fd_tmp);
763 }
765 if (fp_tmp != NULL) {
766 fclose(fp_tmp);
767 }
769 if (bio_in != NULL) {
770 BIO_free_all(bio_in);
771 }
773 if (bio_out != NULL) {
774 BIO_free_all(bio_out);
776 if (status == 0) {
777 if (need_tmpfile) {
778 if (rename(tmp_filename, out_filename) == -1) {
779 warn("could not create output file");
780 status = EXIT_FAILURE;
781 unlink(tmp_filename);
782 }
783 }
784 } else {
785 if (need_tmpfile) {
786 unlink(tmp_filename);
787 } else if (oflag) {
788 unlink(out_filename);
789 }
790 }
791 }
793 free(out_filename_tmp);
794 free(tmp_filename);
796 #if OPENSSL_VERSION_NUMBER < 0x10100000L
797 EVP_cleanup();
798 ERR_free_strings();
799 CONF_modules_free();
800 #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
802 exit(status);
803 }