xref: /freebsd/crypto/openssl/apps/enc.c (revision 313376588638950ba1e93c403dd8c97bc52fd3a2)
1 /* apps/enc.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 
59 #include <stdio.h>
60 #include <stdlib.h>
61 #include <string.h>
62 #include "apps.h"
63 #include <openssl/bio.h>
64 #include <openssl/err.h>
65 #include <openssl/evp.h>
66 #include <openssl/objects.h>
67 #include <openssl/x509.h>
68 #include <openssl/rand.h>
69 #include <openssl/pem.h>
70 #ifndef OPENSSL_NO_COMP
71 #include <openssl/comp.h>
72 #endif
73 #include <ctype.h>
74 
75 int set_hex(char *in,unsigned char *out,int size);
76 #undef SIZE
77 #undef BSIZE
78 #undef PROG
79 
80 #define SIZE	(512)
81 #define BSIZE	(8*1024)
82 #define	PROG	enc_main
83 
84 static void show_ciphers(const OBJ_NAME *name,void *bio_)
85 	{
86 	BIO *bio=bio_;
87 	static int n;
88 
89 	if(!islower((unsigned char)*name->name))
90 		return;
91 
92 	BIO_printf(bio,"-%-25s",name->name);
93 	if(++n == 3)
94 		{
95 		BIO_printf(bio,"\n");
96 		n=0;
97 		}
98 	else
99 		BIO_printf(bio," ");
100 	}
101 
102 int MAIN(int, char **);
103 
104 int MAIN(int argc, char **argv)
105 	{
106 	static const char magic[]="Salted__";
107 	char mbuf[sizeof magic-1];
108 	char *strbuf=NULL;
109 	unsigned char *buff=NULL,*bufsize=NULL;
110 	int bsize=BSIZE,verbose=0;
111 	int ret=1,inl;
112 	int nopad = 0;
113 	unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH];
114 	unsigned char salt[PKCS5_SALT_LEN];
115 	char *str=NULL, *passarg = NULL, *pass = NULL;
116 	char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
117 	char *md=NULL;
118 	int enc=1,printkey=0,i,base64=0;
119 #ifdef ZLIB
120 	int do_zlib=0;
121 	BIO *bzl = NULL;
122 #endif
123 	int debug=0,olb64=0,nosalt=0;
124 	const EVP_CIPHER *cipher=NULL,*c;
125 	EVP_CIPHER_CTX *ctx = NULL;
126 	char *inf=NULL,*outf=NULL;
127 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
128 #define PROG_NAME_SIZE  39
129 	char pname[PROG_NAME_SIZE+1];
130 #ifndef OPENSSL_NO_ENGINE
131 	char *engine = NULL;
132 #endif
133 	const EVP_MD *dgst=NULL;
134 	int non_fips_allow = 0;
135 
136 	apps_startup();
137 
138 	if (bio_err == NULL)
139 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
140 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
141 
142 	if (!load_config(bio_err, NULL))
143 		goto end;
144 
145 	/* first check the program name */
146 	program_name(argv[0],pname,sizeof pname);
147 	if (strcmp(pname,"base64") == 0)
148 		base64=1;
149 #ifdef ZLIB
150 	if (strcmp(pname,"zlib") == 0)
151 		do_zlib=1;
152 #endif
153 
154 	cipher=EVP_get_cipherbyname(pname);
155 #ifdef ZLIB
156 	if (!do_zlib && !base64 && (cipher == NULL)
157 				&& (strcmp(pname,"enc") != 0))
158 #else
159 	if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0))
160 #endif
161 		{
162 		BIO_printf(bio_err,"%s is an unknown cipher\n",pname);
163 		goto bad;
164 		}
165 
166 	argc--;
167 	argv++;
168 	while (argc >= 1)
169 		{
170 		if	(strcmp(*argv,"-e") == 0)
171 			enc=1;
172 		else if (strcmp(*argv,"-in") == 0)
173 			{
174 			if (--argc < 1) goto bad;
175 			inf= *(++argv);
176 			}
177 		else if (strcmp(*argv,"-out") == 0)
178 			{
179 			if (--argc < 1) goto bad;
180 			outf= *(++argv);
181 			}
182 		else if (strcmp(*argv,"-pass") == 0)
183 			{
184 			if (--argc < 1) goto bad;
185 			passarg= *(++argv);
186 			}
187 #ifndef OPENSSL_NO_ENGINE
188 		else if (strcmp(*argv,"-engine") == 0)
189 			{
190 			if (--argc < 1) goto bad;
191 			engine= *(++argv);
192 			}
193 #endif
194 		else if	(strcmp(*argv,"-d") == 0)
195 			enc=0;
196 		else if	(strcmp(*argv,"-p") == 0)
197 			printkey=1;
198 		else if	(strcmp(*argv,"-v") == 0)
199 			verbose=1;
200 		else if	(strcmp(*argv,"-nopad") == 0)
201 			nopad=1;
202 		else if	(strcmp(*argv,"-salt") == 0)
203 			nosalt=0;
204 		else if	(strcmp(*argv,"-nosalt") == 0)
205 			nosalt=1;
206 		else if	(strcmp(*argv,"-debug") == 0)
207 			debug=1;
208 		else if	(strcmp(*argv,"-P") == 0)
209 			printkey=2;
210 		else if	(strcmp(*argv,"-A") == 0)
211 			olb64=1;
212 		else if	(strcmp(*argv,"-a") == 0)
213 			base64=1;
214 		else if	(strcmp(*argv,"-base64") == 0)
215 			base64=1;
216 #ifdef ZLIB
217 		else if	(strcmp(*argv,"-z") == 0)
218 			do_zlib=1;
219 #endif
220 		else if (strcmp(*argv,"-bufsize") == 0)
221 			{
222 			if (--argc < 1) goto bad;
223 			bufsize=(unsigned char *)*(++argv);
224 			}
225 		else if (strcmp(*argv,"-k") == 0)
226 			{
227 			if (--argc < 1) goto bad;
228 			str= *(++argv);
229 			}
230 		else if (strcmp(*argv,"-kfile") == 0)
231 			{
232 			static char buf[128];
233 			FILE *infile;
234 			char *file;
235 
236 			if (--argc < 1) goto bad;
237 			file= *(++argv);
238 			infile=fopen(file,"r");
239 			if (infile == NULL)
240 				{
241 				BIO_printf(bio_err,"unable to read key from '%s'\n",
242 					file);
243 				goto bad;
244 				}
245 			buf[0]='\0';
246 			if (!fgets(buf,sizeof buf,infile))
247 				{
248 				BIO_printf(bio_err,"unable to read key from '%s'\n",
249 					file);
250 				goto bad;
251 				}
252 			fclose(infile);
253 			i=strlen(buf);
254 			if ((i > 0) &&
255 				((buf[i-1] == '\n') || (buf[i-1] == '\r')))
256 				buf[--i]='\0';
257 			if ((i > 0) &&
258 				((buf[i-1] == '\n') || (buf[i-1] == '\r')))
259 				buf[--i]='\0';
260 			if (i < 1)
261 				{
262 				BIO_printf(bio_err,"zero length password\n");
263 				goto bad;
264 				}
265 			str=buf;
266 			}
267 		else if (strcmp(*argv,"-K") == 0)
268 			{
269 			if (--argc < 1) goto bad;
270 			hkey= *(++argv);
271 			}
272 		else if (strcmp(*argv,"-S") == 0)
273 			{
274 			if (--argc < 1) goto bad;
275 			hsalt= *(++argv);
276 			}
277 		else if (strcmp(*argv,"-iv") == 0)
278 			{
279 			if (--argc < 1) goto bad;
280 			hiv= *(++argv);
281 			}
282 		else if (strcmp(*argv,"-md") == 0)
283 			{
284 			if (--argc < 1) goto bad;
285 			md= *(++argv);
286 			}
287 		else if (strcmp(*argv,"-non-fips-allow") == 0)
288 			non_fips_allow = 1;
289 		else if	((argv[0][0] == '-') &&
290 			((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
291 			{
292 			cipher=c;
293 			}
294 		else if (strcmp(*argv,"-none") == 0)
295 			cipher=NULL;
296 		else
297 			{
298 			BIO_printf(bio_err,"unknown option '%s'\n",*argv);
299 bad:
300 			BIO_printf(bio_err,"options are\n");
301 			BIO_printf(bio_err,"%-14s input file\n","-in <file>");
302 			BIO_printf(bio_err,"%-14s output file\n","-out <file>");
303 			BIO_printf(bio_err,"%-14s pass phrase source\n","-pass <arg>");
304 			BIO_printf(bio_err,"%-14s encrypt\n","-e");
305 			BIO_printf(bio_err,"%-14s decrypt\n","-d");
306 			BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
307 			BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
308 			BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
309 			BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
310 			BIO_printf(bio_err,"%-14s   from a passphrase.  One of md2, md5, sha or sha1\n","");
311 			BIO_printf(bio_err,"%-14s salt in hex is the next argument\n","-S");
312 			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
313 			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
314 			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
315 			BIO_printf(bio_err,"%-14s disable standard block padding\n","-nopad");
316 #ifndef OPENSSL_NO_ENGINE
317 			BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
318 #endif
319 
320 			BIO_printf(bio_err,"Cipher Types\n");
321 			OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
322 					       show_ciphers,
323 					       bio_err);
324 			BIO_printf(bio_err,"\n");
325 
326 			goto end;
327 			}
328 		argc--;
329 		argv++;
330 		}
331 
332 #ifndef OPENSSL_NO_ENGINE
333         setup_engine(bio_err, engine, 0);
334 #endif
335 
336 	if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
337 		{
338 		BIO_printf(bio_err, "AEAD ciphers not supported by the enc utility\n");
339 		goto end;
340 		}
341 
342 	if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE))
343 		{
344 		BIO_printf(bio_err, "Ciphers in XTS mode are not supported by the enc utility\n");
345 		goto end;
346 		}
347 
348 	if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
349 		{
350 		BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
351 		goto end;
352 		}
353 
354 	if (dgst == NULL)
355 		{
356 		dgst = EVP_md5();
357 		}
358 
359 	if (bufsize != NULL)
360 		{
361 		unsigned long n;
362 
363 		for (n=0; *bufsize; bufsize++)
364 			{
365 			i= *bufsize;
366 			if ((i <= '9') && (i >= '0'))
367 				n=n*10+i-'0';
368 			else if (i == 'k')
369 				{
370 				n*=1024;
371 				bufsize++;
372 				break;
373 				}
374 			}
375 		if (*bufsize != '\0')
376 			{
377 			BIO_printf(bio_err,"invalid 'bufsize' specified.\n");
378 			goto end;
379 			}
380 
381 		/* It must be large enough for a base64 encoded line */
382 		if (base64 && n < 80) n=80;
383 
384 		bsize=(int)n;
385 		if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
386 		}
387 
388 	strbuf=OPENSSL_malloc(SIZE);
389 	buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
390 	if ((buff == NULL) || (strbuf == NULL))
391 		{
392 		BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
393 		goto end;
394 		}
395 
396 	in=BIO_new(BIO_s_file());
397 	out=BIO_new(BIO_s_file());
398 	if ((in == NULL) || (out == NULL))
399 		{
400 		ERR_print_errors(bio_err);
401 		goto end;
402 		}
403 	if (debug)
404 		{
405 		BIO_set_callback(in,BIO_debug_callback);
406 		BIO_set_callback(out,BIO_debug_callback);
407 		BIO_set_callback_arg(in,(char *)bio_err);
408 		BIO_set_callback_arg(out,(char *)bio_err);
409 		}
410 
411 	if (inf == NULL)
412 	        {
413 #ifndef OPENSSL_NO_SETVBUF_IONBF
414 		if (bufsize != NULL)
415 			setvbuf(stdin, (char *)NULL, _IONBF, 0);
416 #endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
417 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
418 	        }
419 	else
420 		{
421 		if (BIO_read_filename(in,inf) <= 0)
422 			{
423 			perror(inf);
424 			goto end;
425 			}
426 		}
427 
428 	if(!str && passarg) {
429 		if(!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
430 			BIO_printf(bio_err, "Error getting password\n");
431 			goto end;
432 		}
433 		str = pass;
434 	}
435 
436 	if ((str == NULL) && (cipher != NULL) && (hkey == NULL))
437 		{
438 		for (;;)
439 			{
440 			char buf[200];
441 
442 			BIO_snprintf(buf,sizeof buf,"enter %s %s password:",
443 				     OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
444 				     (enc)?"encryption":"decryption");
445 			strbuf[0]='\0';
446 			i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
447 			if (i == 0)
448 				{
449 				if (strbuf[0] == '\0')
450 					{
451 					ret=1;
452 					goto end;
453 					}
454 				str=strbuf;
455 				break;
456 				}
457 			if (i < 0)
458 				{
459 				BIO_printf(bio_err,"bad password read\n");
460 				goto end;
461 				}
462 			}
463 		}
464 
465 
466 	if (outf == NULL)
467 		{
468 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
469 #ifndef OPENSSL_NO_SETVBUF_IONBF
470 		if (bufsize != NULL)
471 			setvbuf(stdout, (char *)NULL, _IONBF, 0);
472 #endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
473 #ifdef OPENSSL_SYS_VMS
474 		{
475 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
476 		out = BIO_push(tmpbio, out);
477 		}
478 #endif
479 		}
480 	else
481 		{
482 		if (BIO_write_filename(out,outf) <= 0)
483 			{
484 			perror(outf);
485 			goto end;
486 			}
487 		}
488 
489 	rbio=in;
490 	wbio=out;
491 
492 #ifdef ZLIB
493 
494 	if (do_zlib)
495 		{
496 		if ((bzl=BIO_new(BIO_f_zlib())) == NULL)
497 			goto end;
498 		if (enc)
499 			wbio=BIO_push(bzl,wbio);
500 		else
501 			rbio=BIO_push(bzl,rbio);
502 		}
503 #endif
504 
505 	if (base64)
506 		{
507 		if ((b64=BIO_new(BIO_f_base64())) == NULL)
508 			goto end;
509 		if (debug)
510 			{
511 			BIO_set_callback(b64,BIO_debug_callback);
512 			BIO_set_callback_arg(b64,(char *)bio_err);
513 			}
514 		if (olb64)
515 			BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
516 		if (enc)
517 			wbio=BIO_push(b64,wbio);
518 		else
519 			rbio=BIO_push(b64,rbio);
520 		}
521 
522 	if (cipher != NULL)
523 		{
524 		/* Note that str is NULL if a key was passed on the command
525 		 * line, so we get no salt in that case. Is this a bug?
526 		 */
527 		if (str != NULL)
528 			{
529 			/* Salt handling: if encrypting generate a salt and
530 			 * write to output BIO. If decrypting read salt from
531 			 * input BIO.
532 			 */
533 			unsigned char *sptr;
534 			if(nosalt) sptr = NULL;
535 			else {
536 				if(enc) {
537 					if(hsalt) {
538 						if(!set_hex(hsalt,salt,sizeof salt)) {
539 							BIO_printf(bio_err,
540 								"invalid hex salt value\n");
541 							goto end;
542 						}
543 					} else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
544 						goto end;
545 					/* If -P option then don't bother writing */
546 					if((printkey != 2)
547 					   && (BIO_write(wbio,magic,
548 							 sizeof magic-1) != sizeof magic-1
549 					       || BIO_write(wbio,
550 							    (char *)salt,
551 							    sizeof salt) != sizeof salt)) {
552 						BIO_printf(bio_err,"error writing output file\n");
553 						goto end;
554 					}
555 				} else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf
556 					  || BIO_read(rbio,
557 						      (unsigned char *)salt,
558 				    sizeof salt) != sizeof salt) {
559 					BIO_printf(bio_err,"error reading input file\n");
560 					goto end;
561 				} else if(memcmp(mbuf,magic,sizeof magic-1)) {
562 				    BIO_printf(bio_err,"bad magic number\n");
563 				    goto end;
564 				}
565 
566 				sptr = salt;
567 			}
568 
569 			EVP_BytesToKey(cipher,dgst,sptr,
570 				(unsigned char *)str,
571 				strlen(str),1,key,iv);
572 			/* zero the complete buffer or the string
573 			 * passed from the command line
574 			 * bug picked up by
575 			 * Larry J. Hughes Jr. <hughes@indiana.edu> */
576 			if (str == strbuf)
577 				OPENSSL_cleanse(str,SIZE);
578 			else
579 				OPENSSL_cleanse(str,strlen(str));
580 			}
581 		if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
582 			{
583 			BIO_printf(bio_err,"invalid hex iv value\n");
584 			goto end;
585 			}
586 		if ((hiv == NULL) && (str == NULL)
587 		    && EVP_CIPHER_iv_length(cipher) != 0)
588 			{
589 			/* No IV was explicitly set and no IV was generated
590 			 * during EVP_BytesToKey. Hence the IV is undefined,
591 			 * making correct decryption impossible. */
592 			BIO_printf(bio_err, "iv undefined\n");
593 			goto end;
594 			}
595 		if ((hkey != NULL) && !set_hex(hkey,key,sizeof key))
596 			{
597 			BIO_printf(bio_err,"invalid hex key value\n");
598 			goto end;
599 			}
600 
601 		if ((benc=BIO_new(BIO_f_cipher())) == NULL)
602 			goto end;
603 
604 		/* Since we may be changing parameters work on the encryption
605 		 * context rather than calling BIO_set_cipher().
606 		 */
607 
608 		BIO_get_cipher_ctx(benc, &ctx);
609 
610 		if (non_fips_allow)
611 			EVP_CIPHER_CTX_set_flags(ctx,
612 				EVP_CIPH_FLAG_NON_FIPS_ALLOW);
613 
614 		if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
615 			{
616 			BIO_printf(bio_err, "Error setting cipher %s\n",
617 				EVP_CIPHER_name(cipher));
618 			ERR_print_errors(bio_err);
619 			goto end;
620 			}
621 
622 		if (nopad)
623 			EVP_CIPHER_CTX_set_padding(ctx, 0);
624 
625 		if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
626 			{
627 			BIO_printf(bio_err, "Error setting cipher %s\n",
628 				EVP_CIPHER_name(cipher));
629 			ERR_print_errors(bio_err);
630 			goto end;
631 			}
632 
633 		if (debug)
634 			{
635 			BIO_set_callback(benc,BIO_debug_callback);
636 			BIO_set_callback_arg(benc,(char *)bio_err);
637 			}
638 
639 		if (printkey)
640 			{
641 			if (!nosalt)
642 				{
643 				printf("salt=");
644 				for (i=0; i<(int)sizeof(salt); i++)
645 					printf("%02X",salt[i]);
646 				printf("\n");
647 				}
648 			if (cipher->key_len > 0)
649 				{
650 				printf("key=");
651 				for (i=0; i<cipher->key_len; i++)
652 					printf("%02X",key[i]);
653 				printf("\n");
654 				}
655 			if (cipher->iv_len > 0)
656 				{
657 				printf("iv =");
658 				for (i=0; i<cipher->iv_len; i++)
659 					printf("%02X",iv[i]);
660 				printf("\n");
661 				}
662 			if (printkey == 2)
663 				{
664 				ret=0;
665 				goto end;
666 				}
667 			}
668 		}
669 
670 	/* Only encrypt/decrypt as we write the file */
671 	if (benc != NULL)
672 		wbio=BIO_push(benc,wbio);
673 
674 	for (;;)
675 		{
676 		inl=BIO_read(rbio,(char *)buff,bsize);
677 		if (inl <= 0) break;
678 		if (BIO_write(wbio,(char *)buff,inl) != inl)
679 			{
680 			BIO_printf(bio_err,"error writing output file\n");
681 			goto end;
682 			}
683 		}
684 	if (!BIO_flush(wbio))
685 		{
686 		BIO_printf(bio_err,"bad decrypt\n");
687 		goto end;
688 		}
689 
690 	ret=0;
691 	if (verbose)
692 		{
693 		BIO_printf(bio_err,"bytes read   :%8ld\n",BIO_number_read(in));
694 		BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
695 		}
696 end:
697 	ERR_print_errors(bio_err);
698 	if (strbuf != NULL) OPENSSL_free(strbuf);
699 	if (buff != NULL) OPENSSL_free(buff);
700 	if (in != NULL) BIO_free(in);
701 	if (out != NULL) BIO_free_all(out);
702 	if (benc != NULL) BIO_free(benc);
703 	if (b64 != NULL) BIO_free(b64);
704 #ifdef ZLIB
705 	if (bzl != NULL) BIO_free(bzl);
706 #endif
707 	if(pass) OPENSSL_free(pass);
708 	apps_shutdown();
709 	OPENSSL_EXIT(ret);
710 	}
711 
712 int set_hex(char *in, unsigned char *out, int size)
713 	{
714 	int i,n;
715 	unsigned char j;
716 
717 	n=strlen(in);
718 	if (n > (size*2))
719 		{
720 		BIO_printf(bio_err,"hex string is too long\n");
721 		return(0);
722 		}
723 	memset(out,0,size);
724 	for (i=0; i<n; i++)
725 		{
726 		j=(unsigned char)*in;
727 		*(in++)='\0';
728 		if (j == 0) break;
729 		if ((j >= '0') && (j <= '9'))
730 			j-='0';
731 		else if ((j >= 'A') && (j <= 'F'))
732 			j=j-'A'+10;
733 		else if ((j >= 'a') && (j <= 'f'))
734 			j=j-'a'+10;
735 		else
736 			{
737 			BIO_printf(bio_err,"non-hex digit\n");
738 			return(0);
739 			}
740 		if (i&1)
741 			out[i/2]|=j;
742 		else
743 			out[i/2]=(j<<4);
744 		}
745 	return(1);
746 	}
747