2016-05-18 02:18:30 +08:00
|
|
|
/*
|
2024-03-20 20:07:54 +08:00
|
|
|
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
1998-12-21 18:52:47 +08:00
|
|
|
*
|
2018-12-06 20:00:26 +08:00
|
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
2016-05-18 02:18:30 +08:00
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
* https://www.openssl.org/source/license.html
|
1998-12-21 18:52:47 +08:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
2016-01-12 09:40:38 +08:00
|
|
|
#include <limits.h>
|
1998-12-21 18:52:47 +08:00
|
|
|
#include "apps.h"
|
2018-01-31 18:13:10 +08:00
|
|
|
#include "progs.h"
|
1999-04-24 06:13:45 +08:00
|
|
|
#include <openssl/bio.h>
|
|
|
|
#include <openssl/err.h>
|
|
|
|
#include <openssl/evp.h>
|
|
|
|
#include <openssl/objects.h>
|
|
|
|
#include <openssl/x509.h>
|
1999-11-16 10:49:25 +08:00
|
|
|
#include <openssl/rand.h>
|
1999-04-24 06:13:45 +08:00
|
|
|
#include <openssl/pem.h>
|
2014-06-11 21:31:08 +08:00
|
|
|
#ifndef OPENSSL_NO_COMP
|
2008-03-13 05:14:28 +08:00
|
|
|
# include <openssl/comp.h>
|
2014-06-11 21:31:08 +08:00
|
|
|
#endif
|
2000-11-20 12:14:19 +08:00
|
|
|
#include <ctype.h>
|
1998-12-21 18:52:47 +08:00
|
|
|
|
|
|
|
#undef SIZE
|
|
|
|
#undef BSIZE
|
|
|
|
#define SIZE (512)
|
|
|
|
#define BSIZE (8*1024)
|
2000-11-20 12:14:19 +08:00
|
|
|
|
2023-03-09 07:15:54 +08:00
|
|
|
#define PBKDF2_ITER_DEFAULT 10000
|
|
|
|
#define STR(a) XSTR(a)
|
|
|
|
#define XSTR(a) #a
|
|
|
|
|
2017-10-10 05:53:21 +08:00
|
|
|
static int set_hex(const char *in, unsigned char *out, int size);
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
static void show_ciphers(const OBJ_NAME *name, void *bio_);
|
|
|
|
|
2017-03-09 07:42:25 +08:00
|
|
|
struct doall_enc_ciphers {
|
|
|
|
BIO *bio;
|
|
|
|
int n;
|
|
|
|
};
|
|
|
|
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
typedef enum OPTION_choice {
|
2021-05-01 21:29:00 +08:00
|
|
|
OPT_COMMON,
|
2016-06-25 04:38:08 +08:00
|
|
|
OPT_LIST,
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_ENGINE, OPT_D, OPT_P, OPT_V,
|
|
|
|
OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A,
|
|
|
|
OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE,
|
2016-12-14 23:29:06 +08:00
|
|
|
OPT_UPPER_S, OPT_IV, OPT_MD, OPT_ITER, OPT_PBKDF2, OPT_CIPHER,
|
2023-08-31 15:51:46 +08:00
|
|
|
OPT_SALTLEN, OPT_R_ENUM, OPT_PROV_ENUM
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
} OPTION_CHOICE;
|
|
|
|
|
2016-03-13 21:07:50 +08:00
|
|
|
const OPTIONS enc_options[] = {
|
2019-11-08 04:08:30 +08:00
|
|
|
OPT_SECTION("General"),
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
{"help", OPT_HELP, '-', "Display this summary"},
|
2019-09-16 20:09:01 +08:00
|
|
|
{"list", OPT_LIST, '-', "List ciphers"},
|
2019-11-06 00:28:50 +08:00
|
|
|
#ifndef OPENSSL_NO_DEPRECATED_3_0
|
2019-09-16 20:09:01 +08:00
|
|
|
{"ciphers", OPT_LIST, '-', "Alias for -list"},
|
|
|
|
#endif
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
{"e", OPT_E, '-', "Encrypt"},
|
|
|
|
{"d", OPT_D, '-', "Decrypt"},
|
|
|
|
{"p", OPT_P, '-', "Print the iv/key"},
|
|
|
|
{"P", OPT_UPPER_P, '-', "Print the iv/key and exit"},
|
2019-11-08 04:08:30 +08:00
|
|
|
#ifndef OPENSSL_NO_ENGINE
|
|
|
|
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
|
|
|
#endif
|
|
|
|
|
|
|
|
OPT_SECTION("Input"),
|
|
|
|
{"in", OPT_IN, '<', "Input file"},
|
|
|
|
{"k", OPT_K, 's', "Passphrase"},
|
|
|
|
{"kfile", OPT_KFILE, '<', "Read passphrase from file"},
|
|
|
|
|
|
|
|
OPT_SECTION("Output"),
|
|
|
|
{"out", OPT_OUT, '>', "Output file"},
|
|
|
|
{"pass", OPT_PASS, 's', "Passphrase source"},
|
2016-02-19 01:23:27 +08:00
|
|
|
{"v", OPT_V, '-', "Verbose output"},
|
|
|
|
{"a", OPT_A, '-', "Base64 encode/decode, depending on encryption flag"},
|
|
|
|
{"base64", OPT_A, '-', "Same as option -a"},
|
|
|
|
{"A", OPT_UPPER_A, '-',
|
|
|
|
"Used with -[base64|a] to specify base64 buffer as a single line"},
|
2019-11-08 04:08:30 +08:00
|
|
|
|
|
|
|
OPT_SECTION("Encryption"),
|
|
|
|
{"nopad", OPT_NOPAD, '-', "Disable standard block padding"},
|
|
|
|
{"salt", OPT_SALT, '-', "Use salt in the KDF (default)"},
|
|
|
|
{"nosalt", OPT_NOSALT, '-', "Do not use salt in the KDF"},
|
|
|
|
{"debug", OPT_DEBUG, '-', "Print debug info"},
|
|
|
|
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
{"bufsize", OPT_BUFSIZE, 's', "Buffer size"},
|
2015-05-04 23:33:34 +08:00
|
|
|
{"K", OPT_UPPER_K, 's', "Raw key, in hex"},
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
{"S", OPT_UPPER_S, 's', "Salt, in hex"},
|
|
|
|
{"iv", OPT_IV, 's', "IV in hex"},
|
2016-05-17 13:47:28 +08:00
|
|
|
{"md", OPT_MD, 's', "Use specified digest to create a key from the passphrase"},
|
2023-03-09 07:15:54 +08:00
|
|
|
{"iter", OPT_ITER, 'p',
|
|
|
|
"Specify the iteration count and force the use of PBKDF2"},
|
|
|
|
{OPT_MORE_STR, 0, 0, "Default: " STR(PBKDF2_ITER_DEFAULT)},
|
|
|
|
{"pbkdf2", OPT_PBKDF2, '-',
|
|
|
|
"Use password-based key derivation function 2 (PBKDF2)"},
|
|
|
|
{OPT_MORE_STR, 0, 0,
|
|
|
|
"Use -iter to change the iteration count from " STR(PBKDF2_ITER_DEFAULT)},
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
{"none", OPT_NONE, '-', "Don't encrypt"},
|
2023-08-31 15:51:46 +08:00
|
|
|
{"saltlen", OPT_SALTLEN, 'p', "Specify the PBKDF2 salt length (in bytes)"},
|
|
|
|
{OPT_MORE_STR, 0, 0, "Default: 16"},
|
2022-08-18 05:36:27 +08:00
|
|
|
#ifndef OPENSSL_NO_ZLIB
|
2021-03-10 22:59:13 +08:00
|
|
|
{"z", OPT_Z, '-', "Compress or decompress encrypted data using zlib"},
|
2015-05-16 01:50:38 +08:00
|
|
|
#endif
|
2019-11-08 04:08:30 +08:00
|
|
|
{"", OPT_CIPHER, '-', "Any supported cipher"},
|
|
|
|
|
|
|
|
OPT_R_OPTIONS,
|
2020-02-25 12:29:30 +08:00
|
|
|
OPT_PROV_OPTIONS,
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
{NULL}
|
|
|
|
};
|
|
|
|
|
|
|
|
int enc_main(int argc, char **argv)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
static char buf[128];
|
1999-12-01 04:15:19 +08:00
|
|
|
static const char magic[] = "Salted__";
|
2016-09-29 05:39:18 +08:00
|
|
|
ENGINE *e = NULL;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
|
|
|
|
NULL, *wbio = NULL;
|
|
|
|
EVP_CIPHER_CTX *ctx = NULL;
|
2021-02-18 05:15:27 +08:00
|
|
|
EVP_CIPHER *cipher = NULL;
|
|
|
|
EVP_MD *dgst = NULL;
|
2021-02-09 03:03:35 +08:00
|
|
|
const char *digestname = NULL;
|
2015-04-26 03:41:29 +08:00
|
|
|
char *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p;
|
2021-02-06 04:38:07 +08:00
|
|
|
char *infile = NULL, *outfile = NULL, *prog;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
char *str = NULL, *passarg = NULL, *pass = NULL, *strbuf = NULL;
|
2021-02-06 04:38:07 +08:00
|
|
|
const char *ciphername = NULL;
|
2017-12-08 02:39:34 +08:00
|
|
|
char mbuf[sizeof(magic) - 1];
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
OPTION_CHOICE o;
|
|
|
|
int bsize = BSIZE, verbose = 0, debug = 0, olb64 = 0, nosalt = 0;
|
2015-09-06 23:12:39 +08:00
|
|
|
int enc = 1, printkey = 0, i, k;
|
|
|
|
int base64 = 0, informat = FORMAT_BINARY, outformat = FORMAT_BINARY;
|
2015-12-15 04:24:27 +08:00
|
|
|
int ret = 1, inl, nopad = 0;
|
2000-11-12 10:13:38 +08:00
|
|
|
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
|
2023-08-31 15:51:46 +08:00
|
|
|
unsigned char *buff = NULL, salt[EVP_MAX_IV_LENGTH];
|
|
|
|
int saltlen = 0;
|
2016-12-14 23:29:06 +08:00
|
|
|
int pbkdf2 = 0;
|
|
|
|
int iter = 0;
|
2016-01-12 09:40:38 +08:00
|
|
|
long n;
|
2022-02-12 09:07:34 +08:00
|
|
|
int streamable = 1;
|
|
|
|
int wrap = 0;
|
2017-03-09 07:42:25 +08:00
|
|
|
struct doall_enc_ciphers dec;
|
2022-08-18 05:36:27 +08:00
|
|
|
#ifndef OPENSSL_NO_ZLIB
|
2008-03-13 05:14:28 +08:00
|
|
|
int do_zlib = 0;
|
|
|
|
BIO *bzl = NULL;
|
|
|
|
#endif
|
2021-08-10 04:56:29 +08:00
|
|
|
int do_brotli = 0;
|
|
|
|
BIO *bbrot = NULL;
|
2021-08-10 04:56:37 +08:00
|
|
|
int do_zstd = 0;
|
|
|
|
BIO *bzstd = NULL;
|
2002-02-22 22:01:21 +08:00
|
|
|
|
2021-01-07 16:00:02 +08:00
|
|
|
/* first check the command name */
|
2021-02-06 04:38:07 +08:00
|
|
|
if (strcmp(argv[0], "base64") == 0)
|
2015-09-06 23:12:39 +08:00
|
|
|
base64 = 1;
|
2022-08-18 05:36:27 +08:00
|
|
|
#ifndef OPENSSL_NO_ZLIB
|
2021-02-06 04:38:07 +08:00
|
|
|
else if (strcmp(argv[0], "zlib") == 0)
|
2008-03-13 05:14:28 +08:00
|
|
|
do_zlib = 1;
|
2021-08-10 04:56:29 +08:00
|
|
|
#endif
|
|
|
|
#ifndef OPENSSL_NO_BROTLI
|
|
|
|
else if (strcmp(argv[0], "brotli") == 0)
|
|
|
|
do_brotli = 1;
|
2021-08-10 04:56:37 +08:00
|
|
|
#endif
|
|
|
|
#ifndef OPENSSL_NO_ZSTD
|
|
|
|
else if (strcmp(argv[0], "zstd") == 0)
|
|
|
|
do_zstd = 1;
|
2008-03-13 05:14:28 +08:00
|
|
|
#endif
|
2021-02-06 04:38:07 +08:00
|
|
|
else if (strcmp(argv[0], "enc") != 0)
|
|
|
|
ciphername = argv[0];
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2021-08-24 18:03:12 +08:00
|
|
|
opt_set_unknown_name("cipher");
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
prog = opt_init(argc, argv, enc_options);
|
|
|
|
while ((o = opt_next()) != OPT_EOF) {
|
|
|
|
switch (o) {
|
|
|
|
case OPT_EOF:
|
|
|
|
case OPT_ERR:
|
|
|
|
opthelp:
|
|
|
|
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
|
|
|
goto end;
|
|
|
|
case OPT_HELP:
|
|
|
|
opt_help(enc_options);
|
|
|
|
ret = 0;
|
2016-06-25 04:38:08 +08:00
|
|
|
goto end;
|
|
|
|
case OPT_LIST:
|
2017-02-23 07:11:18 +08:00
|
|
|
BIO_printf(bio_out, "Supported ciphers:\n");
|
2017-03-09 07:42:25 +08:00
|
|
|
dec.bio = bio_out;
|
|
|
|
dec.n = 0;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
|
2017-03-09 07:42:25 +08:00
|
|
|
show_ciphers, &dec);
|
2017-02-23 07:11:18 +08:00
|
|
|
BIO_printf(bio_out, "\n");
|
|
|
|
ret = 0;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
goto end;
|
|
|
|
case OPT_E:
|
1998-12-21 18:52:47 +08:00
|
|
|
enc = 1;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
break;
|
|
|
|
case OPT_IN:
|
|
|
|
infile = opt_arg();
|
|
|
|
break;
|
|
|
|
case OPT_OUT:
|
|
|
|
outfile = opt_arg();
|
|
|
|
break;
|
|
|
|
case OPT_PASS:
|
|
|
|
passarg = opt_arg();
|
|
|
|
break;
|
|
|
|
case OPT_ENGINE:
|
2016-09-29 05:39:18 +08:00
|
|
|
e = setup_engine(opt_arg(), 0);
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
break;
|
|
|
|
case OPT_D:
|
1998-12-21 18:52:47 +08:00
|
|
|
enc = 0;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
break;
|
|
|
|
case OPT_P:
|
1998-12-21 18:52:47 +08:00
|
|
|
printkey = 1;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
break;
|
|
|
|
case OPT_V:
|
1998-12-21 18:52:47 +08:00
|
|
|
verbose = 1;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
break;
|
|
|
|
case OPT_NOPAD:
|
2001-02-14 10:11:52 +08:00
|
|
|
nopad = 1;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
break;
|
|
|
|
case OPT_SALT:
|
1999-11-16 10:49:25 +08:00
|
|
|
nosalt = 0;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
break;
|
|
|
|
case OPT_NOSALT:
|
1999-11-16 10:49:25 +08:00
|
|
|
nosalt = 1;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
break;
|
|
|
|
case OPT_DEBUG:
|
1998-12-21 18:52:47 +08:00
|
|
|
debug = 1;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
break;
|
|
|
|
case OPT_UPPER_P:
|
1998-12-21 18:52:47 +08:00
|
|
|
printkey = 2;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
break;
|
|
|
|
case OPT_UPPER_A:
|
1998-12-21 18:56:39 +08:00
|
|
|
olb64 = 1;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
break;
|
|
|
|
case OPT_A:
|
2015-09-06 23:12:39 +08:00
|
|
|
base64 = 1;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
break;
|
|
|
|
case OPT_Z:
|
2022-08-18 05:36:27 +08:00
|
|
|
#ifndef OPENSSL_NO_ZLIB
|
2008-03-13 05:14:28 +08:00
|
|
|
do_zlib = 1;
|
|
|
|
#endif
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
break;
|
|
|
|
case OPT_BUFSIZE:
|
|
|
|
p = opt_arg();
|
|
|
|
i = (int)strlen(p) - 1;
|
|
|
|
k = i >= 1 && p[i] == 'k';
|
|
|
|
if (k)
|
|
|
|
p[i] = '\0';
|
2016-01-12 09:40:38 +08:00
|
|
|
if (!opt_long(opt_arg(), &n)
|
|
|
|
|| n < 0 || (k && n >= LONG_MAX / 1024))
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
goto opthelp;
|
|
|
|
if (k)
|
|
|
|
n *= 1024;
|
|
|
|
bsize = (int)n;
|
|
|
|
break;
|
|
|
|
case OPT_K:
|
|
|
|
str = opt_arg();
|
|
|
|
break;
|
|
|
|
case OPT_KFILE:
|
2015-09-04 18:49:06 +08:00
|
|
|
in = bio_open_default(opt_arg(), 'r', FORMAT_TEXT);
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
if (in == NULL)
|
|
|
|
goto opthelp;
|
2017-12-08 02:39:34 +08:00
|
|
|
i = BIO_gets(in, buf, sizeof(buf));
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
BIO_free(in);
|
|
|
|
in = NULL;
|
|
|
|
if (i <= 0) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"%s Can't read key from %s\n", prog, opt_arg());
|
|
|
|
goto opthelp;
|
2009-10-05 00:42:56 +08:00
|
|
|
}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
while (--i > 0 && (buf[i] == '\r' || buf[i] == '\n'))
|
|
|
|
buf[i] = '\0';
|
|
|
|
if (i <= 0) {
|
|
|
|
BIO_printf(bio_err, "%s: zero length password\n", prog);
|
|
|
|
goto opthelp;
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
|
|
|
str = buf;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
break;
|
|
|
|
case OPT_UPPER_K:
|
|
|
|
hkey = opt_arg();
|
|
|
|
break;
|
|
|
|
case OPT_UPPER_S:
|
|
|
|
hsalt = opt_arg();
|
|
|
|
break;
|
|
|
|
case OPT_IV:
|
|
|
|
hiv = opt_arg();
|
|
|
|
break;
|
|
|
|
case OPT_MD:
|
2021-02-09 03:03:35 +08:00
|
|
|
digestname = opt_arg();
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
break;
|
|
|
|
case OPT_CIPHER:
|
2021-02-06 04:38:07 +08:00
|
|
|
ciphername = opt_unknown();
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
break;
|
2016-12-14 23:29:06 +08:00
|
|
|
case OPT_ITER:
|
2021-04-21 19:08:21 +08:00
|
|
|
iter = opt_int_arg();
|
2016-12-14 23:29:06 +08:00
|
|
|
pbkdf2 = 1;
|
|
|
|
break;
|
2023-08-31 15:51:46 +08:00
|
|
|
case OPT_SALTLEN:
|
|
|
|
if (!opt_int(opt_arg(), &saltlen))
|
|
|
|
goto opthelp;
|
|
|
|
if (saltlen > (int)sizeof(salt))
|
|
|
|
saltlen = (int)sizeof(salt);
|
|
|
|
break;
|
2016-12-14 23:29:06 +08:00
|
|
|
case OPT_PBKDF2:
|
|
|
|
pbkdf2 = 1;
|
|
|
|
if (iter == 0) /* do not overwrite a chosen value */
|
2023-03-09 07:15:54 +08:00
|
|
|
iter = PBKDF2_ITER_DEFAULT;
|
2016-12-14 23:29:06 +08:00
|
|
|
break;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
case OPT_NONE:
|
1998-12-21 18:52:47 +08:00
|
|
|
cipher = NULL;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
break;
|
2017-07-05 22:58:48 +08:00
|
|
|
case OPT_R_CASES:
|
|
|
|
if (!opt_rand(o))
|
|
|
|
goto end;
|
|
|
|
break;
|
2020-02-25 12:29:30 +08:00
|
|
|
case OPT_PROV_CASES:
|
|
|
|
if (!opt_provider(o))
|
|
|
|
goto end;
|
|
|
|
break;
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
|
|
|
}
|
2020-11-29 05:12:58 +08:00
|
|
|
|
|
|
|
/* No extra arguments. */
|
2021-08-27 21:33:18 +08:00
|
|
|
if (!opt_check_rest_arg(NULL))
|
2017-08-21 05:10:48 +08:00
|
|
|
goto opthelp;
|
2021-04-03 18:53:51 +08:00
|
|
|
if (!app_RAND_load())
|
|
|
|
goto end;
|
2023-08-31 15:51:46 +08:00
|
|
|
if (saltlen == 0 || pbkdf2 == 0)
|
|
|
|
saltlen = PKCS5_SALT_LEN;
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2021-02-06 04:38:07 +08:00
|
|
|
/* Get the cipher name, either from progname (if set) or flag. */
|
2021-08-27 21:33:18 +08:00
|
|
|
if (!opt_cipher(ciphername, &cipher))
|
|
|
|
goto opthelp;
|
2022-02-12 09:07:34 +08:00
|
|
|
if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_WRAP_MODE)) {
|
|
|
|
wrap = 1;
|
|
|
|
streamable = 0;
|
|
|
|
}
|
2021-02-09 03:03:35 +08:00
|
|
|
if (digestname != NULL) {
|
|
|
|
if (!opt_md(digestname, &dgst))
|
2021-02-06 04:38:07 +08:00
|
|
|
goto opthelp;
|
|
|
|
}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
if (dgst == NULL)
|
2021-02-18 05:15:27 +08:00
|
|
|
dgst = (EVP_MD *)EVP_sha256();
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2016-12-14 23:29:06 +08:00
|
|
|
if (iter == 0)
|
|
|
|
iter = 1;
|
|
|
|
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
/* It must be large enough for a base64 encoded line */
|
2015-09-06 23:12:39 +08:00
|
|
|
if (base64 && bsize < 80)
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
bsize = 80;
|
|
|
|
if (verbose)
|
|
|
|
BIO_printf(bio_err, "bufsize=%d\n", bsize);
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2022-08-18 05:36:27 +08:00
|
|
|
#ifndef OPENSSL_NO_ZLIB
|
2021-08-10 04:56:29 +08:00
|
|
|
if (do_zlib)
|
|
|
|
base64 = 0;
|
2016-04-13 08:40:39 +08:00
|
|
|
#endif
|
2021-08-10 04:56:29 +08:00
|
|
|
if (do_brotli)
|
|
|
|
base64 = 0;
|
2021-08-10 04:56:37 +08:00
|
|
|
if (do_zstd)
|
|
|
|
base64 = 0;
|
2021-08-10 04:56:29 +08:00
|
|
|
|
|
|
|
if (base64) {
|
|
|
|
if (enc)
|
|
|
|
outformat = FORMAT_BASE64;
|
|
|
|
else
|
|
|
|
informat = FORMAT_BASE64;
|
|
|
|
}
|
2015-09-06 23:12:39 +08:00
|
|
|
|
2015-05-01 05:48:31 +08:00
|
|
|
strbuf = app_malloc(SIZE, "strbuf");
|
|
|
|
buff = app_malloc(EVP_ENCODE_LENGTH(bsize), "evp buffer");
|
2015-01-22 11:40:55 +08:00
|
|
|
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
if (infile == NULL) {
|
2022-03-09 08:00:19 +08:00
|
|
|
if (!streamable && printkey != 2) { /* if just print key and exit, it's ok */
|
2022-02-12 09:07:34 +08:00
|
|
|
BIO_printf(bio_err, "Unstreamable cipher mode\n");
|
|
|
|
goto end;
|
|
|
|
}
|
2015-09-06 23:12:39 +08:00
|
|
|
in = dup_bio_in(informat);
|
2017-06-13 01:24:02 +08:00
|
|
|
} else {
|
2015-09-06 23:12:39 +08:00
|
|
|
in = bio_open_default(infile, 'r', informat);
|
2017-06-13 01:24:02 +08:00
|
|
|
}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
if (in == NULL)
|
|
|
|
goto end;
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2017-06-13 01:24:02 +08:00
|
|
|
if (str == NULL && passarg != NULL) {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
if (!app_passwd(passarg, NULL, &pass, NULL)) {
|
2000-02-17 08:41:43 +08:00
|
|
|
BIO_printf(bio_err, "Error getting password\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
str = pass;
|
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
1998-12-21 18:52:47 +08:00
|
|
|
if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) {
|
2016-03-22 01:08:57 +08:00
|
|
|
if (1) {
|
2017-07-01 18:14:37 +08:00
|
|
|
#ifndef OPENSSL_NO_UI_CONSOLE
|
2016-03-22 01:08:57 +08:00
|
|
|
for (;;) {
|
|
|
|
char prompt[200];
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2017-07-06 08:37:10 +08:00
|
|
|
BIO_snprintf(prompt, sizeof(prompt), "enter %s %s password:",
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
EVP_CIPHER_get0_name(cipher),
|
2017-06-15 08:34:37 +08:00
|
|
|
(enc) ? "encryption" : "decryption");
|
2016-03-22 01:08:57 +08:00
|
|
|
strbuf[0] = '\0';
|
|
|
|
i = EVP_read_pw_string((char *)strbuf, SIZE, prompt, enc);
|
|
|
|
if (i == 0) {
|
|
|
|
if (strbuf[0] == '\0') {
|
|
|
|
ret = 1;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
str = strbuf;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (i < 0) {
|
|
|
|
BIO_printf(bio_err, "bad password read\n");
|
1998-12-21 18:52:47 +08:00
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
}
|
2016-03-22 01:08:57 +08:00
|
|
|
} else {
|
|
|
|
#endif
|
|
|
|
BIO_printf(bio_err, "password required\n");
|
|
|
|
goto end;
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
|
2015-09-06 23:12:39 +08:00
|
|
|
out = bio_open_default(outfile, 'w', outformat);
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
if (out == NULL)
|
|
|
|
goto end;
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2016-04-13 08:43:45 +08:00
|
|
|
if (debug) {
|
2021-05-25 00:15:57 +08:00
|
|
|
BIO_set_callback_ex(in, BIO_debug_callback_ex);
|
|
|
|
BIO_set_callback_ex(out, BIO_debug_callback_ex);
|
2016-04-13 08:43:45 +08:00
|
|
|
BIO_set_callback_arg(in, (char *)bio_err);
|
|
|
|
BIO_set_callback_arg(out, (char *)bio_err);
|
|
|
|
}
|
|
|
|
|
1999-11-16 10:49:25 +08:00
|
|
|
rbio = in;
|
|
|
|
wbio = out;
|
|
|
|
|
2021-08-10 04:56:29 +08:00
|
|
|
#ifndef OPENSSL_NO_COMP
|
2022-08-18 05:36:27 +08:00
|
|
|
# ifndef OPENSSL_NO_ZLIB
|
2008-03-13 05:14:28 +08:00
|
|
|
if (do_zlib) {
|
|
|
|
if ((bzl = BIO_new(BIO_f_zlib())) == NULL)
|
|
|
|
goto end;
|
2016-04-13 08:43:45 +08:00
|
|
|
if (debug) {
|
2021-05-25 00:15:57 +08:00
|
|
|
BIO_set_callback_ex(bzl, BIO_debug_callback_ex);
|
2016-04-13 08:43:45 +08:00
|
|
|
BIO_set_callback_arg(bzl, (char *)bio_err);
|
|
|
|
}
|
2008-03-13 05:14:28 +08:00
|
|
|
if (enc)
|
|
|
|
wbio = BIO_push(bzl, wbio);
|
|
|
|
else
|
|
|
|
rbio = BIO_push(bzl, rbio);
|
|
|
|
}
|
2021-08-10 04:56:29 +08:00
|
|
|
# endif
|
|
|
|
|
|
|
|
if (do_brotli) {
|
|
|
|
if ((bbrot = BIO_new(BIO_f_brotli())) == NULL)
|
|
|
|
goto end;
|
|
|
|
if (debug) {
|
|
|
|
BIO_set_callback_ex(bbrot, BIO_debug_callback_ex);
|
|
|
|
BIO_set_callback_arg(bbrot, (char *)bio_err);
|
|
|
|
}
|
|
|
|
if (enc)
|
|
|
|
wbio = BIO_push(bbrot, wbio);
|
|
|
|
else
|
|
|
|
rbio = BIO_push(bbrot, rbio);
|
|
|
|
}
|
2021-08-10 04:56:37 +08:00
|
|
|
|
|
|
|
if (do_zstd) {
|
|
|
|
if ((bzstd = BIO_new(BIO_f_zstd())) == NULL)
|
|
|
|
goto end;
|
|
|
|
if (debug) {
|
|
|
|
BIO_set_callback_ex(bzstd, BIO_debug_callback_ex);
|
|
|
|
BIO_set_callback_arg(bzstd, (char *)bio_err);
|
|
|
|
}
|
|
|
|
if (enc)
|
|
|
|
wbio = BIO_push(bzstd, wbio);
|
|
|
|
else
|
|
|
|
rbio = BIO_push(bzstd, rbio);
|
|
|
|
}
|
2008-03-13 05:14:28 +08:00
|
|
|
#endif
|
|
|
|
|
2015-09-06 23:12:39 +08:00
|
|
|
if (base64) {
|
1999-11-16 10:49:25 +08:00
|
|
|
if ((b64 = BIO_new(BIO_f_base64())) == NULL)
|
|
|
|
goto end;
|
|
|
|
if (debug) {
|
2021-05-25 00:15:57 +08:00
|
|
|
BIO_set_callback_ex(b64, BIO_debug_callback_ex);
|
2006-11-30 04:54:57 +08:00
|
|
|
BIO_set_callback_arg(b64, (char *)bio_err);
|
1999-11-16 10:49:25 +08:00
|
|
|
}
|
|
|
|
if (olb64)
|
|
|
|
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
|
|
|
|
if (enc)
|
|
|
|
wbio = BIO_push(b64, wbio);
|
|
|
|
else
|
|
|
|
rbio = BIO_push(b64, rbio);
|
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
1998-12-21 18:52:47 +08:00
|
|
|
if (cipher != NULL) {
|
2017-12-30 23:19:47 +08:00
|
|
|
if (str != NULL) { /* a passphrase is available */
|
1999-11-16 10:49:25 +08:00
|
|
|
/*
|
2017-12-30 23:19:47 +08:00
|
|
|
* Salt handling: if encrypting generate a salt if not supplied,
|
|
|
|
* and write to output BIO. If decrypting use salt from input BIO
|
|
|
|
* if not given with args
|
1999-11-16 10:49:25 +08:00
|
|
|
*/
|
|
|
|
unsigned char *sptr;
|
2016-05-10 00:42:58 +08:00
|
|
|
size_t str_len = strlen(str);
|
|
|
|
|
2017-06-13 01:24:02 +08:00
|
|
|
if (nosalt) {
|
1999-11-16 10:49:25 +08:00
|
|
|
sptr = NULL;
|
2017-06-13 01:24:02 +08:00
|
|
|
} else {
|
2023-08-31 15:51:46 +08:00
|
|
|
if (hsalt != NULL && !set_hex(hsalt, salt, saltlen)) {
|
2017-12-30 23:19:47 +08:00
|
|
|
BIO_printf(bio_err, "invalid hex salt value\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
if (enc) { /* encryption */
|
|
|
|
if (hsalt == NULL) {
|
2023-08-31 15:51:46 +08:00
|
|
|
if (RAND_bytes(salt, saltlen) <= 0) {
|
2017-12-30 23:19:47 +08:00
|
|
|
BIO_printf(bio_err, "RAND_bytes failed\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
* If -P option then don't bother writing.
|
|
|
|
* If salt is given, shouldn't either ?
|
|
|
|
*/
|
|
|
|
if ((printkey != 2)
|
|
|
|
&& (BIO_write(wbio, magic,
|
|
|
|
sizeof(magic) - 1) != sizeof(magic) - 1
|
|
|
|
|| BIO_write(wbio,
|
|
|
|
(char *)salt,
|
2023-08-31 15:51:46 +08:00
|
|
|
saltlen) != saltlen)) {
|
2017-12-30 23:19:47 +08:00
|
|
|
BIO_printf(bio_err, "error writing output file\n");
|
1999-11-16 10:49:25 +08:00
|
|
|
goto end;
|
|
|
|
}
|
2017-06-13 01:24:02 +08:00
|
|
|
}
|
2017-12-30 23:19:47 +08:00
|
|
|
} else { /* decryption */
|
|
|
|
if (hsalt == NULL) {
|
|
|
|
if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)) {
|
|
|
|
BIO_printf(bio_err, "error reading input file\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
if (memcmp(mbuf, magic, sizeof(mbuf)) == 0) { /* file IS salted */
|
|
|
|
if (BIO_read(rbio, salt,
|
2023-08-31 15:51:46 +08:00
|
|
|
saltlen) != saltlen) {
|
2017-12-30 23:19:47 +08:00
|
|
|
BIO_printf(bio_err, "error reading input file\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
} else { /* file is NOT salted, NO salt available */
|
|
|
|
BIO_printf(bio_err, "bad magic number\n");
|
|
|
|
goto end;
|
|
|
|
}
|
1999-11-16 10:49:25 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
sptr = salt;
|
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2016-12-14 23:29:06 +08:00
|
|
|
if (pbkdf2 == 1) {
|
|
|
|
/*
|
|
|
|
* derive key and default iv
|
|
|
|
* concatenated into a temporary buffer
|
|
|
|
*/
|
|
|
|
unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH];
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
int iklen = EVP_CIPHER_get_key_length(cipher);
|
|
|
|
int ivlen = EVP_CIPHER_get_iv_length(cipher);
|
2016-12-14 23:29:06 +08:00
|
|
|
/* not needed if HASH_UPDATE() is fixed : */
|
2023-08-31 15:51:46 +08:00
|
|
|
int islen = (sptr != NULL ? saltlen : 0);
|
|
|
|
|
2016-12-14 23:29:06 +08:00
|
|
|
if (!PKCS5_PBKDF2_HMAC(str, str_len, sptr, islen,
|
|
|
|
iter, dgst, iklen+ivlen, tmpkeyiv)) {
|
|
|
|
BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
/* split and move data back to global buffer */
|
|
|
|
memcpy(key, tmpkeyiv, iklen);
|
|
|
|
memcpy(iv, tmpkeyiv+iklen, ivlen);
|
|
|
|
} else {
|
|
|
|
BIO_printf(bio_err, "*** WARNING : "
|
|
|
|
"deprecated key derivation used.\n"
|
|
|
|
"Using -iter or -pbkdf2 would be better.\n");
|
|
|
|
if (!EVP_BytesToKey(cipher, dgst, sptr,
|
|
|
|
(unsigned char *)str, str_len,
|
|
|
|
1, key, iv)) {
|
|
|
|
BIO_printf(bio_err, "EVP_BytesToKey failed\n");
|
|
|
|
goto end;
|
|
|
|
}
|
2011-11-14 08:36:10 +08:00
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
/*
|
|
|
|
* zero the complete buffer or the string passed from the command
|
2017-10-11 05:55:09 +08:00
|
|
|
* line.
|
1998-12-21 18:52:47 +08:00
|
|
|
*/
|
|
|
|
if (str == strbuf)
|
2002-11-28 16:04:36 +08:00
|
|
|
OPENSSL_cleanse(str, SIZE);
|
1998-12-21 18:52:47 +08:00
|
|
|
else
|
2016-05-10 00:42:58 +08:00
|
|
|
OPENSSL_cleanse(str, str_len);
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
2015-05-04 23:34:40 +08:00
|
|
|
if (hiv != NULL) {
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
int siz = EVP_CIPHER_get_iv_length(cipher);
|
2023-12-10 02:40:01 +08:00
|
|
|
|
2015-05-04 23:34:40 +08:00
|
|
|
if (siz == 0) {
|
2019-03-29 09:31:36 +08:00
|
|
|
BIO_printf(bio_err, "warning: iv not used by this cipher\n");
|
2017-10-10 05:53:21 +08:00
|
|
|
} else if (!set_hex(hiv, iv, siz)) {
|
2015-05-04 23:34:40 +08:00
|
|
|
BIO_printf(bio_err, "invalid hex iv value\n");
|
|
|
|
goto end;
|
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
2009-03-03 23:14:33 +08:00
|
|
|
if ((hiv == NULL) && (str == NULL)
|
2022-02-12 09:07:34 +08:00
|
|
|
&& EVP_CIPHER_get_iv_length(cipher) != 0
|
|
|
|
&& wrap == 0) {
|
2001-07-03 18:31:11 +08:00
|
|
|
/*
|
2016-12-14 23:29:06 +08:00
|
|
|
* No IV was explicitly set and no IV was generated.
|
|
|
|
* Hence the IV is undefined, making correct decryption impossible.
|
2001-07-03 18:31:11 +08:00
|
|
|
*/
|
|
|
|
BIO_printf(bio_err, "iv undefined\n");
|
|
|
|
goto end;
|
|
|
|
}
|
2017-10-17 03:05:10 +08:00
|
|
|
if (hkey != NULL) {
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
if (!set_hex(hkey, key, EVP_CIPHER_get_key_length(cipher))) {
|
2017-10-17 03:05:10 +08:00
|
|
|
BIO_printf(bio_err, "invalid hex key value\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
/* wiping secret data as we no longer need it */
|
2020-05-06 19:51:50 +08:00
|
|
|
cleanse(hkey);
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
1998-12-21 18:52:47 +08:00
|
|
|
if ((benc = BIO_new(BIO_f_cipher())) == NULL)
|
|
|
|
goto end;
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2005-04-30 23:17:05 +08:00
|
|
|
/*
|
|
|
|
* Since we may be changing parameters work on the encryption context
|
|
|
|
* rather than calling BIO_set_cipher().
|
|
|
|
*/
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2005-04-30 23:17:05 +08:00
|
|
|
BIO_get_cipher_ctx(benc, &ctx);
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2022-02-12 09:07:34 +08:00
|
|
|
if (wrap == 1)
|
|
|
|
EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
|
|
|
|
|
2020-07-17 17:52:26 +08:00
|
|
|
if (!EVP_CipherInit_ex(ctx, cipher, e, NULL, NULL, enc)) {
|
2005-04-30 23:17:05 +08:00
|
|
|
BIO_printf(bio_err, "Error setting cipher %s\n",
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
EVP_CIPHER_get0_name(cipher));
|
2005-04-30 23:17:05 +08:00
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
goto end;
|
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2005-04-30 23:17:05 +08:00
|
|
|
if (nopad)
|
2001-02-14 10:11:52 +08:00
|
|
|
EVP_CIPHER_CTX_set_padding(ctx, 0);
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2022-02-12 09:07:34 +08:00
|
|
|
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key,
|
|
|
|
(hiv == NULL && wrap == 1 ? NULL : iv), enc)) {
|
2005-04-30 23:17:05 +08:00
|
|
|
BIO_printf(bio_err, "Error setting cipher %s\n",
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
EVP_CIPHER_get0_name(cipher));
|
2005-04-30 23:17:05 +08:00
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
goto end;
|
2001-02-14 10:11:52 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
1998-12-21 18:52:47 +08:00
|
|
|
if (debug) {
|
2021-05-25 00:15:57 +08:00
|
|
|
BIO_set_callback_ex(benc, BIO_debug_callback_ex);
|
2006-11-30 04:54:57 +08:00
|
|
|
BIO_set_callback_arg(benc, (char *)bio_err);
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
1998-12-21 18:52:47 +08:00
|
|
|
if (printkey) {
|
1999-11-16 10:49:25 +08:00
|
|
|
if (!nosalt) {
|
|
|
|
printf("salt=");
|
2023-08-31 15:51:46 +08:00
|
|
|
for (i = 0; i < (int)saltlen; i++)
|
1999-11-16 10:49:25 +08:00
|
|
|
printf("%02X", salt[i]);
|
|
|
|
printf("\n");
|
|
|
|
}
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
if (EVP_CIPHER_get_key_length(cipher) > 0) {
|
1998-12-21 18:52:47 +08:00
|
|
|
printf("key=");
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
for (i = 0; i < EVP_CIPHER_get_key_length(cipher); i++)
|
1998-12-21 18:52:47 +08:00
|
|
|
printf("%02X", key[i]);
|
|
|
|
printf("\n");
|
|
|
|
}
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
if (EVP_CIPHER_get_iv_length(cipher) > 0) {
|
1998-12-21 18:52:47 +08:00
|
|
|
printf("iv =");
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
for (i = 0; i < EVP_CIPHER_get_iv_length(cipher); i++)
|
1998-12-21 18:52:47 +08:00
|
|
|
printf("%02X", iv[i]);
|
|
|
|
printf("\n");
|
|
|
|
}
|
|
|
|
if (printkey == 2) {
|
|
|
|
ret = 0;
|
|
|
|
goto end;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
1998-12-21 18:52:47 +08:00
|
|
|
/* Only encrypt/decrypt as we write the file */
|
|
|
|
if (benc != NULL)
|
|
|
|
wbio = BIO_push(benc, wbio);
|
2015-01-22 11:40:55 +08:00
|
|
|
|
openssl dgst, openssl enc: check for end of input
The input reading loop in 'openssl dgst' and 'openssl enc' doesn't
check for end of input, and because of the way BIO works, it thereby
won't detect that the end is reached before the read is an error.
With the FILE BIO, an error occurs when trying to read past EOF, which
is fairly much ok, except when the command is used interactively, at
least on Unix. The result in that case is that the user has to press
Ctrl-D twice for the command to terminate.
The issue is further complicated because both these commands use
filter BIOs on top of the FILE BIO, so a naïve attempt to check
BIO_eof() doesn't quite solve it, since that only checks the state of
the source/sink BIO, and the filter BIO may have some buffered data
that still needs to be read. Fortunately, there's BIO_pending() that
checks exactly that, if any filter BIO has pending data that needs to
be processed.
We end up having to check both BIO_pending() and BIO_eof().
Thanks to Zsigmond Lőrinczy for the initial effort and inspiration.
Fixes #9355
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9668)
2019-08-22 19:34:16 +08:00
|
|
|
while (BIO_pending(rbio) || !BIO_eof(rbio)) {
|
1998-12-21 18:52:47 +08:00
|
|
|
inl = BIO_read(rbio, (char *)buff, bsize);
|
|
|
|
if (inl <= 0)
|
|
|
|
break;
|
2022-02-12 09:07:34 +08:00
|
|
|
if (!streamable && !BIO_eof(rbio)) { /* do not output data */
|
|
|
|
BIO_printf(bio_err, "Unstreamable cipher mode\n");
|
|
|
|
goto end;
|
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
if (BIO_write(wbio, (char *)buff, inl) != inl) {
|
|
|
|
BIO_printf(bio_err, "error writing output file\n");
|
|
|
|
goto end;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2022-02-12 09:07:34 +08:00
|
|
|
if (!streamable)
|
|
|
|
break;
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
|
|
|
if (!BIO_flush(wbio)) {
|
2023-09-18 22:02:21 +08:00
|
|
|
if (enc)
|
|
|
|
BIO_printf(bio_err, "bad encrypt\n");
|
|
|
|
else
|
|
|
|
BIO_printf(bio_err, "bad decrypt\n");
|
1998-12-21 18:52:47 +08:00
|
|
|
goto end;
|
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
1998-12-21 18:52:47 +08:00
|
|
|
ret = 0;
|
|
|
|
if (verbose) {
|
2017-08-15 21:42:38 +08:00
|
|
|
BIO_printf(bio_err, "bytes read : %8ju\n", BIO_number_read(in));
|
|
|
|
BIO_printf(bio_err, "bytes written: %8ju\n", BIO_number_written(out));
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
|
|
|
end:
|
2000-01-21 19:30:52 +08:00
|
|
|
ERR_print_errors(bio_err);
|
2015-05-01 22:02:07 +08:00
|
|
|
OPENSSL_free(strbuf);
|
|
|
|
OPENSSL_free(buff);
|
2015-03-25 23:31:18 +08:00
|
|
|
BIO_free(in);
|
|
|
|
BIO_free_all(out);
|
|
|
|
BIO_free(benc);
|
|
|
|
BIO_free(b64);
|
2021-02-18 05:15:27 +08:00
|
|
|
EVP_MD_free(dgst);
|
|
|
|
EVP_CIPHER_free(cipher);
|
2022-08-18 05:36:27 +08:00
|
|
|
#ifndef OPENSSL_NO_ZLIB
|
2015-03-25 23:31:18 +08:00
|
|
|
BIO_free(bzl);
|
2008-03-13 05:14:28 +08:00
|
|
|
#endif
|
2021-08-10 04:56:29 +08:00
|
|
|
BIO_free(bbrot);
|
2021-08-10 04:56:37 +08:00
|
|
|
BIO_free(bzstd);
|
2016-09-29 05:39:18 +08:00
|
|
|
release_engine(e);
|
2015-05-01 22:02:07 +08:00
|
|
|
OPENSSL_free(pass);
|
2017-07-06 08:37:10 +08:00
|
|
|
return ret;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
}
|
|
|
|
|
2017-03-09 07:42:25 +08:00
|
|
|
static void show_ciphers(const OBJ_NAME *name, void *arg)
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
{
|
2017-03-09 07:42:25 +08:00
|
|
|
struct doall_enc_ciphers *dec = (struct doall_enc_ciphers *)arg;
|
2017-03-08 09:18:55 +08:00
|
|
|
const EVP_CIPHER *cipher;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
|
|
|
|
if (!islower((unsigned char)*name->name))
|
|
|
|
return;
|
|
|
|
|
2017-03-08 09:18:55 +08:00
|
|
|
/* Filter out ciphers that we cannot use */
|
|
|
|
cipher = EVP_get_cipherbyname(name->name);
|
2021-06-15 12:07:51 +08:00
|
|
|
if (cipher == NULL
|
|
|
|
|| (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0
|
|
|
|
|| EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE)
|
2017-03-08 09:18:55 +08:00
|
|
|
return;
|
|
|
|
|
2017-03-09 07:42:25 +08:00
|
|
|
BIO_printf(dec->bio, "-%-25s", name->name);
|
|
|
|
if (++dec->n == 3) {
|
|
|
|
BIO_printf(dec->bio, "\n");
|
|
|
|
dec->n = 0;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
} else
|
2017-03-09 07:42:25 +08:00
|
|
|
BIO_printf(dec->bio, " ");
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
|
|
|
|
2017-10-10 05:53:21 +08:00
|
|
|
static int set_hex(const char *in, unsigned char *out, int size)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
|
|
|
int i, n;
|
|
|
|
unsigned char j;
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2017-10-10 05:53:21 +08:00
|
|
|
i = size * 2;
|
1998-12-21 18:52:47 +08:00
|
|
|
n = strlen(in);
|
2017-10-10 05:53:21 +08:00
|
|
|
if (n > i) {
|
|
|
|
BIO_printf(bio_err, "hex string is too long, ignoring excess\n");
|
|
|
|
n = i; /* ignore exceeding part */
|
|
|
|
} else if (n < i) {
|
|
|
|
BIO_printf(bio_err, "hex string is too short, padding with zero bytes to length\n");
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
2017-10-10 05:53:21 +08:00
|
|
|
|
1998-12-21 18:52:47 +08:00
|
|
|
memset(out, 0, size);
|
|
|
|
for (i = 0; i < n; i++) {
|
2017-10-10 05:53:21 +08:00
|
|
|
j = (unsigned char)*in++;
|
2015-04-30 02:15:50 +08:00
|
|
|
if (!isxdigit(j)) {
|
1998-12-21 18:52:47 +08:00
|
|
|
BIO_printf(bio_err, "non-hex digit\n");
|
2017-07-06 08:37:10 +08:00
|
|
|
return 0;
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
2016-04-14 03:58:28 +08:00
|
|
|
j = (unsigned char)OPENSSL_hexchar2int(j);
|
1998-12-21 18:52:47 +08:00
|
|
|
if (i & 1)
|
|
|
|
out[i / 2] |= j;
|
|
|
|
else
|
|
|
|
out[i / 2] = (j << 4);
|
|
|
|
}
|
2017-07-06 08:37:10 +08:00
|
|
|
return 1;
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|